index 0719927c152b6612030f4ea7fa4a3d14839fad84..86f1bbadafee11f2ebb5befbd1f289709da92f40 100644 (file)
}
}
-
}
return ($acl);
}
+
+ /*! \brief Check if the given object (dn) is copyable
+ @param String The object dn
+ @param String The acl category (e.g. users)
+ @param String The acl class (e.g. user)
+ @return Boolean TRUE if the given object is copyable else FALSE
+ */
+ function is_copyable($dn, $object, $class)
+ {
+ return(preg_match("/r/",$this->has_complete_category_acls($dn, $object)));
+ }
+
+
+ /*! \brief Check if the given object (dn) is cutable
+ @param String The object dn
+ @param String The acl category (e.g. users)
+ @param String The acl class (e.g. user)
+ @return Boolean TRUE if the given object is cutable else FALSE
+ */
+ function is_cutable($dn, $object, $class)
+ {
+ $remove = preg_match("/d/",$this->get_permissions($dn,$object."/".$class));
+ $read = preg_match("/r/",$this->has_complete_category_acls($dn, $object));
+ return($remove && $read);
+ }
+
+
+ /*! \brief Checks if we are allowed to paste an object to the given destination ($dn)
+ @param String The destination dn
+ @param String The acl category (e.g. users)
+ @param String The acl class (e.g. user)
+ @return Boolean TRUE if we are allowed to paste an object.
+ */
+ function is_pasteable($dn, $object, $class)
+ {
+ return(preg_match("/w/",$this->has_complete_category_acls($dn, $object)));
+ }
+
+
+ /*! \brief Checks if we are allowed to restore a snapshot for the given dn.
+ @param String The destination dn
+ @param String The acl category (e.g. users)
+ @return Boolean TRUE if we are allowed to restore a snapshot.
+ */
+ function allow_snapshot_restore($dn, $object)
+ {
+ if(!is_array($object)){
+ $object = array($object);
+ }
+ $r = $w = $c = TRUE;
+ foreach($object as $category){
+ $w |= preg_match("/w/",$this->has_complete_category_acls($dn, $category));
+ $c |= preg_match("/c/",$this->has_complete_category_acls($dn, $category));
+ $r |= preg_match("/r/",$this->has_complete_category_acls($dn, $category));
+# print_a(array($category => $w.$c.$r));
+ }
+ return($r);
+ }
+
+
+ /*! \brief Checks if we are allowed to create a snapshot of the given dn.
+ @param String The source dn
+ @param String The acl category (e.g. users)
+ @return Boolean TRUE if we are allowed to restore a snapshot.
+ */
+ function allow_snapshot_create($dn, $object)
+ {
+ $w = preg_match("/w/",$this->has_complete_category_acls($dn, $object));
+ $c = preg_match("/c/",$this->has_complete_category_acls($dn, $object));
+ $r = preg_match("/r/",$this->has_complete_category_acls($dn, $object));
+# print_a(array($object => $w.$c.$r));
+ return($r && $w && $c) ;
+ }
+
function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE)
{
/* Push cache answer? */
$ACL_CACHE = &session::get('ACL_CACHE');
- if (0 && isset($ACL_CACHE["$dn+$object+$attribute"])){
+ if (isset($ACL_CACHE["$dn+$object+$attribute"])){
/* Remove write if needed */
if ($skip_write){
continue;
}
-# /* With user filter */
-# $sdn = preg_replace("/^[^,]*+,/","",$dn);
-# if (isset($subacl['filter']) && !empty($subacl['filter'])){
-#
-# $ldap->cd($sdn);
-# $ldap->ls($subacl['filter'],$sdn);
-# if(!$ldap->count()){
-# continue;
-# }else{
-# $found = FALSE;
-# while($attrs = $ldap->fetch()){
-# echo $attrs['dn']."<br>";
-# if($attrs['dn'] == $dn){
-# $found = TRUE;
-# echo $acl."<br>";;
-# break;
-# }
-# }
-# if(!$found){
-# continue;
-# }
-# }
-# }
-
- /* Per attribute ACL? */
+ /* With user filter */
+ if (isset($subacl['filter']) && !empty($subacl['filter'])){
+ $sdn = preg_replace("/^[^,]*+,/","",$dn);
+ $ldap->cd($sdn);
+ $ldap->ls($subacl['filter'],$sdn);
+ if(!$ldap->count()){
+ continue;
+ }else{
+ $found = FALSE;
+ while($attrs = $ldap->fetch()){
+ if($attrs['dn'] == $dn){
+ $found = TRUE;
+ break;
+ }
+ }
+ if(!$found){
+ continue;
+ }
+ }
+ }
+
+ /* Per attribute ACL? */
if (isset($subacl['acl'][$object][$attribute])){
$acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attribute]);
continue;
/* Assemble string */
$ret= "";
foreach ($acl as $key => $value){
- if ($value != ""){
+ if ($value !== ""){
$ret.= $key;
}
}