diff --git a/gosa-core/plugins/admin/acl/class_aclRole.inc b/gosa-core/plugins/admin/acl/class_aclRole.inc
index e4ffc50a55a595222c7045e85484cd58f14b506e..b78c955e156c7b00831412de4567e57e50a0cf51 100644 (file)
var $cn = "";
var $description = "";
var $orig_dn;
var $cn = "";
var $description = "";
var $orig_dn;
+ var $orig_base;
var $base ="";
function aclrole (&$config, $dn= NULL)
var $base ="";
function aclrole (&$config, $dn= NULL)
$this->base = session::get('CurrentMainBase');
}else{
$this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
$this->base = session::get('CurrentMainBase');
}else{
$this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
- new log("view","aclroles/".get_class($this),$this->dn);
+ new log("view","acl/".get_class($this),$this->dn);
}
/* Load ACL's */
}
/* Load ACL's */
/* Finally - we want to get saved... */
$this->is_account= TRUE;
/* Finally - we want to get saved... */
$this->is_account= TRUE;
+ $this->orig_base = $this->base;
+ $this->orig_dn = $this->dn;
}
}
$plist= $tmp->info;
/* Handle posts */
$plist= $tmp->info;
/* Handle posts */
- if (isset($_POST['new_acl'])){
+ if (isset($_POST['new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
$this->dialog= TRUE;
$this->currentIndex= count($this->gosaAclTemplate);
$this->dialogState= 'create';
$this->dialog= TRUE;
$this->currentIndex= count($this->gosaAclTemplate);
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
+
+ /* Act on HTML post and gets here.
+ */
+ if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+ $id = trim($_GET['id']);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= $id;
+ $this->loadAclEntry();
+ }
+
foreach($_POST as $name => $post){
/* Actions... */
foreach($_POST as $name => $post){
/* Actions... */
$this->loadAclEntry();
continue;
}
$this->loadAclEntry();
continue;
}
- if (preg_match('/^acl_del_.*_x/', $name)){
- unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
- continue;
- }
-
if (preg_match('/^cat_edit_.*_x/', $name)){
$this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
$this->dialogState= 'edit';
if (preg_match('/^cat_edit_.*_x/', $name)){
$this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
$this->dialogState= 'edit';
}
continue;
}
}
continue;
}
- if (preg_match('/^cat_del_.*_x/', $name)){
+
+ if(!$this->acl_is_writeable("gosaAclEntry")){
+ continue;
+ }
+
+ if (preg_match('/^acl_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
+ unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+ continue;
+ }
+
+ if (preg_match('/^cat_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
foreach ($this->ocMapping[$idx] as $key){
unset($this->aclContents["$idx/$key"]);
$idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
foreach ($this->ocMapping[$idx] as $key){
unset($this->aclContents["$idx/$key"]);
}
/* Sorting... */
}
/* Sorting... */
- if (preg_match('/^sortup_.*_x/', $name)){
+ if (preg_match('/^sortup_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
if ($index > 0){
$tmp= $this->gosaAclTemplate[$index];
$index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
if ($index > 0){
$tmp= $this->gosaAclTemplate[$index];
}
continue;
}
}
continue;
}
- if (preg_match('/^sortdown_.*_x/', $name)){
+ if (preg_match('/^sortdown_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
if ($index < count($this->gosaAclTemplate)-1){
$tmp= $this->gosaAclTemplate[$index];
$index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
if ($index < count($this->gosaAclTemplate)-1){
$tmp= $this->gosaAclTemplate[$index];
}
/* ACL saving... */
}
/* ACL saving... */
- if (preg_match('/^acl_.*_[^xy]$/', $name)){
- $aclDialog= TRUE;
+ if (preg_match('/^acl_.*_[^xy]$/', $name) && $this->acl_is_writeable("gosaAclEntry")){
list($dummy, $object, $attribute, $value)= split('_', $name);
/* Skip for detection entry */
list($dummy, $object, $attribute, $value)= split('_', $name);
/* Skip for detection entry */
}
}
}
}
}
}
-
+
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
+ }
+
/* Only be interested in new acl's, if we're in the right _POST place */
if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
/* Only be interested in new acl's, if we're in the right _POST place */
if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
}
/* Store ACL in main object? */
}
/* Store ACL in main object? */
- if (isset($_POST['submit_new_acl'])){
+ if (isset($_POST['submit_new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
$this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
}
/* Save edit acl? */
}
/* Save edit acl? */
- if (isset($_POST['submit_edit_acl'])){
+ if (isset($_POST['submit_edit_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
}
/* Add acl? */
$this->dialogState= 'create';
}
/* Add acl? */
- if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
+ if (isset($_POST['add_acl']) && $_POST['aclObject'] != "" && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'edit';
$this->savedAclContents= array();
foreach ($this->ocMapping[$this->aclObject] as $oc){
$this->dialogState= 'edit';
$this->savedAclContents= array();
foreach ($this->ocMapping[$this->aclObject] as $oc){
/* Save common values */
foreach (array("aclType", "aclObject", "target") as $key){
/* Save common values */
foreach (array("aclType", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
+ if (isset($_POST[$key]) && $this->acl_is_writeable("gosaAclEntry")){
$this->$key= validate($_POST[$key]);
}
}
$this->$key= validate($_POST[$key]);
}
}
/* Draw list */
$aclList= new divSelectBox("aclList");
$aclList->SetHeight(350);
/* Draw list */
$aclList= new divSelectBox("aclList");
$aclList->SetHeight(350);
-
+
/* Fill in entries */
foreach ($this->gosaAclTemplate as $key => $entry){
/* Fill in entries */
foreach ($this->gosaAclTemplate as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
- $field2= array("string" => $this->assembleAclSummary($entry));
- $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
- $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
- $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+
+ if($this->acl_is_readable("")){
+ $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
+ }else{
+ $link = $this->assembleAclSummary($entry);
+ }
+
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
+ $field2= array("string" => $link);
+
+ $action ="";
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input type='image' name='sortup_$key' alt='up'
+ title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
+ $action.= "<input type='image' name='sortdown_$key' alt='down'
+ title='"._("Down")."' src='images/lists/sort-down.png'>";
+ }
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key'
+ title='".msgPool::editButton(_("ACL"))."'>";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key'
+ title='".msgPool::delButton(_("ACL"))."'>";
+ }
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
$aclList->AddEntry(array($field1, $field2, $field3));
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
$aclList->AddEntry(array($field1, $field2, $field3));
$summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary));
}
$summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary));
}
+ $action = "";
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png'
+ alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png'
+ alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
+ }
+
$field1= array("string" => $dsc, "attach" => "style='width:140px'");
$field2= array("string" => $summary);
$field1= array("string" => $dsc, "attach" => "style='width:140px'");
$field2= array("string" => $summary);
- $action= "<input class='center' type='image' src='images/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit categoriy ACL")."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
$aclList->AddEntry(array($field1, $field2, $field3));
}
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
$aclList->AddEntry(array($field1, $field2, $field3));
}
function aclPostHandler()
{
function aclPostHandler()
{
- if (isset($_POST['save_acl'])){
+ if (isset($_POST['save_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->save();
return TRUE;
}
$this->save();
return TRUE;
}
$ldap->cd($this->dn);
$this->cleanup();
$ldap->modify ($this->attrs);
$ldap->cd($this->dn);
$this->cleanup();
$ldap->modify ($this->attrs);
- new log("modify","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("modify","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}else{
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
$ldap->cd($this->dn);
$ldap->add($this->attrs);
}else{
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
$ldap->cd($this->dn);
$ldap->add($this->attrs);
- new log("create","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("create","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
if (!$ldap->success()){
}
if (!$ldap->success()){
}
$ldap->rmDir($this->dn);
}
$ldap->rmDir($this->dn);
- new log("remove","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("remove","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
}
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
}
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
- "plCategory" => array("aclroles" => array("objectClass" => "gosaRole", "description" => _("Access control roles"))),
-
+ "plSection" => array("administration"),
+ "plCategory" => array("acl"),
"plProvidedAcls" => array(
"cn" => _("Name"),
"base" => _("Base"),
"plProvidedAcls" => array(
"cn" => _("Name"),
"base" => _("Base"),
- "description" => _("Description"))
+ "description" => _("Description"),
+ "gosaAclEntry" => _("Permissions"))
));
}
));
}
+ function check()
+ {
+ $message = plugin::check();
+
+ if(empty($this->cn)){
+ $message[] = msgPool::required(_("Name"));
+ }
+
+ if(!count($this->gosaAclTemplate)){
+ $message[] = msgPool::required(_("ACL"));
+ }
+
+ /* Check if we are allowed to create or move this object
+ */
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && $this->base != $this->orig_base && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
+ }
+
+ return($message);
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: