index ef05955b53391f0af9a2fbef0ec20f98e2cd89d6..ce577b39d0d2bc1f573b3dde8a24477d11333fb7 100644 (file)
var $ocMapping= array();
var $savedAclContents= array();
var $myAclObjects = array();
+ var $acl_category = "acl/";
function acl (&$config, $parent, $dn= NULL)
{
$ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
}
while ($attrs= $ldap->fetch()){
- $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+
+ // Allow objects without cn to be listed without causing an error.
+ if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
+ }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
+ }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['dn'];
+ }else{
+ $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+ }
+
}
ksort($this->users);
/* Groups */
$ldap->cd($config->current['BASE']);
- if ($tag == ""){
+# if ($tag == ""){
$ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
- } else {
- $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
- }
+# } else {
+# $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
+# }
while ($attrs= $ldap->fetch()){
$dsc= "";
if (isset($attrs['description'][0])){
}
/* Objects */
- $tmp= session::get('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
$cats = array();
if (isset($this->parent) && $this->parent !== NULL){
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
if(isset($obj->acl_category)){
- $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
+ $tmp= str_replace("/","",$obj->acl_category);
+ $cats[$tmp] = $tmp;
}
}
if (in_array_ics('organizationalUnit', $oc)){
/* Call parent execute */
plugin::execute();
- $tmp= session::get('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
/* Handle posts */
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
+
+ /* Act on HTML post and gets here.
+ */
+ if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+ $id = trim($_GET['id']);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= $id;
+ $this->loadAclEntry();
+ }
+
foreach($_POST as $name => $post){
/* Actions... */
$this->loadAclEntry();
continue;
}
- if (preg_match('/^acl_del_.*_x/', $name)){
- unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
- continue;
- }
if (preg_match('/^cat_edit_.*_x/', $name)){
$this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
}
continue;
}
+
+ /* Only handle posts, if we allowed to modify ACLs */
+ if(!$this->acl_is_writeable("")){
+ continue;
+ }
+
+ if (preg_match('/^acl_del_.*_x/', $name)){
+ unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+ continue;
+ }
+
if (preg_match('/^cat_del_.*_x/', $name)){
$idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
foreach ($this->ocMapping[$idx] as $key){
/* ACL saving... */
if (preg_match('/^acl_.*_[^xy]$/', $name)){
- $aclDialog= TRUE;
list($dummy, $object, $attribute, $value)= split('_', $name);
/* Skip for detection entry */
}
}
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
+ }
+
if($this->acl_is_writeable("")){
/* Only be interested in new acl's, if we're in the right _POST place */
if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
unset($this->aclContents[$oc]);
+ }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
unset($this->aclContents[$this->aclObject.'/'.$oc]);
}else{
# trigger_error("Huhm?");
}
}
+ /* Save common values */
+ if($this->acl_is_writeable("")){
+ foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
+ if (isset($_POST[$key])){
+ $this->$key= validate($_POST[$key]);
+ }
+ }
+ }
+
/* Store ACL in main object? */
if (isset($_POST['submit_new_acl'])){
$this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
}
}
- /* Save common values */
- if($this->acl_is_writeable("")){
- foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
- $this->$key= validate($_POST[$key]);
- }
- }
- }
-
/* Create templating instance */
$smarty= get_smarty();
+ $smarty->assign("acl_readable",$this->acl_is_readable(""));
+ if(!$this->acl_is_readable("")){
+ return ($smarty->fetch (get_template_path('acl.tpl')));
+ }
if ($this->dialogState == 'head'){
/* Draw list */
if(!$this->acl_is_readable("")) continue;
$action ="";
+
+ if($this->acl_is_readable("")){
+ $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
+ }else{
+ $link = $this->assembleAclSummary($entry);
+ }
$field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
- $field2= array("string" => $this->assembleAclSummary($entry));
+ $field2= array("string" => $link);
if($this->acl_is_writeable("")){
- $action.= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
- $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/lists/sort-down.png'>";
+ $action.= "<input type='image' name='sortup_$key' alt='up'
+ title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
+ $action.= "<input type='image' name='sortdown_$key' alt='down'
+ title='"._("Down")."' src='images/lists/sort-down.png'>";
+ }
+
+ if($this->acl_is_readable("")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png'
+ alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
}
-
- $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
-
- if($this->acl_is_removeable()){
- $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+ if($this->acl_is_removeable("")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png'
+ alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
}
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
$summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
}
+ $actions ="";
+ if($this->acl_is_readable("")){
+ $actions= "<input class='center' type='image' src='images/lists/edit.png'
+ alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
+ }
+ if($this->acl_is_removeable()){
+ $actions.= "<input class='center' type='image' src='images/lists/trash.png'
+ alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
+ }
+
$field1= array("string" => $dsc, "attach" => "style='width:100px'");
$field2= array("string" => $summary);
- $action= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
- $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
- $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
+ $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
$aclList->AddEntry(array($field1, $field2, $field3));
}
function sort_by_priority($list)
{
- $tmp= session::get('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
asort($plist);
$newSort = array();
{
$display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
$cols= 3;
- $tmp= session::get('plist');
+ $tmp= session::global_get('plist');
$plist= $tmp->info;
asort($plist);
/* Create sub acl if it does not exist */
if (!isset($this->aclContents[$key])){
$this->aclContents[$key]= array();
+ }
+ if(!isset($this->aclContents[$key][0])){
$this->aclContents[$key][0]= '';
}
+
$currentAcl= $this->aclContents[$key];
/* Get the overall plugin acls
$overall_acl = $currentAcl[0];
}
+ // Detect configured plugins
+ $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
+
/* Object header */
- if(session::get('js')) {
- if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
+
+ if($expand){
+ $back_color = "#C8C8FF";
+ }else{
+ $back_color = "#C8C8C8";
+ }
+
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
$display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
"\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
- "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
- "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
+ "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
+ "\n <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
"\n </tr>";
} else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
$display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
"\n <tr>".
"\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
"\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
- "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
+ "\n <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
"\n </tr>";
} else {
$display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
/* Generate options */
$spc= " ";
-# if ($this->isContainer && $this->aclType != 'base'){
- $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
- $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
- $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
- if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
- $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
- }
- # } else {
- # $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
- # $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
- # if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
- # $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
- # }
- # }
+ $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
+ $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
+ $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
+ if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
+ }
/* Global options */
$more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
/* Walk through the list of attributes */
$cnt= 1;
$splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
- asort($splist);
- if(session::get('js')) {
- if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
"\n <td colspan=".$cols.">".
- "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
+ "\n <div id='$tname' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
"\n <table style='width:100%;'>";
} else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+ $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
"\n <td colspan=".$cols.">".
- "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
+ "\n <div id='$tname' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
"\n <table style='width:100%;'>";
+ }else{
}
}
+
+
foreach($splist as $attr => $dsc){
/* Skip pl* attributes, they are internal... */
$display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
}
- if(session::get('js')) {
- if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
$display.= "\n </table>".
"\n </div>".
"\n </td>".
{
$state= $state?"checked":"";
if($this->acl_is_writeable("")){
- return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
- "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
+ return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
+ "\n <label for='acl_$tname'>$text</label>";
}else{
return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
}
{
$rstate= preg_match('/r/', $state)?'checked':'';
$wstate= preg_match('/w/', $state)?'checked':'';
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
if($this->acl_is_writeable("")){
- return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
- "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
- "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
- "\n <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+ return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
+ "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
+ "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
+ "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
}else{
return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
"\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
$summary.= $cn.", ";
}
} else {
- $summary.= _("ACL takes effect for all users");
+ $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
}
return (preg_replace('/, $/', '', $summary));
}
if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
}
/* Refresh users ACLs */
$ui= get_userinfo();
$ui->loadACL();
- session::set('ui',$ui);
+ session::global_set('ui',$ui);
}
{
return (array(
"plShortName" => _("ACL"),
- "plDescription" => _("ACL")._("Access control list").")",
+ "plDescription" => _("ACL")." ("._("Access control list").")",
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
"plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
"objectClass" => array("gosaAcl","gosaRole"))),
"plProvidedAcls"=> array(
- "cn" => _("Role name"),
- "description" => _("Role description"))
+// "cn" => _("Role name"),
+// "description" => _("Role description")
+ )
));
}