X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=3ed4929fabed7195408d9850417264093272ab18;hb=05b1b86cf7628a526d3e74dee3d7dfe836b92cf5;hp=19bde859ef949ad4d2c218dae64b68204cf9a6c0;hpb=cbf8515a7bc17bb977d497bf083f94036e46f550;p=gosa.git diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc index 19bde859e..3ed4929fa 100644 --- a/gosa-core/include/class_acl.inc +++ b/gosa-core/include/class_acl.inc @@ -20,6 +20,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/*! \brief ACL management plugin */ class acl extends plugin { /* Definitions */ @@ -330,7 +331,7 @@ class acl extends plugin /* ACL saving... */ if (preg_match('/^acl_.*_[^xy]$/', $name)){ - list($dummy, $object, $attribute, $value)= split('_', $name); + list($dummy, $object, $attribute, $value)= explode('_', $name); /* Skip for detection entry */ if ($object == 'dummy') { @@ -920,7 +921,7 @@ class acl extends plugin static function explodeACL($acl) { - $list= split(':', $acl); + $list= explode(':', $acl); if(count($list) == 5){ list($index, $type,$member,$permission,$filter)= $list; $filter = base64_decode($filter); @@ -972,7 +973,7 @@ class acl extends plugin if ($ms == $acl){ return $a; } - $ma= split(',', $ms); + $ma= explode(',', $ms); /* Decode dn's, fill with informations from LDAP */ $ldap= $config->get_ldap_link(); @@ -1006,14 +1007,14 @@ class acl extends plugin { /* Rip acl off the string, seperate by ',' and place it in an array */ $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl); - $aa= split(',', $as); + $aa= explode(',', $as); $a= array(); /* Dis-assemble single ACLs */ foreach($aa as $sacl){ /* Dis-assemble field ACLs */ - $ao= split('#', $sacl); + $ao= explode('#', $sacl); $gobject= ""; foreach($ao as $idx => $ssacl){ @@ -1032,7 +1033,7 @@ class acl extends plugin } else { /* All other entries get appended... */ - list($field, $facl)= split(';', $ssacl); + list($field, $facl)= explode(';', $ssacl); $a[$gobject][$field]= $facl; } @@ -1270,37 +1271,56 @@ class acl extends plugin /* Remove acls defined for $src */ function remove_acl() { - $this->remove_acl_for_dn($this->dn); + acl::remove_acl_for($this->dn); } /* Remove acls defined for $src */ - function remove_acl_for_dn($src = "") - { - if($src == ""){ - $src = $this->dn; - } - $ldap = $this->config->get_ldap_link(); - $ldap->cd($this->config->current['BASE']); - $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn")); - while($attrs = $ldap->fetch()){ - $acl = new acl($this->config,$this->parent,$attrs['dn']); - foreach($acl->gosaAclEntry as $id => $entry){ - foreach($entry['members'] as $m_id => $member){ - if($m_id == "U:".$src){ - unset($acl->gosaAclEntry[$id]['members'][$m_id]); - gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn'])); - } - if($m_id == "G:".$src){ - unset($acl->gosaAclEntry[$id]['members'][$m_id]); - gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn'])); - } - } + static function remove_acl_for($dn) + { + global $config; + + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn")); + $new_entries= array(); + while($attrs = $ldap->fetch()){ + if (!isset($attrs['gosaAclEntry'])) { + continue; + } + unset($attrs['gosaAclEntry']['count']); + + // Remove entry directly + foreach($attrs['gosaAclEntry'] as $id => $entry){ + $parts= explode(':',$entry); + $members= explode(',',$parts[2]); + $new_members= array(); + foreach($members as $member) { + if (base64_decode($member) != $dn) { + $new_members[]= $member; + } else { + gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn'])); + } + } + + /* We can completely remove the entry if there are no members anymore */ + if (count($new_members)) { + $parts[2]= implode(",", $new_members); + $new_entries[]= implode(":", $parts); + } + } + + // There should be a modification, so write it back + $ldap->cd($attrs['dn']); + $new_attrs= array("gosaAclEntry" => $new_entries); + $ldap->modify($new_attrs); + if (!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG); } - $acl -> save(); } } + function update_acl_membership($src,$dst) { $ldap = $this->config->get_ldap_link();