diff --git a/gosa-core/plugins/admin/acl/class_aclRole.inc b/gosa-core/plugins/admin/acl/class_aclRole.inc
index 16c7e44737d83da46fcef82d26e37af4c103cef2..5f96b0dea1bda890c2ce83412e2cc720995bafea 100644 (file)
<?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
class aclrole extends acl
{
/* Definitions */
- var $plHeadline= "Access control list templates";
- var $plDescription= "This does something";
+ var $plHeadline= "Access control roles";
+ var $plDescription= "Edit AC roles";
/* attribute list for save action */
var $attributes= array('gosaAclTemplate',"cn","description");
/* Role attributes */
var $gosaAclTemplate= "";
var $cn = "";
+ var $orig_cn = "";
var $description = "";
var $orig_dn;
+ var $orig_base;
var $base ="";
function aclrole (&$config, $dn= NULL)
plugin::plugin($config, $dn);
if($this->dn == "new"){
- $this->base = $_SESSION['CurrentMainBase'];
+ $this->base = session::get('CurrentMainBase');
}else{
$this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
- new log("view","aclroles/".get_class($this),$this->dn);
+ new log("view","acl/".get_class($this),$this->dn);
}
/* Load ACL's */
ksort($this->gosaAclTemplate);
/* Extract available categories from plugin info list */
- $tmp= get_global('plist');
+ $tmp= session::get('plist');
$plist= $tmp->info;
$oc = array();
foreach ($plist as $class => $acls){
asort($this->aclObjects);
/* Fill acl types */
- $this->aclTypes= array( "reset" => _("Reset ACLs"),
+ $this->aclTypes= array( "reset" => _("Reset ACL"),
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
/* Finally - we want to get saved... */
$this->is_account= TRUE;
+ $this->orig_base = $this->base;
+ $this->orig_dn = $this->dn;
+ $this->orig_cn = $this->cn;
}
}
}
- $tmp= get_global('plist');
+ $tmp= session::get('plist');
$plist= $tmp->info;
/* Handle posts */
- if (isset($_POST['new_acl'])){
+ if (isset($_POST['new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
$this->dialog= TRUE;
$this->currentIndex= count($this->gosaAclTemplate);
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
+
+ /* Act on HTML post and gets here.
+ */
+ if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+ $id = trim($_GET['id']);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= $id;
+ $this->loadAclEntry();
+ }
+
foreach($_POST as $name => $post){
/* Actions... */
$this->loadAclEntry();
continue;
}
- if (preg_match('/^acl_del_.*_x/', $name)){
- unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
- continue;
- }
-
if (preg_match('/^cat_edit_.*_x/', $name)){
$this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
$this->dialogState= 'edit';
}
continue;
}
- if (preg_match('/^cat_del_.*_x/', $name)){
+
+ if(!$this->acl_is_writeable("gosaAclEntry")){
+ continue;
+ }
+
+ if (preg_match('/^acl_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
+ unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+ continue;
+ }
+
+ if (preg_match('/^cat_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
foreach ($this->ocMapping[$idx] as $key){
unset($this->aclContents["$idx/$key"]);
}
/* Sorting... */
- if (preg_match('/^sortup_.*_x/', $name)){
+ if (preg_match('/^sortup_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
if ($index > 0){
$tmp= $this->gosaAclTemplate[$index];
}
continue;
}
- if (preg_match('/^sortdown_.*_x/', $name)){
+ if (preg_match('/^sortdown_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
if ($index < count($this->gosaAclTemplate)-1){
$tmp= $this->gosaAclTemplate[$index];
}
/* ACL saving... */
- if (preg_match('/^acl_.*_[^xy]$/', $name)){
- $aclDialog= TRUE;
- list($dummy, $object, $attribute, $value)= split('_', $name);
+ if (preg_match('/^acl_.*_[^xy]$/', $name) && $this->acl_is_writeable("gosaAclEntry")){
+ list($dummy, $object, $attribute, $value)= explode('_', $name);
/* Skip for detection entry */
if ($object == 'dummy') {
continue;
}
- /* Ordinary ACLs */
+ /* Ordinary ACL */
if (!isset($new_acl[$object])){
$new_acl[$object]= array();
}
}
}
}
-
+
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
+ }
+
/* Only be interested in new acl's, if we're in the right _POST place */
if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
}
/* Store ACL in main object? */
- if (isset($_POST['submit_new_acl'])){
+ if (isset($_POST['submit_new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
}
/* Save edit acl? */
- if (isset($_POST['submit_edit_acl'])){
+ if (isset($_POST['submit_edit_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
}
/* Add acl? */
- if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
+ if (isset($_POST['add_acl']) && $_POST['aclObject'] != "" && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'edit';
$this->savedAclContents= array();
foreach ($this->ocMapping[$this->aclObject] as $oc){
/* Save common values */
foreach (array("aclType", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
+ if (isset($_POST[$key]) && $this->acl_is_writeable("gosaAclEntry")){
$this->$key= validate($_POST[$key]);
}
}
/* Draw list */
$aclList= new divSelectBox("aclList");
$aclList->SetHeight(350);
-
+
/* Fill in entries */
foreach ($this->gosaAclTemplate as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
- $field2= array("string" => $this->assembleAclSummary($entry));
- $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
- $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
- $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
+
+ if($this->acl_is_readable("")){
+ $link = "<a href=?plug=".$_GET['plug']."&id=".$key."&act=edit>".$this->assembleAclSummary($entry)."</a>";
+ }else{
+ $link = $this->assembleAclSummary($entry);
+ }
+
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
+ $field2= array("string" => $link);
+
+ $action ="";
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input type='image' name='sortup_$key' alt='up'
+ title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
+ $action.= "<input type='image' name='sortdown_$key' alt='down'
+ title='"._("Down")."' src='images/lists/sort-down.png'>";
+ }
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key'
+ title='".msgPool::editButton(_("ACL"))."'>";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key'
+ title='".msgPool::delButton(_("ACL"))."'>";
+ }
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
$aclList->AddEntry(array($field1, $field2, $field3));
$summary.= "$oc, ";
continue;
}
- if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
- $this->aclContents["$section/$oc"][0] != ""){
-
+ if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
$summary.= "$oc, ";
continue;
}
if ($summary == ""){
$summary= '<i>'._("No ACL settings for this category").'</i>';
} else {
- $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
+ $summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary));
+ }
+
+ $action = "";
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/edit.png'
+ alt='"._("Edit")."' name='cat_edit_$section' title='"._("Edit category ACL")."'>";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "<input class='center' type='image' src='images/lists/trash.png'
+ alt='"._("Delete")."' name='cat_del_$section' title='"._("Reset category ACL")."'>";
}
$field1= array("string" => $dsc, "attach" => "style='width:140px'");
$field2= array("string" => $summary);
- $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
$aclList->AddEntry(array($field1, $field2, $field3));
}
function sort_by_priority($list)
{
- $tmp= get_global('plist');
+ $tmp= session::get('plist');
$plist= $tmp->info;
asort($plist);
$newSort = array();
function aclPostHandler()
{
- if (isset($_POST['save_acl'])){
+ if (isset($_POST['save_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->save();
return TRUE;
}
$ldap->cd($this->dn);
$this->cleanup();
$ldap->modify ($this->attrs);
- new log("modify","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("modify","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}else{
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
$ldap->cd($this->dn);
$ldap->add($this->attrs);
- new log("create","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("create","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
- show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
+ }
- /* Refresh users ACLs */
+ /* Refresh users ACL */
$ui= get_userinfo();
$ui->loadACL();
session::set('ui',$ui);
$all_names .= ", ...";
}
$all_names = "<span style='text-align:left;'>".$all_names."</span>";
- print_red(sprintf(_("This role can't be removed while it is in use. Follwing objects are using this role %s"),$all_names));
+ msg_dialog::display(_("Object in use"), sprintf(_("This role cannot be removed while it is in use by these objects:")."<br><br>%s", $all_names), WARNING_DIALOG);
return;
}
$ldap->rmDir($this->dn);
- new log("remove","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
- show_ldap_error($ldap->get_error(), sprintf(_("Removing of aclRole with dn '%s' failed."),$this->dn));
+ new log("remove","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
+ }
/* Optionally execute a command after we're done */
$this->handle_post_events("remove");
/* Delete references to object groups */
$ldap->cd ($this->config->current['BASE']);
- $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".$this->dn."))", array("cn"));
+ $ldap->search ("(&(objectClass=gosaGroupOfNames)(member=".LDAP::prepare4filter($this->dn)."))", array("cn"));
while ($ldap->fetch()){
$og= new ogroup($this->config, $ldap->getDN());
unset($og->member[$this->dn]);
$og->save ();
- show_ldap_error($ldap->get_error(), sprintf(_("Removing aclRole from objectgroup '%s' failed"), $og->dn));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $og->dn, "", get_class()));
+ }
}
}
{
return (array(
"plShortName" => _("Role"),
- "plDescription" => _("ACL roles"),
+ "plDescription" => _("Access control roles"),
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
- "plCategory" => array("aclroles" => array("objectClass" => "gosaRole", "description" => _("Acl roles"))),
-
+ "plSection" => array("administration"),
+ "plCategory" => array("acl"),
"plProvidedAcls" => array(
"cn" => _("Name"),
"base" => _("Base"),
- "description" => _("Description"))
+ "description" => _("Description"),
+ "gosaAclEntry" => _("Permissions"))
));
}
+ function check()
+ {
+ $message = plugin::check();
+
+ if(empty($this->cn)){
+ $message[] = msgPool::required(_("Name"));
+ }
+
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ if($this->cn != $this->orig_cn){
+ $ldap->search("(&(objectClass=gosaRole)(cn=".$this->cn."))");
+ if($ldap->count()) {
+ while($attrs = $ldap->fetch()){
+ if($attrs['dn'] != $this->orig_dn){
+ $message[] = msgPool::duplicated(_("Name"));
+ }
+ }
+ }
+ }
+
+ if(!count($this->gosaAclTemplate)){
+ $message[] = msgPool::required(_("ACL"));
+ }
+
+ /* Check if we are allowed to create or move this object
+ */
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && $this->base != $this->orig_base && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
+ }
+
+ return($message);
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: