diff --git a/include/class_acl.inc b/include/class_acl.inc
index 70facd61d1b2f0a02a0df5445c941946f908189e..f5b26e32f21effdef7c567bee067226cc8355290 100644 (file)
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
var $savedAclContents= array();
var $myAclObjects = array();
var $savedAclContents= array();
var $myAclObjects = array();
- function acl ($config, $parent, $dn= NULL)
+ function acl (&$config, $parent, $dn= NULL)
{
/* Include config object */
plugin::plugin($config, $dn);
{
/* Include config object */
plugin::plugin($config, $dn);
if (isset($this->attrs['gosaAclEntry'])){
for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
$acl= $this->attrs['gosaAclEntry'][$i];
if (isset($this->attrs['gosaAclEntry'])){
for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
$acl= $this->attrs['gosaAclEntry'][$i];
- $this->gosaAclEntry= array_merge($this->gosaAclEntry, $this->explodeACL($acl));
+ $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
}
}
ksort($this->gosaAclEntry);
/* Save parent - we've to know more about it than other plugins... */
}
}
ksort($this->gosaAclEntry);
/* Save parent - we've to know more about it than other plugins... */
- $this->parent= $parent;
+ $this->parent= &$parent;
/* Container? */
/* Container? */
- if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
+ if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
$this->isContainer= TRUE;
}
$this->isContainer= TRUE;
}
$this->roles[$role_id]['acls'] =array();
for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
$acl= $attrs['gosaAclTemplate'][$i];
$this->roles[$role_id]['acls'] =array();
for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
$acl= $attrs['gosaAclTemplate'][$i];
- $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],$this->explodeACL($acl));
+ $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
}
$this->roles[$role_id]['description'] = $dsc;
$this->roles[$role_id]['cn'] = $attrs['cn'][0];
}
$this->roles[$role_id]['description'] = $dsc;
$this->roles[$role_id]['cn'] = $attrs['cn'][0];
/* Objects */
$tmp= get_global('plist');
$plist= $tmp->info;
/* Objects */
$tmp= get_global('plist');
$plist= $tmp->info;
- if (isset($this->parent) && $this->parent != NULL){
+ $cats = array();
+ if (isset($this->parent) && $this->parent !== NULL){
$oc= array();
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
$oc= array();
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
+ if(isset($obj->acl_category)){
+ $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
+ }
}
if (in_array_ics('organizationalUnit', $oc)){
$this->isContainer= TRUE;
}
if (in_array_ics('organizationalUnit', $oc)){
$this->isContainer= TRUE;
$oc= $this->attrs['objectClass'];
}
$oc= $this->attrs['objectClass'];
}
-
/* Extract available categories from plugin info list */
foreach ($plist as $class => $acls){
/* Extract available categories from plugin info list */
foreach ($plist as $class => $acls){
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
+
+ if(isset($cats[$data])){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ }
$this->ocMapping[$data][]= $class;
} else {
if (!isset($this->ocMapping[$idx])){
$this->ocMapping[$data][]= $class;
} else {
if (!isset($this->ocMapping[$idx])){
if ($this->dialogState == 'head'){
/* Draw list */
if ($this->dialogState == 'head'){
/* Draw list */
- $aclList= new DivSelectBox("aclList");
+ $aclList= new divSelectBox("aclList");
$aclList->SetHeight(450);
/* Fill in entries */
$aclList->SetHeight(450);
/* Fill in entries */
if ($this->dialogState == 'create'){
/* Draw list */
if ($this->dialogState == 'create'){
/* Draw list */
- $aclList= new DivSelectBox("aclList");
+ $aclList= new divSelectBox("aclList");
$aclList->SetHeight(150);
/* Add settings for all categories to the (permanent) list */
$aclList->SetHeight(150);
/* Add settings for all categories to the (permanent) list */
function buildRoleSelector($list)
{
function buildRoleSelector($list)
{
- $D_List =new DivSelectBox("Acl_Roles");
+ $D_List =new divSelectBox("Acl_Roles");
$selected = $this->aclContents;
if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
$selected = $this->aclContents;
if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
}
}
- function explodeACL($acl)
+ static function explodeACL($acl)
{
list($index, $type)= split(':', $acl);
$a= array( $index => array("type" => $type,
{
list($index, $type)= split(':', $acl);
$a= array( $index => array("type" => $type,
}
}
- function extractMembers($acl,$role = FALSE)
+ static function extractMembers($acl,$role = FALSE)
{
global $config;
$a= array();
{
global $config;
$a= array();
}
}
- function extractACL($acl)
+ static function extractACL($acl)
{
/* Rip acl off the string, seperate by ',' and place it in an array */
$as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
{
/* Rip acl off the string, seperate by ',' and place it in an array */
$as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
return FALSE;
}
return FALSE;
}
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ $dn = $source['dn'];
+ $acl_c = new acl($this->config, $this->parent,$dn);
+ $this->gosaAclEntry = $acl_c->gosaAclEntry;
+ }
+
function save()
{
function save()
{
$this->cleanup();
$ldap->modify ($this->attrs);
$this->cleanup();
$ldap->modify ($this->attrs);
+ if(count($this->attrs)){
+ new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ }
+
show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
/* Refresh users ACLs */
show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
/* Refresh users ACLs */
$this->cleanup();
$ldap->modify ($this->attrs);
$this->cleanup();
$ldap->modify ($this->attrs);
+ new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+
/* Optionally execute a command after we're done */
$this->handle_post_events("remove",array("uid" => $this->uid));
}
/* Optionally execute a command after we're done */
$this->handle_post_events("remove",array("uid" => $this->uid));
}
+
+ /* Return plugin informations for acl handling */
+ static function plInfo()
+ {
+ return (array(
+ "plShortName" => _("ACL"),
+ "plDescription" => _("ACL")._("Access control list").")",
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("administration"),
+ "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
+ "objectClass" => array("gosaAcl","gosaRole"))),
+ "plProvidedAcls"=> array(
+ "cn" => _("Role name"),
+ "description" => _("Role description"))
+
+ ));
+ }
+
+
+ /* Remove acls defined for $src */
+ function remove_acl()
+ {
+ $this->remove_acl_for_dn($this->dn);
+ }
+
+
+ /* Remove acls defined for $src */
+ function remove_acl_for_dn($src = "")
+ {
+ if($src == ""){
+ $src = $this->dn;
+ }
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
+ }
+
+ function update_acl_membership($src,$dst)
+ {
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "U:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "G:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: