![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 3d59015a24b6dc343e888fd3cb7877f827d5961b..c32eca5f0c17daddceda8a87c5c0b04ff6cf9899 100644 (file)
--- a/include/class_plugin.inc
+++ b/include/class_plugin.inc
/* attribute list for save action */
var $attributes= array();
var $objectclasses= array();
- var $new= TRUE;
+ var $is_new= TRUE;
var $saved_attributes= array();
+ var $acl_base= "";
+ var $acl_category= "";
+
/* Plugin identifier */
var $plHeadline= "";
var $plDescription= "";
\param dn Distinguished name to initialize plugin from
\sa plugin()
*/
- function plugin ($config, $dn= NULL)
+ function plugin ($config, $dn= NULL, $parent= NULL)
{
/* Configuration is fine, allways */
$this->config= $config;
return;
}
+ /* Save current dn as acl_base */
+ $this->acl_base= $dn;
+
/* Get LDAP descriptor */
$ldap= $this->config->get_ldap_link();
if ($dn != NULL){
/* Load data to 'attrs' and save 'dn' */
- $ldap->cat ($dn);
- $this->attrs= $ldap->fetch();
+ if ($parent != NULL){
+ $this->attrs= $parent->attrs;
+ } else {
+ $ldap->cat ($dn);
+ $this->attrs= $ldap->fetch();
+ }
/* Copy needed attributes */
foreach ($this->attributes as $val){
*/
function execute()
{
- # This one is empty currently. Fabian - please fill in the docu code
+ gosa_log("ACL ".get_class($this)." - ".$this->acl_category." - ".$this->acl_base);
+
+ /* This one is empty currently. Fabian - please fill in the docu code */
$_SESSION['current_class_for_help'] = get_class($this);
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
$_SESSION['LOCK_VARS_TO_USE'] =array();
if (isset($tmp['objectClass'])){
$oc= $tmp["objectClass"];
- $this->new= FALSE;
+ $this->is_new= FALSE;
} else {
$oc= array("count" => 0);
- $this->new= TRUE;
+ $this->is_new= TRUE;
}
/* Load (minimum) attributes, add missing ones */
foreach ($this->attributes as $val){
if ($this->$val != ""){
$this->attrs["$val"]= $this->$val;
- } elseif (!$this->new) {
+ } elseif (!$this->is_new) {
$this->attrs["$val"]= array();
}
}
/* Show header message for tab dialogs */
function show_enable_header($button_text, $text, $disabled= FALSE)
{
- if ($disabled == TRUE){
+ if (($disabled == TRUE) || (!$this->acl_is_createable())){
$state= "disabled";
} else {
$state= "";
}
$display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
- $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
- ($this->acl_is_createable()?'':'disabled')." ".$state.
+ $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
"><p class=\"seperator\"> </p></td></tr></table>";
return($display);
/* Show header message for tab dialogs */
function show_disable_header($button_text, $text, $disabled= FALSE)
{
- if ($disabled == TRUE){
+ if (($disabled == TRUE) || !$this->acl_is_removeable()){
$state= "disabled";
} else {
$state= "";
}
$display= "<table summary=\"\" width=\"100%\"><tr>\n<td colspan=2><p><b>$text</b></p>\n";
- $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".
- ($this->acl_is_removeable()?'':'disabled')." ".$state.
+ $display.= "<input type=submit value=\"$button_text\" name=\"modify_state\" ".$state.
"><p class=\"seperator\"> </p></td></tr></table>";
return($display);
}
$todo[] = "is_account";
foreach($todo as $var){
- $this->$var = $source->$var;
+ if (isset($source->$var)){
+ $this->$var= $source->$var;
+ }
}
}
function remove_snapshot($dn)
{
-echo "FIXME: remove_snapshot uses old acl's<br>";
- $ui = get_userinfo();
- $acl = get_permissions ($dn, $ui->subtreeACL);
- $acl = get_module_permission($acl, "snapshot", $dn);
-
- if (chkacl($this->acl, "delete") == ""){
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
- $ldap->rmdir_recursive($dn);
- }else{
- print_red (_("You are not allowed to delete this snapshot!"));
- }
+ $ui = get_userinfo();
+ $old_dn = $this->dn;
+ $this->dn = $dn;
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->rmdir_recursive($dn);
+ $this->dn = $old_dn;
}
/* Restore one of the already deleted objects */
if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
$once = false;
- $this->snapDialog = new SnapShotDialog($this->config,$baseSuffixe,$this);
+ $this->snapDialog = new SnapShotDialog($this->config,"",$this);
+ $this->snapDialog->set_snapshot_bases($baseSuffixe);
$this->snapDialog->display_restore_dialog = true;
$this->snapDialog->display_all_removed_objects = true;
}
}
- function acl_is_writeable($attribute)
+ function set_acl_base($base)
+ {
+ $this->acl_base= $base;
+ }
+
+
+ function set_acl_category($category)
+ {
+ $this->acl_category= "$category/";
+ }
+
+
+ function acl_is_writeable($attribute,$skip_write = FALSE)
{
$ui= get_userinfo();
- return preg_match('/w/', $ui->get_permissions($this->dn, get_class($this), $attribute));
+ return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
}
function acl_is_readable($attribute)
{
$ui= get_userinfo();
- return preg_match('/r/', $ui->get_permissions($this->dn, get_class($this), $attribute));
+ return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
}
function acl_is_createable()
{
$ui= get_userinfo();
- return preg_match('/c/', $ui->get_permissions($this->dn, get_class($this), '0'));
+ return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
}
function acl_is_removeable()
{
$ui= get_userinfo();
- return preg_match('/d/', $ui->get_permissions($this->dn, get_class($this), '0'));
+ return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
}
function acl_is_moveable()
{
$ui= get_userinfo();
- return preg_match('/m/', $ui->get_permissions($this->dn, get_class($this), '0'));
+ return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
}
- function getacl($attribute)
+ function acl_have_any_permissions()
+ {
+ }
+
+
+ function getacl($attribute,$skip_write= FALSE)
{
$ui= get_userinfo();
- return $ui->get_permissions($this->dn, get_class($this), $attribute);
+ return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
+ }
+
+ /* Get all allowed bases to move an object to or to create a new object.
+ Idepartments also contains all base departments which lead to the allowed bases */
+ function get_allowed_bases($category = "")
+ {
+ $ui = get_userinfo();
+ $deps = array();
+
+ /* Set category */
+ if(empty($category)){
+ $category = $this->acl_category.get_class($this);
+ }
+
+ /* Is this a new object ? Or just an edited existing object */
+ if(!$this->initially_was_account && $this->is_account){
+ $new = true;
+ }else{
+ $new = false;
+ }
+
+ /* Add current base */
+ if(isset($this->base) && isset($this->config->idepartments[$this->base])){
+ $deps[$this->base] = $this->config->idepartments[$this->base];
+ }else{
+ echo "No default base found. ".$this->base."<br> ";
+ }
+
+ $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
+ foreach($this->config->idepartments as $dn => $name){
+
+ if(!in_array_ics($dn,$cat_bases)){
+ continue;
+ }
+
+ $acl = $ui->get_permissions($dn,$category);
+ if($new && preg_match("/c/",$acl)){
+ $deps[$dn] = $name;
+ }elseif(!$new && preg_match("/m/",$acl)){
+ $deps[$dn] = $name;
+ }
+ }
+ return($deps);
}
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>