![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
index 3dbdf1b6265d52b427af43d320e252e48d39b1ea..9ede9124c5e2bd714c337825c058991dfde54cf7 100644 (file)
var $gosaVacationMessage = ""; // Vocation message
- var $imapacl = array('anyone' => 'p', // Set acls for everyone
+ var $imapacl = array(
'%members%' => 'lrspw', // %members% are all group-members
+ 'anyone' => 'p', // Set acls for everyone
'' => 'p'); // Every user added gets this right
}
}
- /* If this ins't new mailgroup, read all required data from ldap
+ /* If this isn't a new mailgroup, read all required data from ldap
*/
if (($dn != "new")&&($dn != NULL)){
/* Create new instance of our defined mailclass
*/
$method= new $this->method($this->config);
-
if ($method->connect($this->attrs["gosaMailServer"][0])){
-
- /* Maybe the entry is not saved in new style, get
- permissions from IMAP and convert them to acl attributes */
- if (!isset($this->attrs['acl'])){
+ /* If we do NOT use kolab or equal methods,
+ read imap the acls from the mail method class.
+ They will be merged later with the ldap specified acls.
+ */
+ if(!preg_match("/olab/i",$this->mmethod)){
$this->imapacl= $method->getSharedFolderPermissions($this->uid);
/* Need to filter what a member acl could be... */
$peek= $vote[$acl];
}
}
-
}
-
/* Highest count wins as %members%, remove all members
with the same acl */
if(!empty($leader)){
unset($this->imapacl[$user]);
}
}
+ }
- } // ENDE ! isset ($this->attrs['acl'])
-
/* Adapt attributes if needed */
$method->fixAttributesOnLoad($this);
-
+
/* get Quota */
$quota= $method->getQuota($this->uid);
}else{
$this->quotaUsage = "";
$this->gosaMailQuota = "";
-// print_red(sprintf(_("Can't get quota information for '%s'."),$this->uid));
}
$method->disconnect();
} // ENDE $method->connect($this->attrs["gosaMailServer"][0])){
-
} // ENDE gosaMailServer
-
} // ENDE dn != "new"
/* Load permissions */
$tmp = array();
- if(preg_match("/olab/i",$this->mmethod)){
- $ldap = $this->config->get_ldap_link();
+ $ldap = $this->config->get_ldap_link();
- if (isset($this->attrs['acl'])){
+ /* Read acls from ldap and merge them with
+ * acls read from mail method.
+ */
+ if (isset($this->attrs['acl'])){
- for ($i= 0; $i<$this->attrs['acl']['count']; $i++){
- list($user, $permission)= split(' ', $this->attrs['acl'][$i]);
+ for ($i= 0; $i<$this->attrs['acl']['count']; $i++){
+ list($user, $permission)= split(' ', $this->attrs['acl'][$i]);
- /* Add to list */
- $this->imapacl[$user]= $permission;
+ /* Add to list */
+ $this->imapacl[$user]= $permission;
- /* Get all user permissions sorted by acl, to detect the most used acl
- This acl is then used for %members%
- */
- if ($user != "anyone" && $user != "%members%"){
- $tmp[$permission][] = $user;
- }
+ /* Get all user permissions sorted by acl, to detect the most used acl
+ This acl is then used for %members%
+ */
+ if ($user != "anyone" && $user != "%members%"){
+ $tmp[$permission][] = $user;
+ }
- /* There is an entry in $this->imapacl like this this ...
- $this->attrs['imapacl']['anyone'] = "p";
- $this->attrs['imapacl']['%members%'] = "lprs";
- $this->attrs['imapacl'][''] = ""; <------ This is used to diplay an empty
- Field for special acls in our template.
- If there is at least one special acl in out imapacl,
- we don't need this entry anymore, because it is already displayed.
- */
- if ($user != "anyone" && $user != "%members%"){
- unset($this->imapacl['']);
- }
+ /* There is an entry in $this->imapacl like this this ...
+ $this->attrs['imapacl']['anyone'] = "p";
+ $this->attrs['imapacl']['%members%'] = "lprs";
+ $this->attrs['imapacl'][''] = ""; <------ This is used to diplay an empty
+ Field for special acls in our template.
+ If there is at least one special acl in out imapacl,
+ we don't need this entry anymore, because it is already displayed.
+ */
+ if ($user != "anyone" && $user != "%members%"){
+ unset($this->imapacl['']);
}
}
+ }
- /* In this section we dectect which acl is tho most used
- This will be used as %members% acl
- */
- $tmp2 = array();
- foreach($tmp as $acl => $user){
- $tmp2[count($tmp[$acl])]=$acl;
- }
- /* Most used at last
- */
- ksort($tmp2);
-
- /* Assign last (most used acl) to %members% acl
- */
- $str = array_pop($tmp2);
- if(!empty($str)) {
- $this->imapacl['%members%']=$str;
- }
+ /**
+ * Detect group members which use the same acl
+ * as used for %members% and remove them.
+ **/
- /* Open ldap connection
- */
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
-
- /* Remove those users, that use %members% acl && are member of this group. */
- foreach($this->imapacl as $mail => $permission){
- $ldap->search("(&(objectClass=person)(mail=".$mail."))",array("uid"));
- $atr = $ldap->fetch();
- if((isset($this->attrs['memberUid'])) && (is_array($this->attrs['memberUid']))){
- if((isset($atr['uid'][0]))&&(in_array($atr['uid'][0],$this->attrs['memberUid']))&&($permission == $this->imapacl['%members%'])){
- unset($this->imapacl[$mail]);
- }
- }
- }
- /* Append an empty entry, for special acl handling */
- if(count($this->imapacl)==2){
- $this->imapacl[''] ="";
- }
-
- }else{ // Not kolab
- /* Load permissions */
- if (isset($this->attrs['acl'])){
- for ($i= 0; $i<$this->attrs['acl']['count']; $i++){
- list($user, $permission)= split(' ', $this->attrs['acl'][$i]);
- $this->imapacl[$user]= $permission;
- if ($user != "anyone" && $user != "%members%"){
- unset($this->imapacl['']);
- }
+ /* In this section we detect which acl is the most used.
+ This will be used as %members% acl.
+ */
+ $tmp2 = array();
+ foreach($tmp as $acl => $user){
+ $tmp2[count($tmp[$acl])]=$acl;
+ }
+ /* Most used at last
+ */
+ ksort($tmp2);
+
+ /* Assign last (most used acl) to %members% acl
+ */
+ $str = array_pop($tmp2);
+ if(!empty($str)) {
+ $this->imapacl['%members%']=$str;
+ }
+ if(!isset($this->imapacl['%members%'])){
+ $this->imapacl['%members%'] = "lrspw";
+ }
+
+
+ /* Open ldap connection
+ */
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+
+ /* Remove those users, that use %members% acl && are member of this group. */
+ foreach($this->imapacl as $mail => $permission){
+ $ldap->search("(&(objectClass=person)(|(mail=".$mail.")(uid=".$mail.")))",array("uid"));
+ $atr = $ldap->fetch();
+ if((isset($this->attrs['memberUid'])) && (is_array($this->attrs['memberUid']))){
+ if((isset($atr['uid'][0]))&&(in_array($atr['uid'][0],$this->attrs['memberUid']))&&($permission == $this->imapacl['%members%'])){
+ unset($this->imapacl[$mail]);
}
}
}
+ /**
+ * ENDE: Detect group member with same acl and replace them with %members%
+ **/
+ $this->indexed_user = array("%members%","anyone");
+
+ /* Append an empty entry, for special acl handling */
+ if(count($this->imapacl)==2){
+ $this->imapacl[''] ="lrsw";
+ $this->indexed_user[] = '';
+ }
+
/* Load Mailserver
*/
if(isset($this->attrs['gosaMailServer'][0])){
$this->perms[""]= _("none");
}
+
function execute()
{
/* Call parent execute */
/* Add ACL? */
if (isset($_POST["add_acl"])){
- $this->imapacl[""]= "l";
+ $this->imapacl[""]= "lrsw";
+ $this->indexed_user[] = "";
}
foreach ($this->indexed_user as $nr => $user){
if (isset($_POST["del_$nr"])){
$tmp.= "</select> ";
if ($nr == $count - 1){
}
- if ($count > 3){
- $tmp.= "<input type=submit value=\""._("Remove")."\" ".
+ if ($count > 2){
+ $tmp.= "</td><td><input type=submit value=\""._("Remove")."\" ".
"name=\"del_$nr\" $perm></td></tr>";
}
}
$this->is_modified= TRUE;
}
$this->imapacl[$_POST["user_$nr"]]= $_POST["perm_$nr"];
+ $this->indexed_user[$nr] = $_POST["user_$nr"];
}
}
}
-
}
-
/* Save data to LDAP, depending on is_account we save or delete */
function save()
{
$this->attrs['gosaMailAlternateAddress'] = $this->gosaMailAlternateAddress;
$this->attrs['gosaMailForwardingAddress'] = $this->gosaMailForwardingAddress;
$this->attrs['gosaSharedFolderTarget'] = "share+".$this->uid;
+ $this->attrs['acl']= array();
- /* Only do IMAP actions if we are not a template */
+ /* Prepare Mail server attribute */
if(preg_match("/olab/i",$this->mmethod)){
if (empty($this->gosaMailServer)||is_array($this->gosaMailServer)){
if(isset($this->attrs['gosaMailServer'][0])){
/* Prepare kolab attributes to be written */
if(preg_match("/olab/i",$this->mmethod)){
- $this->attrs['acl']= array();
if(!empty($this->kolabFolderType_Type)){
$this->attrs['kolabFolderType'] = $this->kolabFolderType_Type.".".$this->kolabFolderType_SubType;
}else{
$this->attrs['kolabFolderType'] = array();
}
- }else{
- $this->attrs['acl']= array();;
- unset($this->attrs['acl']);
}
/* Get naming attribute for mail accounts */
$uattrib = $tmp->uattrib;
/* Create ACL array
- * In case of kolab also create attrs['acl'] to save acls in ldap.
+ What is done here.
+
+ 1. Do not write acl entries for empty entries.
+ 2. Check if given user is a valid GOsa user.
+ - If he is one, check if he has a valid mail extension
+ -If this is true, add the user to the ACL entry.
+ -If this is NOT true, skip ACL entries for this user.
+ - He is not a GOsa Account, so write the ACL. (Manually entered ACL)
+ 3. In case of "olab" mail method, remove the entry from the $this->imapacl array
+ because the kolab deamon will set the acls for us.
+
*/
foreach ($this->imapacl as $user => $acl){
+ /* Skip empty entries */
if (empty($user) || $user == ""){
unset($this->imapacl[$user]);
}
/* Check if your is a real GOsa user
* If user is a real GOsa user but do not have an email address - SKIP adding acls
- * If user is a real GOsa user with an emal address - add acls
+ * If user is a real GOsa user with an email address - add acls
*/
$ldap->search("(&(objectClass=person)(|(uid=".$user.")(mail=".$user.")))",array("mail","uid"));
if($ldap->count()){
- $attrs = $ldap->fetch();
/* Has the user a valid mail account? */
+ $attrs = $ldap->fetch();
if(isset($attrs['mail'][0])){
$name = $attrs[$uattrib][0];
+ $this->attrs['acl'][]= $name." ".$acl;
- /* In case of kolab methods add acl attribute too */
- if(preg_match("/olab/i",$this->mmethod)){
- $this->attrs['acl'][]= $name." ".$acl;
+ /* Do not write imap acl directly i nkolab mode, let the kolab deamon do this. */
+ unset($this->imapacl[$user]);
+ if(!preg_match("/olab/i",$this->mmethod)){
+ $this->imapacl[$name] = $acl;
}
- $this->imapacl[$name] = $acl;
+
}else{
- /* User has no mail extension */
+ /* User is a valid GOsa account, but he has no mail extension. Skip ACLs */
unset($this->imapacl[$user]);
}
}else{
- /* Seems to be a manually added acl */
- /* In case of kolab methods add acl attribute too */
+ /* Seems to be a manually a added acl
+ * Write this acl.
+ */
+ $this->attrs['acl'][]= $user." ".$acl;
+
+ /* In case of kolab methods, let the deamon add the imap acls */
if(preg_match("/olab/i",$this->mmethod)){
- $this->attrs['acl'][]= $user." ".$acl;
+ unset($this->imapacl[$user]);
}
- $this->imapacl[$user] = $acl;
}
}
-
+
+ /* Handle mail method actions, set acls, quota ...*/
if ((!$this->is_template)&&(!empty($this->gosaMailServer))){
$method= new $this->method($this->config);
$method->fixAttributesOnStore($this);
if (($method->connect($this->gosaMailServer))){
$method->updateMailbox($this->uid);
$method->setQuota($this->uid, $this->gosaMailQuota);
- $method->setSharedFolderPermissions($this->uid, $this->imapacl);
+
+ /* Only write imap acls directly if we are not
+ * using a kolab like mail method.
+ */
+ if(!preg_match("/olab/i",$this->mmethod)){
+ $method->setSharedFolderPermissions($this->uid, $this->imapacl);
+ }
$method->disconnect();
}
}
}
}
+
/* Check formular input */
function check()
{