[tokkee]

tokkee.org

Code

projects / gosa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Added base check
[gosa.git] / gosa-core / include / class_acl.inc
diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc
index b5852d5cde62ae27e0c1ee432774f0ef52e2478e..3ed4929fabed7195408d9850417264093272ab18 100644 (file)
--- a/gosa-core/include/class_acl.inc
+++ b/gosa-core/include/class_acl.inc
@@ -20,6 +20,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+/*! \brief ACL management plugin */ 
 class acl extends plugin
 {
   /* Definitions */
@@ -87,7 +88,18 @@ class acl extends plugin
       $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
     }
     while ($attrs= $ldap->fetch()){
-      $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+
+      // Allow objects without cn to be listed without causing an error.
+      if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
+        $this->users['U:'.$attrs['dn']]=  $attrs['uid'][0];
+      }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
+        $this->users['U:'.$attrs['dn']]=  $attrs['cn'][0];
+      }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
+        $this->users['U:'.$attrs['dn']]= $attrs['dn'];
+      }else{
+        $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+      }
+
     }
     ksort($this->users);
 
@@ -132,7 +144,7 @@ class acl extends plugin
     }
 
     /* Objects */
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
     $cats = array();
     if (isset($this->parent) && $this->parent !== NULL){
@@ -230,7 +242,7 @@ class acl extends plugin
     /* Call parent execute */
     plugin::execute();
 
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
 
     /* Handle posts */
@@ -245,6 +257,17 @@ class acl extends plugin
     $aclDialog= FALSE;
     $firstedit= FALSE;
 
+    /* Act on HTML post and gets here.
+     */
+    if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+      $id = trim($_GET['id']);
+      $this->dialogState= 'create';
+      $firstedit= TRUE;
+      $this->dialog= TRUE;
+      $this->currentIndex= $id;
+      $this->loadAclEntry();
+    }
+
     foreach($_POST as $name => $post){
 
       /* Actions... */
@@ -308,7 +331,7 @@ class acl extends plugin
 
       /* ACL saving... */
       if (preg_match('/^acl_.*_[^xy]$/', $name)){
-        list($dummy, $object, $attribute, $value)= split('_', $name);
+        list($dummy, $object, $attribute, $value)= explode('_', $name);
 
         /* Skip for detection entry */
         if ($object == 'dummy') {
@@ -456,9 +479,15 @@ class acl extends plugin
         if(!$this->acl_is_readable("")) continue;
 
         $action ="";      
+
+        if($this->acl_is_readable("")){
+          $link = "<a href=?plug=".$_GET['plug']."&amp;id=".$key."&amp;act=edit>".$this->assembleAclSummary($entry)."</a>";
+        }else{
+          $link = $this->assembleAclSummary($entry);
+        }
   
         $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
-        $field2= array("string" => $this->assembleAclSummary($entry));
+        $field2= array("string" => $link);
 
         if($this->acl_is_writeable("")){
           $action.= "<input type='image' name='sortup_$key' alt='up' 
@@ -607,7 +636,7 @@ class acl extends plugin
 
   function sort_by_priority($list)
   {
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
     asort($plist);
     $newSort = array();
@@ -664,7 +693,7 @@ class acl extends plugin
   {
     $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
     $cols= 3;
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
     asort($plist);
 
@@ -708,8 +737,11 @@ class acl extends plugin
       /* Create sub acl if it does not exist */
       if (!isset($this->aclContents[$key])){
         $this->aclContents[$key]= array();
+      }
+      if(!isset($this->aclContents[$key][0])){
         $this->aclContents[$key][0]= '';
       }
+
       $currentAcl= $this->aclContents[$key];
 
       /* Get the overall plugin acls 
@@ -719,22 +751,34 @@ class acl extends plugin
         $overall_acl = $currentAcl[0];
       }
 
+      // Detect configured plugins
+      $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
+
       /* Object header */
                        $tname= preg_replace("/[^a-z0-9]/i","_",$name);
-      if(session::get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
+
+      if($expand){
+        $back_color = "#C8C8FF";
+      }else{
+        $back_color = "#C8C8C8";
+      }
+
+      if(session::global_get('js')) {
+        if(isset($_SERVER['HTTP_USER_AGENT']) && 
+             (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
+             (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
           $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
                      "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
-                     "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divtoggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
+                     "\n    <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+                     "\n    <td align='right' style='background-color:{$back_color};height:1.8em;'>".
+                     "\n    <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
                      "\n  </tr>";
         } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
           $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
                      "\n  <tr>".
                      "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
                      "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divtoggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
+                     "\n    <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
                      "\n  </tr>";
         } else {
           $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
@@ -770,9 +814,9 @@ class acl extends plugin
       /* Walk through the list of attributes */
       $cnt= 1;
       $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
-#      asort($splist);
-      if(session::get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
+      if(session::global_get('js')) {
+        if(isset($_SERVER['HTTP_USER_AGENT']) && 
+            (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
           $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
                      "\n    <td colspan=".$cols.">".
                      "\n      <div id='$tname' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
@@ -782,8 +826,11 @@ class acl extends plugin
                      "\n    <td colspan=".$cols.">".
                      "\n      <div id='$tname' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
                      "\n        <table style='width:100%;'>";
+        }else{
         }
       }
+
+  
       foreach($splist as $attr => $dsc){
 
         /* Skip pl* attributes, they are internal... */
@@ -821,8 +868,11 @@ class acl extends plugin
        $display.= str_repeat("\n    <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'>&nbsp;</td>", $cols-$cnt); 
       }
 
-      if(session::get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
+      if(session::global_get('js')) {
+        if(isset($_SERVER['HTTP_USER_AGENT']) && 
+            (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
+            (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) || 
+            (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
           $display.= "\n        </table>".
                      "\n      </div>".
                      "\n    </td>".
@@ -871,7 +921,7 @@ class acl extends plugin
   static function explodeACL($acl)
   {
 
-    $list= split(':', $acl);
+    $list= explode(':', $acl);
     if(count($list) == 5){
       list($index, $type,$member,$permission,$filter)= $list;
       $filter = base64_decode($filter);
@@ -923,7 +973,7 @@ class acl extends plugin
     if ($ms == $acl){
       return $a;
     }
-    $ma= split(',', $ms);
+    $ma= explode(',', $ms);
 
     /* Decode dn's, fill with informations from LDAP */
     $ldap= $config->get_ldap_link();
@@ -957,14 +1007,14 @@ class acl extends plugin
   {
     /* Rip acl off the string, seperate by ',' and place it in an array */
     $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
-    $aa= split(',', $as);
+    $aa= explode(',', $as);
     $a= array();
 
     /* Dis-assemble single ACLs */
     foreach($aa as $sacl){
       
       /* Dis-assemble field ACLs */
-      $ao= split('#', $sacl);
+      $ao= explode('#', $sacl);
       $gobject= "";
       foreach($ao as $idx => $ssacl){
 
@@ -983,7 +1033,7 @@ class acl extends plugin
         } else {
 
           /* All other entries get appended... */
-          list($field, $facl)= split(';', $ssacl);
+          list($field, $facl)= explode(';', $ssacl);
           $a[$gobject][$field]= $facl;
         }
 
@@ -1019,20 +1069,22 @@ class acl extends plugin
       }
     }
 
+
     /* Summarize members */
-    if ($summary != ""){
-      $summary.= ", ";
-    }
-    if (count($entry['members'])){
-      $summary.= _("Members").": ";
-      foreach ($entry['members'] as $cn){
-        $cn= preg_replace('/ \[.*$/', '', $cn);
-        $summary.= $cn.", ";
+    if(!($this instanceOf aclrole)){
+      if ($summary != ""){
+        $summary.= ", ";
+      }
+      if (count($entry['members'])){
+        $summary.= _("Members").": ";
+        foreach ($entry['members'] as $cn){
+          $cn= preg_replace('/ \[.*$/', '', $cn);
+          $summary.= $cn.", ";
+        }
+      } else {
+        $summary.= "<font color='red'><i>"._("inactive")."&nbsp;-&nbsp;"._("No members")."</i></font>";
       }
-    } else {
-      $summary.= _("ACL takes effect for all users");
     }
-
     return (preg_replace('/, $/', '', $summary));
   }
 
@@ -1167,13 +1219,13 @@ class acl extends plugin
     }
 
     if (!$ldap->success()){
-      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
+      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
     }
 
     /* Refresh users ACLs */
     $ui= get_userinfo();
     $ui->loadACL();
-    session::set('ui',$ui);
+    session::global_set('ui',$ui);
   }
 
 
@@ -1219,37 +1271,56 @@ class acl extends plugin
   /* Remove acls defined for $src */
   function remove_acl()
   {
-    $this->remove_acl_for_dn($this->dn);
+    acl::remove_acl_for($this->dn);
   }
 
 
   /* Remove acls defined for $src */
-  function remove_acl_for_dn($src = "")
-  {
-    if($src == ""){
-      $src = $this->dn;
-    }
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
-    while($attrs = $ldap->fetch()){
-      $acl = new acl($this->config,$this->parent,$attrs['dn']);
-      foreach($acl->gosaAclEntry as $id => $entry){
-        foreach($entry['members'] as $m_id => $member){
-          if($m_id == "U:".$src){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
-            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
-          }
-          if($m_id == "G:".$src){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
-            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
-          }
-        }
+  static function remove_acl_for($dn)
+  {                                  
+    global $config;                  
+
+    $ldap = $config->get_ldap_link();
+    $ldap->cd($config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
+    $new_entries= array();                                                                                      
+    while($attrs = $ldap->fetch()){                                                                             
+      if (!isset($attrs['gosaAclEntry'])) {                                                                     
+        continue;                                                                                               
+      }                                                                                                         
+      unset($attrs['gosaAclEntry']['count']);                                                                   
+
+      // Remove entry directly
+      foreach($attrs['gosaAclEntry'] as $id => $entry){
+        $parts= explode(':',$entry);                     
+        $members= explode(',',$parts[2]);                
+        $new_members= array();                         
+        foreach($members as $member) {                 
+          if (base64_decode($member) != $dn) {         
+            $new_members[]= $member;                   
+          } else {                                     
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
+          }                                                                                                                  
+        }                                                                                                                    
+
+        /* We can completely remove the entry if there are no members anymore */
+        if (count($new_members)) {                                              
+          $parts[2]= implode(",", $new_members);                                
+          $new_entries[]= implode(":", $parts);                                 
+        }                                                                       
+      }                                                                         
+
+      // There should be a modification, so write it back
+      $ldap->cd($attrs['dn']);
+      $new_attrs= array("gosaAclEntry" => $new_entries);
+      $ldap->modify($new_attrs);
+      if (!$ldap->success()){
+        msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
       }
-      $acl -> save();
     }
   }
 
+
   function update_acl_membership($src,$dst)
   {
     $ldap = $this->config->get_ldap_link();
GONICUS system administrator (SVN clone)