![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/gosa-core/plugins/admin/acl/class_aclRole.inc b/gosa-core/plugins/admin/acl/class_aclRole.inc
index 45462de8f4848472b09a798c67d6d3bdce9a9511..51f19e973dd30bf1252848789c3c7bfa098d4ac6 100644 (file)
/* Role attributes */
var $gosaAclTemplate= "";
var $cn = "";
+ var $orig_cn = "";
var $description = "";
var $orig_dn;
+ var $orig_base;
var $base ="";
+ var $baseSelector;
function aclrole (&$config, $dn= NULL)
{
plugin::plugin($config, $dn);
if($this->dn == "new"){
- $this->base = session::get('CurrentMainBase');
+ $ui = get_userinfo();
+ $this->base= dn2base(session::global_is_set("CurrentMainBase")?"cn=test,".session::global_get("CurrentMainBase"):$ui->dn);
}else{
$this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
- new log("view","aclroles/".get_class($this),$this->dn);
+ new log("view","acl/".get_class($this),$this->dn);
}
/* Load ACL's */
/* Finally - we want to get saved... */
$this->is_account= TRUE;
+ $this->orig_base = $this->base;
+ $this->orig_dn = $this->dn;
+ $this->orig_cn = $this->cn;
+
+ /* Instanciate base selector */
+ $this->baseSelector= new baseSelector($this->get_allowed_bases(), $this->base);
+ $this->baseSelector->setSubmitButton(false);
+ $this->baseSelector->setHeight(300);
+ $this->baseSelector->update(true);
}
/* Call parent execute */
plugin::execute();
- /* Base select dialog */
- $once = true;
- foreach($_POST as $name => $value){
- if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
- $once = false;
- $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
- $this->dialog->setCurrentBase($this->base);
- }
- }
-
- /* Dialog handling */
- if(is_object($this->dialog)){
- /* Must be called before save_object */
- $this->dialog->save_object();
-
- if($this->dialog->isClosed()){
- $this->dialog = false;
- }elseif($this->dialog->isSelected()){
-
- /* Check if selected base is valid */
- $tmp = $this->get_allowed_bases();
- if(isset($tmp[$this->dialog->isSelected()])){
- $this->base = $this->dialog->isSelected();
- }
- $this->dialog= false;
- }else{
- return($this->dialog->execute());
- }
- }
-
$tmp= session::get('plist');
$plist= $tmp->info;
/* Handle posts */
- if (isset($_POST['new_acl'])){
+ if (isset($_POST['new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
$this->dialog= TRUE;
$this->currentIndex= count($this->gosaAclTemplate);
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
+
+ /* Act on HTML post and gets here.
+ */
+ if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+ $id = trim($_GET['id']);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= $id;
+ $this->loadAclEntry();
+ }
+
foreach($_POST as $name => $post){
/* Actions... */
$this->loadAclEntry();
continue;
}
- if (preg_match('/^acl_del_.*_x/', $name)){
- unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
- continue;
- }
-
if (preg_match('/^cat_edit_.*_x/', $name)){
$this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
$this->dialogState= 'edit';
}
continue;
}
- if (preg_match('/^cat_del_.*_x/', $name)){
+
+ if(!$this->acl_is_writeable("gosaAclEntry")){
+ continue;
+ }
+
+ if (preg_match('/^acl_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
+ unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+ continue;
+ }
+
+ if (preg_match('/^cat_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
foreach ($this->ocMapping[$idx] as $key){
unset($this->aclContents["$idx/$key"]);
}
/* Sorting... */
- if (preg_match('/^sortup_.*_x/', $name)){
+ if (preg_match('/^sortup_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
if ($index > 0){
$tmp= $this->gosaAclTemplate[$index];
}
continue;
}
- if (preg_match('/^sortdown_.*_x/', $name)){
+ if (preg_match('/^sortdown_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
if ($index < count($this->gosaAclTemplate)-1){
$tmp= $this->gosaAclTemplate[$index];
}
/* ACL saving... */
- if (preg_match('/^acl_.*_[^xy]$/', $name)){
- $aclDialog= TRUE;
- list($dummy, $object, $attribute, $value)= split('_', $name);
+ if (preg_match('/^acl_.*_[^xy]$/', $name) && $this->acl_is_writeable("gosaAclEntry")){
+ list($dummy, $object, $attribute, $value)= explode('_', $name);
/* Skip for detection entry */
if ($object == 'dummy') {
}
}
}
-
+
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
+ }
+
/* Only be interested in new acl's, if we're in the right _POST place */
if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
}
/* Store ACL in main object? */
- if (isset($_POST['submit_new_acl'])){
+ if (isset($_POST['submit_new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
}
/* Save edit acl? */
- if (isset($_POST['submit_edit_acl'])){
+ if (isset($_POST['submit_edit_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
}
/* Add acl? */
- if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
+ if (isset($_POST['add_acl']) && $_POST['aclObject'] != "" && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'edit';
$this->savedAclContents= array();
foreach ($this->ocMapping[$this->aclObject] as $oc){
/* Save common values */
foreach (array("aclType", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
+ if (isset($_POST[$key]) && $this->acl_is_writeable("gosaAclEntry")){
$this->$key= validate($_POST[$key]);
}
}
/* Create templating instance */
$smarty= get_smarty();
+ $smarty->assign("usePrototype", "true");
- $smarty->assign("bases", $this->get_allowed_bases());
- $smarty->assign("base_select", $this->base);
+ $smarty->assign("base", $this->baseSelector->render());
$tmp = $this->plInfo();
foreach($tmp['plProvidedAcls'] as $name => $translation){
/* Draw list */
$aclList= new divSelectBox("aclList");
$aclList->SetHeight(350);
-
+
/* Fill in entries */
foreach ($this->gosaAclTemplate as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
- $field2= array("string" => $this->assembleAclSummary($entry));
- $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
- $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
- $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+
+ if($this->acl_is_readable("")){
+ $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
+ }else{
+ $link = $this->assembleAclSummary($entry);
+ }
+
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
+ $field2= array("string" => $link);
+
+ $action ="";
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input type='image' name='sortup_$key' alt='up'
+ title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
+ $action.= "<input type='image' name='sortdown_$key' alt='down'
+ title='"._("Down")."' src='images/lists/sort-down.png'>";
+ }
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key'
+ title='".msgPool::editButton(_("ACL"))."'>";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key'
+ title='".msgPool::delButton(_("ACL"))."'>";
+ }
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
$aclList->AddEntry(array($field1, $field2, $field3));
$summary.= "$oc, ";
continue;
}
- if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
- $this->aclContents["$section/$oc"][0] != ""){
-
+ if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
$summary.= "$oc, ";
continue;
}
$summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary));
}
+ $action = "";
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png'
+ alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png'
+ alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
+ }
+
$field1= array("string" => $dsc, "attach" => "style='width:140px'");
$field2= array("string" => $summary);
- $action= "<input class='center' type='image' src='images/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
$aclList->AddEntry(array($field1, $field2, $field3));
}
function aclPostHandler()
{
- if (isset($_POST['save_acl'])){
+ if (isset($_POST['save_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->save();
return TRUE;
}
$ldap->cd($this->dn);
$this->cleanup();
$ldap->modify ($this->attrs);
- new log("modify","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("modify","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}else{
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
$ldap->cd($this->dn);
$ldap->add($this->attrs);
- new log("create","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("create","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
if (!$ldap->success()){
}
$ldap->rmDir($this->dn);
- new log("remove","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("remove","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
}
plugin::save_object();
if(isset($_POST['acl_role_posted'])){
- /* Get base selection */
- if(isset($_POST['base'])){
- $tmp = $this->get_allowed_bases();
- if(isset($tmp[$_POST['base']])){
- $this->base = $_POST['base'];
+ /* Refresh base */
+ if ($this->acl_is_moveable($this->base)){
+ if (!$this->baseSelector->update()) {
+ msg_dialog::display(_("Error"), msgPool::permMove(), ERROR_DIALOG);
+ }
+ if ($this->base != $this->baseSelector->getBase()) {
+ $this->base= $this->baseSelector->getBase();
+ $this->is_modified= TRUE;
}
}
}
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
- "plCategory" => array("aclroles" => array("objectClass" => "gosaRole", "description" => _("Access control roles"))),
-
+ "plSection" => array("administration"),
+ "plCategory" => array("acl"),
"plProvidedAcls" => array(
"cn" => _("Name"),
"base" => _("Base"),
- "description" => _("Description"))
+ "description" => _("Description"),
+ "gosaAclEntry" => _("Permissions"))
));
}
+ function check()
+ {
+ $message = plugin::check();
+
+ if(empty($this->cn)){
+ $message[] = msgPool::required(_("Name"));
+ }
+
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ if($this->cn != $this->orig_cn){
+ $ldap->search("(&(objectClass=gosaRole)(cn=".$this->cn."))");
+ if($ldap->count()) {
+ while($attrs = $ldap->fetch()){
+ if($attrs['dn'] != $this->orig_dn){
+ $message[] = msgPool::duplicated(_("Name"));
+ }
+ }
+ }
+ }
+
+ if(!count($this->gosaAclTemplate)){
+ $message[] = msgPool::required(_("ACL"));
+ }
+
+ // Check if a wrong base was supplied
+ if(!$this->baseSelector->checkLastBaseUpdate()){
+ $message[]= msgPool::check_base();;
+ }
+
+ /* Check if we are allowed to create or move this object
+ */
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && $this->base != $this->orig_base && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
+ }
+
+ return($message);
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: