X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=296c2d1e497a69e6f14813b5995ee31d2f03c694;hb=9566dc068208034acf0da2630a7efbb5a370f191;hp=d833d5f52f3d8f9e5b956cee2eeb0b06dcefda31;hpb=6b08ffcaafe0d9755aca07c6b9f624c3775c2dd0;p=gosa.git diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc index d833d5f52..296c2d1e4 100644 --- a/gosa-core/include/class_acl.inc +++ b/gosa-core/include/class_acl.inc @@ -20,197 +20,218 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/*! \brief ACL management plugin */ class acl extends plugin { - /* Definitions */ - var $plHeadline= "Access control"; - var $plDescription= "Manage access control lists"; - - /* attribute list for save action */ - var $attributes= array('gosaAclEntry'); - var $objectclasses= array('gosaAcl'); - - /* Helpers */ - var $dialogState= "head"; - var $gosaAclEntry= array(); - var $aclType= ""; - var $aclObject= ""; - var $aclContents= array(); - var $target= "group"; - var $aclTypes= array(); - var $aclObjects= array(); - var $aclMyObjects= array(); - var $users= array(); - var $roles= array(); - var $groups= array(); - var $recipients= array(); - var $isContainer= FALSE; - var $currentIndex= 0; - var $wasNewEntry= FALSE; - var $ocMapping= array(); - var $savedAclContents= array(); - var $myAclObjects = array(); - - function acl (&$config, $parent, $dn= NULL) - { - /* Include config object */ - plugin::plugin($config, $dn); - - /* Load ACL's */ - $this->gosaAclEntry= array(); - if (isset($this->attrs['gosaAclEntry'])){ - for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){ - $acl= $this->attrs['gosaAclEntry'][$i]; - $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl)); - } - } - ksort($this->gosaAclEntry); + /* Definitions */ + var $plHeadline= "Access control"; + var $plDescription= "Manage access control lists"; + + /* attribute list for save action */ + var $attributes= array('gosaAclEntry'); + var $objectclasses= array('gosaAcl'); + + /* Helpers */ + var $dialogState= "head"; + var $gosaAclEntry= array(); + var $aclType= ""; + var $aclObject= ""; + var $aclContents= array(); + var $target= "group"; + var $aclTypes= array(); + var $aclObjects= array(); + var $aclFilter= ""; + var $aclMyObjects= array(); + var $users= array(); + var $roles= array(); + var $groups= array(); + var $recipients= array(); + var $isContainer= FALSE; + var $currentIndex= 0; + var $wasNewEntry= FALSE; + var $ocMapping= array(); + var $savedAclContents= array(); + var $myAclObjects = array(); + var $acl_category = "acl/"; + + var $list =NULL; + + var $sectionList = NULL; + var $roleList = NULL; + + function acl (&$config, $parent, $dn= NULL) + { + /* Include config object */ + plugin::plugin($config, $dn); + + /* Load ACL's */ + $this->gosaAclEntry= array(); + if (isset($this->attrs['gosaAclEntry'])){ + for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){ + $acl= $this->attrs['gosaAclEntry'][$i]; + $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl)); + } + } + ksort($this->gosaAclEntry); - /* Save parent - we've to know more about it than other plugins... */ - $this->parent= &$parent; + /* Save parent - we've to know more about it than other plugins... */ + $this->parent= &$parent; - /* Container? */ - if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){ - $this->isContainer= TRUE; - } + /* Container? */ + if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){ + $this->isContainer= TRUE; + } - /* Users */ - $ui= get_userinfo(); - $tag= $ui->gosaUnitTag; - $ldap= $config->get_ldap_link(); - $ldap->cd($config->current['BASE']); - if ($tag == ""){ - $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn')); - } else { - $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn')); - } - while ($attrs= $ldap->fetch()){ - $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']'; - } - ksort($this->users); + /* Users */ + $ui= get_userinfo(); + $tag= $ui->gosaUnitTag; + $ldap= $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + if ($tag == ""){ + $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn')); + } else { + $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn')); + } + while ($attrs= $ldap->fetch()){ + + // Allow objects without cn to be listed without causing an error. + if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['uid'][0]; + }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['cn'][0]; + }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['dn']; + }else{ + $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']'; + } - /* Groups */ - $ldap->cd($config->current['BASE']); - if ($tag == ""){ - $ldap->search('(objectClass=posixGroup)', array('cn', 'description')); - } else { - $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description')); - } + } + ksort($this->users); + + /* Groups */ + $ldap->cd($config->current['BASE']); +# if ($tag == ""){ + $ldap->search('(objectClass=posixGroup)', array('cn', 'description')); +# } else { +# $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description')); +# } while ($attrs= $ldap->fetch()){ - $dsc= ""; - if (isset($attrs['description'][0])){ - $dsc= $attrs['description'][0]; - } - $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']'; + $dsc= ""; + if (isset($attrs['description'][0])){ + $dsc= $attrs['description'][0]; + } + $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']'; } + $this->groups['G:*']= _("All users"); ksort($this->groups); /* Roles */ $ldap->cd($config->current['BASE']); # if ($tag == ""){ - $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn')); + $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn')); # } else { # $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn')); # } while ($attrs= $ldap->fetch()){ - $dsc= ""; - if (isset($attrs['description'][0])){ - $dsc= $attrs['description'][0]; - } - - $role_id = $attrs['dn']; - - $this->roles[$role_id]['acls'] =array(); - for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){ - $acl= $attrs['gosaAclTemplate'][$i]; - $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl)); - } - $this->roles[$role_id]['description'] = $dsc; - $this->roles[$role_id]['cn'] = $attrs['cn'][0]; + $dsc= ""; + if (isset($attrs['description'][0])){ + $dsc= $attrs['description'][0]; + } + + $role_id = $attrs['dn']; + + $this->roles[$role_id]['acls'] =array(); + for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){ + $acl= $attrs['gosaAclTemplate'][$i]; + $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl)); + } + $this->roles[$role_id]['description'] = $dsc; + $this->roles[$role_id]['cn'] = $attrs['cn'][0]; } /* Objects */ - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; $cats = array(); if (isset($this->parent) && $this->parent !== NULL){ - $oc= array(); - foreach ($this->parent->by_object as $key => $obj){ - $oc= array_merge($oc, $obj->objectclasses); - if(isset($obj->acl_category)){ - $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category); + $oc= array(); + foreach ($this->parent->by_object as $key => $obj){ + $oc= array_merge($oc, $obj->objectclasses); + if(isset($obj->acl_category)){ + $tmp= str_replace("/","",$obj->acl_category); + $cats[$tmp] = $tmp; + } + } + if (in_array_ics('organizationalUnit', $oc)){ + $this->isContainer= TRUE; } - } - if (in_array_ics('organizationalUnit', $oc)){ - $this->isContainer= TRUE; - } } else { - $oc= $this->attrs['objectClass']; + $oc= $this->attrs['objectClass']; } /* Extract available categories from plugin info list */ foreach ($plist as $class => $acls){ - /* Only feed categories */ - if (isset($acls['plCategory'])){ + /* Only feed categories */ + if (isset($acls['plCategory'])){ - /* Walk through supplied list and feed only translated categories */ - foreach($acls['plCategory'] as $idx => $data){ + /* Walk through supplied list and feed only translated categories */ + foreach($acls['plCategory'] as $idx => $data){ - /* Non numeric index means -> base object containing more informations */ - if (preg_match('/^[0-9]+$/', $idx)){ - if (!isset($this->ocMapping[$data])){ - $this->ocMapping[$data]= array(); - $this->ocMapping[$data][]= '0'; - } + /* Non numeric index means -> base object containing more informations */ + if (preg_match('/^[0-9]+$/', $idx)){ - if(isset($cats[$data])){ - $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; - } - $this->ocMapping[$data][]= $class; - } else { - if (!isset($this->ocMapping[$idx])){ - $this->ocMapping[$idx]= array(); - $this->ocMapping[$idx][]= '0'; - } - $this->ocMapping[$idx][]= $class; - $this->aclObjects[$idx]= $data['description']; - - /* Additionally filter the classes we're interested in in "self edit" mode */ - if (is_array($data['objectClass'])){ - foreach($data['objectClass'] as $objectClass){ - if (in_array_ics($objectClass, $oc)){ - $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; - break; + if (!isset($this->ocMapping[$data])){ + $this->ocMapping[$data]= array(); + $this->ocMapping[$data][]= '0'; + } + + if(isset($cats[$data])){ + $this->myAclObjects[$data.'/'.$class]= $acls['plDescription']; + } + $this->ocMapping[$data][]= $class; + } else { + if (!isset($this->ocMapping[$idx])){ + $this->ocMapping[$idx]= array(); + $this->ocMapping[$idx][]= '0'; + } + $this->ocMapping[$idx][]= $class; + $this->aclObjects[$idx]= $data['description']; + + /* Additionally filter the classes we're interested in in "self edit" mode */ + if(!isset($data['objectClass'])) continue; + if (is_array($data['objectClass'])){ + foreach($data['objectClass'] as $objectClass){ + if (in_array_ics($objectClass, $oc)){ + $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; + break; + } + } + } else { + if (in_array_ics($data['objectClass'], $oc)){ + $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; + } + } } - } - } else { - if (in_array_ics($data['objectClass'], $oc)){ - $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; - } - } - } + } } - } } - $this->aclObjects['all']= '* '._("All categories"); - $this->ocMapping['all']= array('0' => 'all'); /* Sort categories */ asort($this->aclObjects); /* Fill acl types */ if ($this->isContainer){ - $this->aclTypes= array("reset" => _("Reset ACLs"), - "one" => _("One level"), - "base" => _("Current object"), - "sub" => _("Complete subtree"), - "psub" => _("Complete subtree (permanent)"), - "role" => _("Use ACL defined in role")); + $this->aclTypes= array("reset" => _("Reset ACLs"), + "one" => _("One level"), + "base" => _("Current object"), + "sub" => _("Complete subtree"), + "psub" => _("Complete subtree (permanent)"), + "role" => _("Use ACL defined in role")); } else { - $this->aclTypes= array("base" => _("Current object"), - "role" => _("Use ACL defined in role")); + $this->aclTypes= array("base" => _("Current object"), + "role" => _("Use ACL defined in role")); } asort($this->aclTypes); $this->targets= array("user" => _("Users"), "group" => _("Groups")); @@ -218,973 +239,1151 @@ class acl extends plugin /* Finally - we want to get saved... */ $this->is_account= TRUE; - } + $this->updateList(); + + // Prepare lists + $this->sectionList = new sortableListing(); + $this->sectionList->setDeleteable(false); + $this->sectionList->setEditable(false); + $this->sectionList->setWidth("100%"); + $this->sectionList->setHeight("120px"); + $this->sectionList->setColspecs(array('200px','*')); + $this->sectionList->setHeader(array(_("Section"),_("Description"))); + $this->sectionList->setDefaultSortColumn(1); + $this->sectionList->setAcl('rwcdm'); // All ACLs, we filter on our own here. + + $this->roleList = new sortableListing(); + $this->roleList->setDeleteable(false); + $this->roleList->setEditable(false); + $this->roleList->setWidth("100%"); + $this->roleList->setHeight("120px"); + $this->roleList->setColspecs(array('20px','*','*')); + $this->roleList->setHeader(array(_("Used"),_("Name"),_("Description"))); + $this->roleList->setDefaultSortColumn(1); + $this->roleList->setAcl('rwcdm'); // All ACLs, we filter on our own here. + } - function execute() - { - /* Call parent execute */ - plugin::execute(); - - $tmp= session::get('plist'); - $plist= $tmp->info; - /* Handle posts */ - if (isset($_POST['new_acl'])){ - $this->dialogState= 'create'; - $this->dialog= TRUE; - $this->currentIndex= count($this->gosaAclEntry); - $this->loadAclEntry(TRUE); + function updateList() + { + if(!$this->list){ + $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE); + $this->list->setDeleteable(true); + $this->list->setEditable(true); + $this->list->setColspecs(array('*')); + $this->list->setWidth("100%"); + $this->list->setHeight("400px"); + $this->list->setAcl("rwcdm"); + $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type"))); + } + + + // Add ACL entries to the listing + $lData = array(); + foreach($this->gosaAclEntry as $id => $entry){ + $lData[] = $this->convertForListing($entry); + } + $this->list->setListData($this->gosaAclEntry, $lData); } - $new_acl= array(); - $aclDialog= FALSE; - $firstedit= FALSE; - foreach($_POST as $name => $post){ - - /* Actions... */ - if (preg_match('/^acl_edit_.*_x/', $name)){ - $this->dialogState= 'create'; - $firstedit= TRUE; - $this->dialog= TRUE; - $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name); - $this->loadAclEntry(); - continue; - } - if (preg_match('/^acl_del_.*_x/', $name)){ - unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]); - continue; - } - - if (preg_match('/^cat_edit_.*_x/', $name)){ - $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name); - $this->dialogState= 'edit'; - foreach ($this->ocMapping[$this->aclObject] as $oc){ - if (isset($this->aclContents[$oc])){ - $this->savedAclContents[$oc]= $this->aclContents[$oc]; - } + + function convertForListing($entry) + { + $member = implode($entry['members'],", "); + if(isset($entry['acl']) && is_array($entry['acl'])){ + $acl = implode(array_keys($entry['acl']),", "); + }else{ + $acl=""; } - continue; - } - if (preg_match('/^cat_del_.*_x/', $name)){ - $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name); - foreach ($this->ocMapping[$idx] as $key){ - unset($this->aclContents["$idx/$key"]); + return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']]))); + } + + + + function execute() + { + /* Call parent execute */ + plugin::execute(); + + $tmp= session::global_get('plist'); + $plist= $tmp->info; + + /* Handle posts */ + if (isset($_POST['new_acl'])){ + $this->dialogState= 'create'; + $this->dialog= TRUE; + $this->currentIndex= count($this->gosaAclEntry); + $this->loadAclEntry(TRUE); + } + + $new_acl= array(); + $aclDialog= FALSE; + $firstedit= FALSE; + + // Get listing actions. Delete or Edit. + $this->list->save_object(); + $lAction = $this->list->getAction(); + $this->gosaAclEntry = array_values($this->list->getMaintainedData()); + + /* Act on HTML post and gets here. + */ + if($lAction['action'] == "edit"){ + $this->currentIndex = $this->list->getKey($lAction['targets'][0]); + $this->dialogState= 'create'; + $firstedit= TRUE; + $this->dialog= TRUE; + $this->loadAclEntry(); } - continue; - } - - /* Sorting... */ - if (preg_match('/^sortup_.*_x/', $name)){ - $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name); - if ($index > 0){ - $tmp= $this->gosaAclEntry[$index]; - $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1]; - $this->gosaAclEntry[$index-1]= $tmp; + + foreach($_POST as $name => $post){ + + $post =get_post($name); + + /* Actions... */ + if (preg_match('/^acl_edit_[0-9]*$/', $name)){ + $this->dialogState= 'create'; + $firstedit= TRUE; + $this->dialog= TRUE; + $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name); + $this->loadAclEntry(); + continue; + } + + if (preg_match('/^cat_edit_.*$/', $name)){ + $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name); + $this->dialogState= 'edit'; + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->aclContents[$oc])){ + $this->savedAclContents[$oc]= $this->aclContents[$oc]; + } + } + continue; + } + + /* Only handle posts, if we allowed to modify ACLs */ + if(!$this->acl_is_writeable("")){ + continue; + } + + if (preg_match('/^acl_del_[0-9]*$/', $name)){ + unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]); + continue; + } + + if (preg_match('/^cat_del_.*$/', $name)){ + $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name); + foreach ($this->ocMapping[$idx] as $key){ + if(isset($this->aclContents[$idx])) + unset($this->aclContents[$idx]); + if(isset($this->aclContents["$idx/$key"])) + unset($this->aclContents["$idx/$key"]); + } + continue; + } + + /* ACL saving... */ + if (preg_match('/^acl_.*_[^xy]$/', $name)){ + list($dummy, $object, $attribute, $value)= explode('_', $name); + + /* Skip for detection entry */ + if ($object == 'dummy') { + continue; + } + + /* Ordinary ACLs */ + if (!isset($new_acl[$object])){ + $new_acl[$object]= array(); + } + if (isset($new_acl[$object][$attribute])){ + $new_acl[$object][$attribute].= $value; + } else { + $new_acl[$object][$attribute]= $value; + } + } + + // Remember the selected ACL role. + if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){ + $this->aclContents = ""; + $this->aclContents = base64_decode(get_post('selected_role')); + }else{ + if(is_string($this->aclContents)) + $this->aclContents = array(); + } } - continue; - } - if (preg_match('/^sortdown_.*_x/', $name)){ - $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name); - if ($index < count($this->gosaAclEntry)-1){ - $tmp= $this->gosaAclEntry[$index]; - $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1]; - $this->gosaAclEntry[$index+1]= $tmp; + + if(isset($_POST['acl_dummy_0_0_0'])){ + $aclDialog= TRUE; } - continue; - } - /* ACL saving... */ - if (preg_match('/^acl_.*_[^xy]$/', $name)){ - $aclDialog= TRUE; - list($dummy, $object, $attribute, $value)= split('_', $name); + if($this->acl_is_writeable("")){ + + /* Only be interested in new acl's, if we're in the right _POST place */ + if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){ + + foreach ($this->ocMapping[$this->aclObject] as $oc){ + + if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){ + unset($this->aclContents[$oc]); + }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){ + unset($this->aclContents[$this->aclObject.'/'.$oc]); + }else{ +# trigger_error("Huhm?"); + } + if (isset($new_acl[$oc]) && is_array($new_acl)){ + $this->aclContents[$oc]= $new_acl[$oc]; + } + if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){ + $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc]; + } + } + } - /* Skip for detection entry */ - if ($object == 'dummy') { - continue; + /* Save new acl in case of base edit mode */ + if ($this->aclType == 'base' && !$firstedit){ + $this->aclContents= $new_acl; + } } - /* Ordinary ACLs */ - if (!isset($new_acl[$object])){ - $new_acl[$object]= array(); + /* Cancel new acl? */ + if (isset($_POST['cancel_new_acl'])){ + $this->dialogState= 'head'; + $this->dialog= FALSE; + if ($this->wasNewEntry){ + unset ($this->gosaAclEntry[$this->currentIndex]); + } } - if (isset($new_acl[$object][$attribute])){ - $new_acl[$object][$attribute].= $value; - } else { - $new_acl[$object][$attribute]= $value; + + /* Save common values */ + if($this->acl_is_writeable("")){ + foreach (array("aclType","aclFilter", "aclObject", "target") as $key){ + if (isset($_POST[$key])){ + $this->$key= get_post($key); + } + } } - } - if(isset($_POST['selected_role'])){ - $this->aclContents = ""; - $this->aclContents = base64_decode($_POST['selected_role']); - } - } - - /* Only be interested in new acl's, if we're in the right _POST place */ - if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){ - - foreach ($this->ocMapping[$this->aclObject] as $oc){ - unset($this->aclContents[$oc]); - unset($this->aclContents[$this->aclObject.'/'.$oc]); - if (isset($new_acl[$oc])){ - $this->aclContents[$oc]= $new_acl[$oc]; + /* Store ACL in main object? */ + if (isset($_POST['submit_new_acl'])){ + $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType; + $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients; + $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents; + $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter; + $this->dialogState= 'head'; + $this->dialog= FALSE; } - if (isset($new_acl[$this->aclObject.'/'.$oc])){ - $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc]; + + /* Cancel edit acl? */ + if (isset($_POST['cancel_edit_acl'])){ + $this->dialogState= 'create'; + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->savedAclContents[$oc])){ + $this->aclContents[$oc]= $this->savedAclContents[$oc]; + } + } } - } - } - /* Save new acl in case of base edit mode */ - if ($this->aclType == 'base' && !$firstedit){ - $this->aclContents= $new_acl; - } + /* Save edit acl? */ + if (isset($_POST['submit_edit_acl'])){ + $this->dialogState= 'create'; + } - /* Cancel new acl? */ - if (isset($_POST['cancel_new_acl'])){ - $this->dialogState= 'head'; - $this->dialog= FALSE; - if ($this->wasNewEntry){ - unset ($this->gosaAclEntry[$this->currentIndex]); - } - } + /* Add acl? */ + if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){ + $this->dialogState= 'edit'; + $this->savedAclContents= array(); + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->aclContents[$oc])){ + $this->savedAclContents[$oc]= $this->aclContents[$oc]; + } + } + } - /* Store ACL in main object? */ - if (isset($_POST['submit_new_acl'])){ - $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType; - $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients; - $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents; - $this->dialogState= 'head'; - $this->dialog= FALSE; - } + /* Add to list? */ + if (isset($_POST['add']) && isset($_POST['source'])){ + foreach ($_POST['source'] as $key){ + if ($this->target == 'user'){ + $this->recipients[$key]= $this->users[$key]; + } + if ($this->target == 'group'){ + $this->recipients[$key]= $this->groups[$key]; + } + } + ksort($this->recipients); + } - /* Cancel edit acl? */ - if (isset($_POST['cancel_edit_acl'])){ - $this->dialogState= 'create'; - foreach ($this->ocMapping[$this->aclObject] as $oc){ - if (isset($this->savedAclContents[$oc])){ - $this->aclContents[$oc]= $this->savedAclContents[$oc]; + /* Remove from list? */ + if (isset($_POST['del']) && isset($_POST['recipient'])){ + foreach ($_POST['recipient'] as $key){ + unset($this->recipients[$key]); + } } - } - } - /* Save edit acl? */ - if (isset($_POST['submit_edit_acl'])){ - $this->dialogState= 'create'; - } + /* Create templating instance */ + $smarty= get_smarty(); - /* Add acl? */ - if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){ - $this->dialogState= 'edit'; - $this->savedAclContents= array(); - foreach ($this->ocMapping[$this->aclObject] as $oc){ - if (isset($this->aclContents[$oc])){ - $this->savedAclContents[$oc]= $this->aclContents[$oc]; + $smarty->assign("acl_readable",$this->acl_is_readable("")); + if(!$this->acl_is_readable("")){ + return ($smarty->fetch (get_template_path('acl.tpl'))); } - } - } - /* Add to list? */ - if (isset($_POST['add']) && isset($_POST['source'])){ - foreach ($_POST['source'] as $key){ - if ($this->target == 'user'){ - $this->recipients[$key]= $this->users[$key]; + if ($this->dialogState == 'head'){ + $this->updateList(); + $smarty->assign("aclList", $this->list->render()); } - if ($this->target == 'group'){ - $this->recipients[$key]= $this->groups[$key]; + + if ($this->dialogState == 'create'){ + + + if($this->aclType != 'role'){ + + // Create a map of all used sections, this allows us to simply hide the remove button + // if no acl is configured for the given section + // e.g. ';all;department/country;users/user; + $usedList = ";".implode(array_keys($this->aclContents),';').";"; + + /* Add settings for all categories to the (permanent) list */ + $data = $lData = array(); + foreach ($this->aclObjects as $section => $dsc){ + $summary= ""; + foreach($this->ocMapping[$section] as $oc){ + if (isset($this->aclContents[$oc]) && + count($this->aclContents[$oc]) && + isset($this->aclContents[$oc][0]) && + $this->aclContents[$oc][0] != ""){ + + $summary.= "$oc, "; + continue; + } + if (isset($this->aclContents["$section/$oc"]) && + count($this->aclContents["$section/$oc"])){ + $summary.= "$oc, "; + continue; + } + if (isset($this->aclContents[$oc]) && + !isset($this->aclContents[$oc][0]) && + count($this->aclContents[$oc])){ + $summary.= "$oc, "; + } + } + + /* Set summary... */ + if ($summary == ""){ + $summary= ''._("No ACL settings for this category!").''; + } else { + $summary= trim($summary,", "); + $summary= " ".sprintf(_("ACLs for: %s"), $summary); + } + + $actions =""; + if($this->acl_is_readable("")){ + $actions.= image('images/lists/edit.png','cat_edit_'.$section, + msgPool::editButton(_("category ACL"))); + } + if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){ + $actions.= image('images/lists/trash.png','cat_del_'.$section, + msgPool::delButton(_("category ACL"))); + } + $data[] = $section; + $lData[] = array('data'=>array($dsc, $summary, $actions)); + } + $this->sectionList->setListData($data,$lData); + $this->sectionList->update(); + $smarty->assign("aclList", $this->sectionList->render()); + } + + $smarty->assign("aclType", set_post($this->aclType)); + $smarty->assign("aclFilter", set_post($this->aclFilter)); + $smarty->assign("aclTypes", set_post($this->aclTypes)); + $smarty->assign("target", set_post($this->target)); + $smarty->assign("targets", set_post($this->targets)); + + /* Assign possible target types */ + $smarty->assign("targets", $this->targets); + foreach ($this->attributes as $attr){ + $smarty->assign($attr, set_post($this->$attr)); + } + + + /* Generate list */ + $tmp= array(); + if ($this->target == "group" && !isset($this->recipients["G:*"])){ + $tmp["G:*"]= _("All users"); + } + foreach (array("user" => "users", "group" => "groups") as $field => $arr){ + if ($this->target == $field){ + foreach ($this->$arr as $key => $value){ + if (!isset($this->recipients[$key])){ + $tmp[$key]= $value; + } + } + } + } + $smarty->assign('sources', set_post($tmp)); + $smarty->assign('recipients', set_post($this->recipients)); + + /* Acl selector if scope is base */ + if ($this->aclType == 'base'){ + $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects)); + } + + /* Role selector if scope is base */ + if ($this->aclType == 'role'){ + $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles)); + } } - } - ksort($this->recipients); - } - /* Remove from list? */ - if (isset($_POST['del']) && isset($_POST['recipient'])){ - foreach ($_POST['recipient'] as $key){ - unset($this->recipients[$key]); - } - } + if ($this->dialogState == 'edit'){ + $smarty->assign('headline', sprintf(_("Edit ACL for '%s' with scope '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType])); - /* Save common values */ - foreach (array("aclType", "aclObject", "target") as $key){ - if (isset($_POST[$key])){ - $this->$key= validate($_POST[$key]); - } - } + /* Collect objects for selected category */ + foreach ($this->ocMapping[$this->aclObject] as $idx => $class){ + if ($idx == 0){ + continue; + } + $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription']; + } + + /* Role selector if scope is base */ + if ($this->aclType == 'role'){ + $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles)); + } else { + $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects)); + } + } + + /* Show main page */ + $smarty->assign("dialogState", $this->dialogState); - /* Create templating instance */ - $smarty= get_smarty(); - - if ($this->dialogState == 'head'){ - /* Draw list */ - $aclList= new divSelectBox("aclList"); - $aclList->SetHeight(450); - - /* Fill in entries */ - foreach ($this->gosaAclEntry as $key => $entry){ - $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'"); - $field2= array("string" => $this->assembleAclSummary($entry)); - $action= ""; - $action.= ""; - $action.= ""; - $action.= ""; - - $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'"); - $aclList->AddEntry(array($field1, $field2, $field3)); - } - - $smarty->assign("aclList", $aclList->DrawList()); + /* Assign acls */ + $smarty->assign("acl_createable",$this->acl_is_createable()); + $smarty->assign("acl_writeable" ,$this->acl_is_writeable("")); + $smarty->assign("acl_readable" ,$this->acl_is_readable("")); + $smarty->assign("acl_removeable",$this->acl_is_removeable()); + + return ($smarty->fetch (get_template_path('acl.tpl'))); } - if ($this->dialogState == 'create'){ - /* Draw list */ - $aclList= new divSelectBox("aclList"); - $aclList->SetHeight(150); - /* Add settings for all categories to the (permanent) list */ - foreach ($this->aclObjects as $section => $dsc){ - $summary= ""; - foreach($this->ocMapping[$section] as $oc){ - if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) && - $this->aclContents[$oc][0] != ""){ - - $summary.= "$oc, "; - continue; - } - if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){ - $summary.= "$oc, "; - continue; - } - if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){ - $summary.= "$oc, "; - } + function sort_by_priority($list) + { + $tmp= session::global_get('plist'); + $plist= $tmp->info; + asort($plist); + $newSort = array(); + + foreach($list as $name => $translation){ + $na = preg_replace("/^.*\//","",$name); + $prio = 0; + if(isset($plist[$na]['plPriority'])){ + $prio= $plist[$na]['plPriority'] ; + } + + $newSort[$name] = $prio; } - /* Set summary... */ - if ($summary == ""){ - $summary= ''._("No ACL settings for this category").''; - } else { - $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary)); + asort($newSort); + + $ret = array(); + foreach($newSort as $name => $prio){ + $ret[$name] = $list[$name]; } + return($ret); + } - $field1= array("string" => $dsc, "attach" => "style='width:100px'"); - $field2= array("string" => $summary); - $action= ""; - $action.= ""; - $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'"); - $aclList->AddEntry(array($field1, $field2, $field3)); - } - - $smarty->assign("aclList", $aclList->DrawList()); - $smarty->assign("aclType", $this->aclType); - $smarty->assign("aclTypes", $this->aclTypes); - $smarty->assign("target", $this->target); - $smarty->assign("targets", $this->targets); - - /* Assign possible target types */ - $smarty->assign("targets", $this->targets); - foreach ($this->attributes as $attr){ - $smarty->assign($attr, $this->$attr); - } - - - /* Generate list */ - $tmp= array(); - foreach (array("user" => "users", "group" => "groups") as $field => $arr){ - if ($this->target == $field){ - foreach ($this->$arr as $key => $value){ - if (!isset($this->recipients[$key])){ - $tmp[$key]= $value; + + function buildRoleSelector($list) + { + $selected = $this->aclContents; + if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){ + $selected = key($list); + } + + $data = $lData = array(); + foreach($list as $dn => $values){ + if($dn == $selected){ + $option = ""; + }else{ + $option = ""; } - } + $data[] = postEncode($dn); + $lData[] = array('data'=>array($option, $values['cn'], $values['description'])); } - } - $smarty->assign('sources', $tmp); - $smarty->assign('recipients', $this->recipients); - - /* Acl selector if scope is base */ - if ($this->aclType == 'base'){ - $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects)); - } - - /* Role selector if scope is base */ - if ($this->aclType == 'role'){ - $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects)); - $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles)); - } - } + $this->roleList->setListData($data,$lData); + $this->roleList->update(); + return($this->roleList->render()); + } - if ($this->dialogState == 'edit'){ - $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType])); - /* Collect objects for selected category */ - foreach ($this->ocMapping[$this->aclObject] as $idx => $class){ - if ($idx == 0){ - continue; + function buildAclSelector($list) + { + $display= ""; + $cols= 3; + $tmp= session::global_get('plist'); + $plist= $tmp->info; + asort($plist); + + /* Add select all/none buttons */ + $style = "style='width:100px;'"; + + if($this->acl_is_writeable("")){ + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + + $display .= "
"; + + $style = "style='width:50px;'"; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; } - $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription']; - } - if ($this->aclObject == 'all'){ - $aclObjects['all']= _("All objects in current subtree"); - } - - /* Role selector if scope is base */ - if ($this->aclType == 'role'){ - $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles)); - } else { - $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects)); - } - } - /* Show main page */ - $smarty->assign("dialogState", $this->dialogState); + /* Build general objects */ + $list =$this->sort_by_priority($list); + foreach ($list as $key => $name){ - return ($smarty->fetch (get_template_path('acl.tpl'))); - } + /* Create sub acl if it does not exist */ + if (!isset($this->aclContents[$key])){ + $this->aclContents[$key]= array(); + } + if(!isset($this->aclContents[$key][0])){ + $this->aclContents[$key][0]= ''; + } + $currentAcl= $this->aclContents[$key]; - function sort_by_priority($list) - { - $tmp= session::get('plist'); - $plist= $tmp->info; - asort($plist); - $newSort = array(); + /* Get the overall plugin acls + */ + $overall_acl =""; + if(isset($currentAcl[0])){ + $overall_acl = $currentAcl[0]; + } - foreach($list as $name => $translation){ - $na = preg_replace("/^.*\//","",$name); - $prio = 0; - if(isset($plist[$na]['plPriority'])){ - $prio= $plist[$na]['plPriority'] ; - } + // Detect configured plugins + $expand = count($currentAcl) > 1 || $currentAcl[0] != ""; - $newSort[$name] = $prio; - } + /* Object header */ + $tname= preg_replace("/[^a-z0-9]/i","_",$name); - asort($newSort); + if($expand){ + $back_color = "#C8C8FF"; + }else{ + $back_color = "#C8C8C8"; + } - $ret = array(); - foreach($newSort as $name => $prio){ - $ret[$name] = $list[$name]; - } - return($ret); - } + if(isset($_SERVER['HTTP_USER_AGENT']) && + (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || + (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { + $display.= "\n". + "\n ". + "\n ". + "\n ". + "\n "; + } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) { + $display.= "\n
"._("Object").": $name". + "\n
". + "\n ". + "\n ". + "\n ". + "\n "; + } else { + $display.= "\n
"._("Object").": $name". + "\n
". + "\n ". + "\n ". + "\n "; + } + /* Generate options */ + $spc= "  "; + $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc; + $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc; + $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc; + if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ + $options.= $this->mkchkbx($key."_0_s", _("Restrict changes to user's own object"), preg_match('/s/', $overall_acl)).$spc; + } - function buildRoleSelector($list) - { - $D_List =new divSelectBox("Acl_Roles"); - - $selected = $this->aclContents; - if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){ - $selected = key($list); - } + /* Global options */ + $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc; + $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl)); + + $display.= "\n ". + "\n ". + "\n ". + "\n "; + + /* Walk through the list of attributes */ + $cnt= 1; + $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls']; + if(session::global_get('js')) { + if(isset($_SERVER['HTTP_USER_AGENT']) && + (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { + $display.= "\n ". + "\n ". - "\n ". - "\n ". - "\n "; - - /* Walk through the list of attributes */ - $cnt= 1; - $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls']; - asort($splist); - if(session::get('js')) { - if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n ". - "\n
"._("Object").": $name
$options "._("Complete object").": $more_options
". + "\n
$options "._("Complete object").": $more_options
". - "\n