diff --git a/plugins/admin/groups/class_groupManagement.inc b/plugins/admin/groups/class_groupManagement.inc
index 69ca59c013d504b67fb44712969659327a75239d..ff2310b9f860a6cb7b574460c0dee1965799ce33 100644 (file)
var $plDescription= "This does something";
/* Dialog attributes */
- var $grouptab= NULL;
- var $grouplist= array();
- var $ui= NULL;
- var $acl= "";
-
- var $CopyPasteHandler = NULL;
- var $DivListGroup = NULL;
-
- var $ShowPrimaryCheckBox = false;
+ var $grouptab = NULL;
+ var $grouplist = array();
+ var $ui = NULL;
+ var $CopyPasteHandler = NULL;
+ var $DivListGroup = NULL;
+ var $ShowPrimaryCheckBox= false;
function groupManagement ($config, $ui)
{
/* Save configuration for internal use */
- $this->config= $config;
- $this->ui= $ui;
+ $this->config = $config;
+ $this->ui = $ui;
/* Copy & Paste enabled ?*/
if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&(preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){
$this->DivListGroup->DisableCheckBox("ShowPrimaryGroups",$this->ShowPrimaryCheckBox);
}
+
function execute()
{
/* Call parent execute */
/* New group? */
if ($s_action=="new"){
- /* By default we set 'dn' to 'new', all relevant plugins will
- react on this. */
- $this->dn= "new";
+ /* Check create permissions */
+ $acl = $this->ui->get_permissions($this->DivListGroup->selectedBase,"groups/group");
+ if(preg_match("/c/",$acl)){
- /* Create new usertab object */
- $this->grouptab= new grouptabs($this->config, $this->config->data['TABS']['GROUPTABS'], $this->dn);
+ /* By default we set 'dn' to 'new', all relevant plugins will
+ react on this. */
+ $this->dn= "new";
- /* Set up the users ACL's for this 'dn' */
- $acl= get_permissions ($this->DivListGroup->selectedBase, $this->ui->subtreeACL);
- $this->grouptab->set_acl($acl);
+ /* Create new usertab object */
+ $this->grouptab= new grouptabs($this->config, $this->config->data['TABS']['GROUPTABS'], $this->dn);
+
+ /* Set up the users ACL's for this 'dn' */
+ $this->grouptab->set_acl_base($this->DivListGroup->selectedBase);
+ }
}
/* Save user data to ldap */
$this->grouptab->save();
- gosa_log ("Group object'".$this->dn."' has been saved");
+ gosa_log ("Group object '".$this->dn."' has been saved");
if (!isset($_POST['edit_apply'])){
/* Group has been saved successfully, remove lock from LDAP. */
}
add_lock ($this->dn, $this->ui->dn);
- /* Set up the users ACL's for this 'dn' */
- $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
-
/* Register grouptab to trigger edit dialog */
$this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $this->dn);
- $this->grouptab->set_acl($acl);
+ $this->grouptab->set_acl_base($this->dn);
$_SESSION['objectinfo']= $this->dn;
}
/* Load permissions for selected 'dn' and check if
we're allowed to remove this 'dn' */
- $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
- $this->acl= get_module_permission($acl, "group", $this->dn);
- if (chkacl($this->acl, "delete") == ""){
+ $acl = $this->ui->get_permissions($this->dn,"groups/group");
+ if(preg_match("/d/",$acl)){
/* Check locking, save current plugin in 'back_plugin', so
the dialog knows where to return. */
/* Some nice guy may send this as POST, so we've to check
for the permissions again. */
- if (chkacl($this->acl, "delete") == ""){
+ $acl = $this->ui->get_permissions($this->dn,"groups/group");
+ if(preg_match("/d/",$acl)){
/* Delete request is permitted, perform LDAP action */
$this->grouptab= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $this->dn);
- $this->grouptab->set_acl(array($this->acl));
+ $this->grouptab->set_acl_base($this->dn);
$this->grouptab->delete ();
gosa_log ("Group object'".$this->dn."' has been removed");
unset ($this->grouptab);
return ($display);
}
-
+
/* Check if there is a snapshot dialog open */
- if($str = $this->showSnapshotDialog($this->DivListGroup->selectedBase,get_groups_ou())){
+ $base = $this->DivListGroup->selectedBase;
+ if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases())){
return($str);
}
-
+
/* Display dialog with group list */
$this->DivListGroup->parent = $this;
$this->DivListGroup->execute();
return($this->DivListGroup->Draw());
}
+
+ /* Return departments, that will be included within snapshot detection */
+ function get_used_snapshot_bases()
+ {
+ return(array(get_groups_ou().$this->DivListGroup->selectedBase));
+ }
+
+
+
function reload($CreatePosixsList=false)
{
$this->grouplist = array();
/* Collect primary groupIDs to show primary groups
if this option is enabled in gosa conf && the checkbox is checked */
if ($this->ShowPrimaryCheckBox){
- $res = get_list("(&(uid=$Regex)(!(uid=*$))(objectClass=posixAccount)(gidNumber=*))", $this->ui->subtreeACL,
- $base,array("gidNumber", "cn"), GL_SUBSEARCH);
+ $res = get_list("(&(uid=$Regex)(!(uid=*$))(objectClass=posixAccount)(gidNumber=*))",
+ "groups", $base,array("gidNumber", "cn"), GL_SUBSEARCH);
foreach ($res as $attrs){
$primaries[$attrs['gidNumber'][0]]= $attrs['cn'][0];
}
/* Collect all GroupIDs from those groups which are functional.
Only perfrom this search if ShowFunctionalGroups is unchecked, else leave arre empty */
$ff = "(&(cn=$Regex)(objectClass=posixGroup)(!(|(objectClass=gosaMailAccount)(objectClass=gosaApplicationGroup)$sfilter)))";
- $res = get_list($ff,$this->ui->subtreeACL,$base,array("gidNumber", "cn", "description"), GL_SUBSEARCH);
+ $res = get_list($ff, "groups", $base,array("gidNumber", "cn", "description"), GL_SUBSEARCH);
foreach($res as $attrs){
if (!isset($primaries[$attrs['gidNumber'][0]])){
$functional[$attrs['gidNumber'][0]]= $attrs['gidNumber'][0];
Search for the prepared filter
********************/
+ /* Attributes to search for */
+ $attrs = array("cn", "description", "gidNumber", "objectClass");
+
/* If subsearch is activated search for subobjects too */
- $attrs = array("cn", "description", "gidNumber", "objectClass","FAIrelease");
+ $tmp = search_config($this->config->data,"faiManagement","CLASS");
+ if(!empty($tmp)){
+ $attrs [] = "FAIrelease";
+ }
if ($SubSearch){
- $res= get_list($filter, $this->ui->subtreeACL, $base, $attrs, GL_SIZELIMIT| GL_SUBSEARCH);
+ $res= get_list($filter, "groups", $base, $attrs, GL_SIZELIMIT| GL_SUBSEARCH);
} else {
- $res= get_list($filter, $this->ui->subtreeACL, get_groups_ou().$base, $attrs, GL_SIZELIMIT);
+ $res= get_list($filter, "groups", get_groups_ou().$base, $attrs, GL_SIZELIMIT);
}
/* Sort values into grouplist*/
/* Copy current object to CopyHandler
*/
if($s_action == "copy"){
- $this->CopyPasteHandler->Clear();
- $dn = $this->grouplist[trim($s_entry)]['dn'];
- $acl = get_permissions ($dn, $this->ui->subtreeACL);
+ $dn = $this->grouplist[trim($s_entry)]['dn'];
+ $ui = get_userinfo();
+ $acl_all = $ui->has_complete_category_acls($this->DivListGroup->selectedBase,"groups") ;
+ if(preg_match("/(c.*w|w.*c)/",$acl_all)){
+
+ $this->CopyPasteHandler->Clear();
+ $obj = new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $dn);
+ $obj->set_acl_base($dn);
+ $objNew = new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], "new");
+ $objNew->set_acl_base($dn);
- $obj = new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $dn);
- $objNew = new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], "new");
- $obj->set_acl($acl);
- $objNew->set_acl($acl);
- $this->CopyPasteHandler->Copy($obj,$objNew);
+ $this->CopyPasteHandler->Copy($obj,$objNew);
+ }else{
+ print_red("You are not allowed to copy this entry.");
+ }
}
/* Copy current object to CopyHandler
*/
if($s_action == "cut"){
- $this->CopyPasteHandler->Clear();
+
$dn = $this->grouplist[trim($s_entry)]['dn'];
- $acl= get_permissions ($dn, $this->ui->subtreeACL);
-
- $obj= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $dn);
- $obj->set_acl($acl);
-
- $this->CopyPasteHandler->Cut($obj);
+ $acl_all = $ui->has_complete_category_acls($this->selectedBase,"groups") ;
+ if(preg_match("/(c.*w|w.*c)/",$acl_all)){
+
+ $this->CopyPasteHandler->Clear();
+ $obj= new grouptabs($this->config,$this->config->data['TABS']['GROUPTABS'], $dn);
+ $obj->set_acl_base($dn);
+ $this->CopyPasteHandler->Cut($obj);
+ }else{
+ print_red("You are not allowed to cut this entry.");
+ }
}
}
function check() { }
function adapt_from_template($dn) { }
function password_change_needed() { }
- function show_header($button_text, $text, $disabled= FALSE) { }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>