diff --git a/include/class_acl.inc b/include/class_acl.inc
index 9a9a396c8f789124b0ead00937fc8707e5d9961a..f5b26e32f21effdef7c567bee067226cc8355290 100644 (file)
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
var $aclObjects= array();
var $aclMyObjects= array();
var $users= array();
var $aclObjects= array();
var $aclMyObjects= array();
var $users= array();
+ var $roles= array();
var $groups= array();
var $recipients= array();
var $isContainer= FALSE;
var $groups= array();
var $recipients= array();
var $isContainer= FALSE;
var $wasNewEntry= FALSE;
var $ocMapping= array();
var $savedAclContents= array();
var $wasNewEntry= FALSE;
var $ocMapping= array();
var $savedAclContents= array();
+ var $myAclObjects = array();
-
- function acl ($config, $parent, $dn= NULL)
+ function acl (&$config, $parent, $dn= NULL)
{
/* Include config object */
plugin::plugin($config, $dn);
{
/* Include config object */
plugin::plugin($config, $dn);
if (isset($this->attrs['gosaAclEntry'])){
for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
$acl= $this->attrs['gosaAclEntry'][$i];
if (isset($this->attrs['gosaAclEntry'])){
for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
$acl= $this->attrs['gosaAclEntry'][$i];
- $this->gosaAclEntry= array_merge($this->gosaAclEntry, $this->explodeACL($acl));
+ $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
}
}
ksort($this->gosaAclEntry);
/* Save parent - we've to know more about it than other plugins... */
}
}
ksort($this->gosaAclEntry);
/* Save parent - we've to know more about it than other plugins... */
- $this->parent= $parent;
+ $this->parent= &$parent;
/* Container? */
/* Container? */
- if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
+ if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
$this->isContainer= TRUE;
}
$this->isContainer= TRUE;
}
}
ksort($this->groups);
}
ksort($this->groups);
+ /* Roles */
+ $ldap->cd($config->current['BASE']);
+ if ($tag == ""){
+ $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
+ } else {
+ $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
+ }
+ while ($attrs= $ldap->fetch()){
+ $dsc= "";
+ if (isset($attrs['description'][0])){
+ $dsc= $attrs['description'][0];
+ }
+
+ $role_id = $attrs['dn'];
+
+ $this->roles[$role_id]['acls'] =array();
+ for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
+ $acl= $attrs['gosaAclTemplate'][$i];
+ $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
+ }
+ $this->roles[$role_id]['description'] = $dsc;
+ $this->roles[$role_id]['cn'] = $attrs['cn'][0];
+ }
+
/* Objects */
$tmp= get_global('plist');
$plist= $tmp->info;
/* Objects */
$tmp= get_global('plist');
$plist= $tmp->info;
- if (isset($this->parent) && $this->parent != NULL){
+ $cats = array();
+ if (isset($this->parent) && $this->parent !== NULL){
$oc= array();
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
$oc= array();
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
+ if(isset($obj->acl_category)){
+ $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
+ }
}
if (in_array_ics('organizationalUnit', $oc)){
$this->isContainer= TRUE;
}
if (in_array_ics('organizationalUnit', $oc)){
$this->isContainer= TRUE;
$oc= $this->attrs['objectClass'];
}
$oc= $this->attrs['objectClass'];
}
-
/* Extract available categories from plugin info list */
foreach ($plist as $class => $acls){
/* Extract available categories from plugin info list */
foreach ($plist as $class => $acls){
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
+
+ if(isset($cats[$data])){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ }
$this->ocMapping[$data][]= $class;
} else {
if (!isset($this->ocMapping[$idx])){
$this->ocMapping[$data][]= $class;
} else {
if (!isset($this->ocMapping[$idx])){
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
- "psub" => _("Complete subtree (permanent)"));
- //"role" => _("Use ACL defined in role"));
+ "psub" => _("Complete subtree (permanent)"),
+ "role" => _("Use ACL defined in role"));
} else {
$this->aclTypes= array("base" => _("Current object"),
"role" => _("Use ACL defined in role"));
} else {
$this->aclTypes= array("base" => _("Current object"),
"role" => _("Use ACL defined in role"));
{
/* Call parent execute */
plugin::execute();
{
/* Call parent execute */
plugin::execute();
-
+
$tmp= get_global('plist');
$plist= $tmp->info;
$tmp= get_global('plist');
$plist= $tmp->info;
$new_acl[$object][$attribute]= $value;
}
}
$new_acl[$object][$attribute]= $value;
}
}
+
+ if(isset($_POST['selected_role'])){
+ $this->aclContents = "";
+ $this->aclContents = base64_decode($_POST['selected_role']);
+ }
}
/* Only be interested in new acl's, if we're in the right _POST place */
}
/* Only be interested in new acl's, if we're in the right _POST place */
if ($this->dialogState == 'head'){
/* Draw list */
if ($this->dialogState == 'head'){
/* Draw list */
- $aclList= new DivSelectBox("aclList");
+ $aclList= new divSelectBox("aclList");
$aclList->SetHeight(450);
/* Fill in entries */
foreach ($this->gosaAclEntry as $key => $entry){
$aclList->SetHeight(450);
/* Fill in entries */
foreach ($this->gosaAclEntry as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
$field2= array("string" => $this->assembleAclSummary($entry));
$action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
$action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
$field2= array("string" => $this->assembleAclSummary($entry));
$action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
$action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
if ($this->dialogState == 'create'){
/* Draw list */
if ($this->dialogState == 'create'){
/* Draw list */
- $aclList= new DivSelectBox("aclList");
+ $aclList= new divSelectBox("aclList");
$aclList->SetHeight(150);
/* Add settings for all categories to the (permanent) list */
$aclList->SetHeight(150);
/* Add settings for all categories to the (permanent) list */
if ($this->aclType == 'base'){
$smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
}
if ($this->aclType == 'base'){
$smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
}
+
+ /* Role selector if scope is base */
+ if ($this->aclType == 'role'){
+ $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
+ $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
+ }
}
if ($this->dialogState == 'edit'){
}
if ($this->dialogState == 'edit'){
if ($this->aclObject == 'all'){
$aclObjects['all']= _("All objects in current subtree");
}
if ($this->aclObject == 'all'){
$aclObjects['all']= _("All objects in current subtree");
}
- $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
+
+ /* Role selector if scope is base */
+ if ($this->aclType == 'role'){
+ $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
+ } else {
+ $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
+ }
}
/* Show main page */
}
/* Show main page */
return ($smarty->fetch (get_template_path('acl.tpl')));
}
return ($smarty->fetch (get_template_path('acl.tpl')));
}
+
function sort_by_priority($list)
{
$tmp= get_global('plist');
$plist= $tmp->info;
asort($plist);
function sort_by_priority($list)
{
$tmp= get_global('plist');
$plist= $tmp->info;
asort($plist);
+ $newSort = array();
foreach($list as $name => $translation){
$na = preg_replace("/^.*\//","",$name);
foreach($list as $name => $translation){
$na = preg_replace("/^.*\//","",$name);
- $prio= $plist[$na]['plPriority'] ;
+ $prio = 0;
+ if(isset($plist[$na]['plPriority'])){
+ $prio= $plist[$na]['plPriority'] ;
+ }
$newSort[$name] = $prio;
}
$newSort[$name] = $prio;
}
return($ret);
}
return($ret);
}
+
+ function buildRoleSelector($list)
+ {
+ $D_List =new divSelectBox("Acl_Roles");
+
+ $selected = $this->aclContents;
+ if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
+ $selected = key($list);
+ }
+
+ $str ="";
+ foreach($list as $dn => $values){
+
+ if($dn == $selected){
+ $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
+ }else{
+ $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
+ }
+
+ $field1 = array("string" => $option) ;
+ $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
+ $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
+
+ $D_List->AddEntry(array($field1,$field2,$field3));
+ }
+ return($D_List->DrawList());
+ }
+
+
function buildAclSelector($list)
{
$display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
function buildAclSelector($list)
{
$display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
{
$state= $state?"checked":"";
return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
{
$state= $state?"checked":"";
return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
- "\n <label for='acl_$name'>$text</label>";
+ "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
}
}
$rstate= preg_match('/r/', $state)?'checked':'';
$wstate= preg_match('/w/', $state)?'checked':'';
return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
$rstate= preg_match('/r/', $state)?'checked':'';
$wstate= preg_match('/w/', $state)?'checked':'';
return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
- "\n <label for='acl_${name}_r'>"._("read")."</label>".
+ "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
"\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
"\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
- "\n <label for='acl_${name}_w'>"._("write")."</label>");
+ "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
}
}
- function explodeACL($acl)
+ static function explodeACL($acl)
{
list($index, $type)= split(':', $acl);
$a= array( $index => array("type" => $type,
{
list($index, $type)= split(':', $acl);
$a= array( $index => array("type" => $type,
- "members" => acl::extractMembers($acl)));
-
+ "members" => acl::extractMembers($acl,$type == "role")));
+
/* Handle different types */
switch ($type){
/* Handle different types */
switch ($type){
break;
case 'role':
break;
case 'role':
- echo "Role";
+ $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
break;
case 'reset':
break;
case 'reset':
print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
$a= array();
}
print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
$a= array();
}
-
return ($a);
}
return ($a);
}
- function extractMembers($acl)
+ static function extractMembers($acl,$role = FALSE)
{
global $config;
$a= array();
/* Rip acl off the string, seperate by ',' and place it in an array */
{
global $config;
$a= array();
/* Rip acl off the string, seperate by ',' and place it in an array */
- $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ if($role){
+ $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ }else{
+ $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ }
if ($ms == $acl){
return $a;
}
if ($ms == $acl){
return $a;
}
}
}
- function extractACL($acl)
+ static function extractACL($acl)
{
/* Rip acl off the string, seperate by ',' and place it in an array */
$as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
{
/* Rip acl off the string, seperate by ',' and place it in an array */
$as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
/* Summarize ACL */
if (isset($entry['acl'])){
$acl= "";
/* Summarize ACL */
if (isset($entry['acl'])){
$acl= "";
- foreach ($entry['acl'] as $name => $object){
- if (count($object)){
- $acl.= "$name, ";
+
+ if($entry['type'] == "role"){
+
+ if(isset($this->roles[$entry['acl']])){
+ $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
+ }else{
+ $summary.= sprintf(_("Role: %s"), "<i>"._("Unknown role, possibly removed")."</i>");
}
}
+ }else{
+ foreach ($entry['acl'] as $name => $object){
+ if (count($object)){
+ $acl.= "$name, ";
+ }
+ }
+ $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
}
}
- $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
}
/* Summarize members */
}
/* Summarize members */
return FALSE;
}
return FALSE;
}
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ $dn = $source['dn'];
+ $acl_c = new acl($this->config, $this->parent,$dn);
+ $this->gosaAclEntry = $acl_c->gosaAclEntry;
+ }
+
function save()
{
function save()
{
$members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
}
}
$members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
}
}
- $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
+
+ if($entry['type'] != "role"){
+ $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
+ }else{
+ $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
+ }
/* ACL's if needed */
if ($entry['type'] != "reset" && $entry['type'] != "role"){
/* ACL's if needed */
if ($entry['type'] != "reset" && $entry['type'] != "role"){
$this->cleanup();
$ldap->modify ($this->attrs);
$this->cleanup();
$ldap->modify ($this->attrs);
+ if(count($this->attrs)){
+ new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ }
+
show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
/* Refresh users ACLs */
show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
/* Refresh users ACLs */
function remove_from_parent()
{
function remove_from_parent()
{
+ plugin::remove_from_parent();
+
+ /* include global link_info */
+ $ldap= $this->config->get_ldap_link();
+
+ $ldap->cd($this->dn);
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
+
+ new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+
+ /* Optionally execute a command after we're done */
+ $this->handle_post_events("remove",array("uid" => $this->uid));
+ }
+
+
+ /* Return plugin informations for acl handling */
+ static function plInfo()
+ {
+ return (array(
+ "plShortName" => _("ACL"),
+ "plDescription" => _("ACL")._("Access control list").")",
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("administration"),
+ "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
+ "objectClass" => array("gosaAcl","gosaRole"))),
+ "plProvidedAcls"=> array(
+ "cn" => _("Role name"),
+ "description" => _("Role description"))
+
+ ));
+ }
+
+
+ /* Remove acls defined for $src */
+ function remove_acl()
+ {
+ $this->remove_acl_for_dn($this->dn);
+ }
+
+
+ /* Remove acls defined for $src */
+ function remove_acl_for_dn($src = "")
+ {
+ if($src == ""){
+ $src = $this->dn;
+ }
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
}
}
+ function update_acl_membership($src,$dst)
+ {
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "U:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "G:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: