X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=5e4a03e3e1edbb37f685a87a3e734d8efc532e1f;hb=46e5854a4fc9e9ed72276149b64ee8399abdb7d9;hp=f4f58977b195928c452878c7cce999dc5a0a21a0;hpb=6a9f0a5811944230a4d0f6a57563e16c7951d5c7;p=gosa.git

diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc
index f4f58977b..5e4a03e3e 100644
--- a/gosa-core/include/class_acl.inc
+++ b/gosa-core/include/class_acl.inc
@@ -1,10 +1,30 @@
 <?php
+/*
+ * This code is part of GOsa (http://www.gosa-project.org)
+ * Copyright (C) 2003-2008 GONICUS GmbH
+ *
+ * ID: $$Id$$
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
 
 class acl extends plugin
 {
   /* Definitions */
   var $plHeadline= "Access control";
-  var $plDescription= "This does something";
+  var $plDescription= "Manage access control lists";
 
   /* attribute list for save action */
   var $attributes= array('gosaAclEntry');
@@ -19,6 +39,7 @@ class acl extends plugin
   var $target= "group";
   var $aclTypes= array();
   var $aclObjects= array();
+  var $aclFilter= "";
   var $aclMyObjects= array();
   var $users= array();
   var $roles= array();
@@ -71,11 +92,11 @@ class acl extends plugin
 
     /* Groups */
     $ldap->cd($config->current['BASE']);
-    if ($tag == ""){
+#    if ($tag == ""){
       $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
-    } else {
-      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
-    }
+#    } else {
+#      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
+#    }
     while ($attrs= $ldap->fetch()){
       $dsc= "";
       if (isset($attrs['description'][0])){
@@ -87,11 +108,11 @@ class acl extends plugin
 
     /* Roles */
     $ldap->cd($config->current['BASE']);
-    if ($tag == ""){
+#    if ($tag == ""){
       $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
-    } else {
-      $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
-    }
+#    } else {
+#     $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
+#    }
     while ($attrs= $ldap->fetch()){
       $dsc= "";
       if (isset($attrs['description'][0])){
@@ -139,13 +160,14 @@ class acl extends plugin
 
           /* Non numeric index means -> base object containing more informations */
           if (preg_match('/^[0-9]+$/', $idx)){
+
             if (!isset($this->ocMapping[$data])){
               $this->ocMapping[$data]= array();
               $this->ocMapping[$data][]= '0';
             }
 
             if(isset($cats[$data])){
-              $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+              $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
             }
             $this->ocMapping[$data][]= $class;
           } else {
@@ -205,7 +227,7 @@ class acl extends plugin
   {
     /* Call parent execute */
     plugin::execute();
-  
+
     $tmp= session::get('plist');
     $plist= $tmp->info;
 
@@ -300,25 +322,33 @@ class acl extends plugin
         $this->aclContents = base64_decode($_POST['selected_role']);
       }
     }
-    
-    /* Only be interested in new acl's, if we're in the right _POST place */
-    if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
 
-      foreach ($this->ocMapping[$this->aclObject] as $oc){
-        unset($this->aclContents[$oc]);
-        unset($this->aclContents[$this->aclObject.'/'.$oc]);
-        if (isset($new_acl[$oc])){
-          $this->aclContents[$oc]= $new_acl[$oc];
-        }
-        if (isset($new_acl[$this->aclObject.'/'.$oc])){
-          $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+    if($this->acl_is_writeable("")){
+      
+      /* Only be interested in new acl's, if we're in the right _POST place */
+      if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
+
+        foreach ($this->ocMapping[$this->aclObject] as $oc){
+
+          if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
+            unset($this->aclContents[$oc]);
+            unset($this->aclContents[$this->aclObject.'/'.$oc]);
+          }else{
+#          trigger_error("Huhm?");
+          }
+          if (isset($new_acl[$oc]) && is_array($new_acl)){
+            $this->aclContents[$oc]= $new_acl[$oc];
+          }
+          if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
+            $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+          }
         }
       }
-    }
 
-    /* Save new acl in case of base edit mode */
-    if ($this->aclType == 'base' && !$firstedit){
-      $this->aclContents= $new_acl;
+      /* Save new acl in case of base edit mode */
+      if ($this->aclType == 'base' && !$firstedit){
+        $this->aclContents= $new_acl;
+      }
     }
 
     /* Cancel new acl? */
@@ -335,6 +365,7 @@ class acl extends plugin
       $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
       $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
       $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
+      $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
       $this->dialogState= 'head';
       $this->dialog= FALSE;
     }
@@ -386,9 +417,11 @@ class acl extends plugin
     }
 
     /* Save common values */
-    foreach (array("aclType", "aclObject", "target") as $key){
-      if (isset($_POST[$key])){
-        $this->$key= validate($_POST[$key]);
+    if($this->acl_is_writeable("")){
+      foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
+        if (isset($_POST[$key])){
+          $this->$key= validate($_POST[$key]);
+        }
       }
     }
 
@@ -402,12 +435,23 @@ class acl extends plugin
       
       /* Fill in entries */
       foreach ($this->gosaAclEntry as $key => $entry){
+        if(!$this->acl_is_readable("")) continue;
+
+        $action ="";      
+  
         $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
         $field2= array("string" => $this->assembleAclSummary($entry));
-        $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
-        $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
-        $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
-        $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
+
+        if($this->acl_is_writeable("")){
+          $action.= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
+          $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/lists/sort-down.png'>";
+        }
+
+        $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
+
+        if($this->acl_is_removeable()){
+          $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+        }
 
         $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
         $aclList->AddEntry(array($field1, $field2, $field3));
@@ -431,9 +475,7 @@ class acl extends plugin
             $summary.= "$oc, ";
             continue;
           }
-          if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
-              $this->aclContents["$section/$oc"][0] != ""){
-
+          if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){
             $summary.= "$oc, ";
             continue;
           }
@@ -444,21 +486,22 @@ class acl extends plugin
 
         /* Set summary... */
         if ($summary == ""){
-          $summary= '<i>'._("No ACL settings for this category").'</i>';
+          $summary= '<i>'._("No ACL settings for this category!").'</i>';
         } else {
           $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
         }
 
         $field1= array("string" => $dsc, "attach" => "style='width:100px'");
         $field2= array("string" => $summary);
-        $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
-        $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
+        $action= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
+        $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
         $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
         $aclList->AddEntry(array($field1, $field2, $field3));
       }
 
       $smarty->assign("aclList", $aclList->DrawList());
       $smarty->assign("aclType", $this->aclType);
+      $smarty->assign("aclFilter", $this->aclFilter);
       $smarty->assign("aclTypes", $this->aclTypes);
       $smarty->assign("target", $this->target);
       $smarty->assign("targets", $this->targets);
@@ -497,7 +540,7 @@ class acl extends plugin
     }
 
     if ($this->dialogState == 'edit'){
-      $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
+      $smarty->assign('headline', sprintf(_("Edit ACL for '%s' - scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
 
       /* Collect objects for selected category */
       foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
@@ -520,6 +563,12 @@ class acl extends plugin
 
     /* Show main page */
     $smarty->assign("dialogState", $this->dialogState);
+   
+    /* Assign acls */ 
+    $smarty->assign("acl_createable",$this->acl_is_createable());
+    $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
+    $smarty->assign("acl_readable"  ,$this->acl_is_readable(""));
+    $smarty->assign("acl_removeable",$this->acl_is_removeable());
 
     return ($smarty->fetch (get_template_path('acl.tpl')));
   }
@@ -591,33 +640,35 @@ class acl extends plugin
     /* Add select all/none buttons */
     $style = "style='width:100px;'";
 
-    $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
-    $display .= "<input ".$style." type='button' name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
-    
-    $display .= "<input ".$style." type='button' name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
-  
-    $display .= "<br>";
-  
-    $style = "style='width:50px;'";
-    $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
-    $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
-
-    $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+    if($this->acl_is_writeable("")){
+      $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
+      $display .= "<input ".$style." type='button' name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
+
+      $display .= "<input ".$style." type='button' name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
+
+      $display .= "<br>";
+
+      $style = "style='width:50px;'";
+      $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
+      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
+
+      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+    }
 
     /* Build general objects */
     $list =$this->sort_by_priority($list);
@@ -630,6 +681,13 @@ class acl extends plugin
       }
       $currentAcl= $this->aclContents[$key];
 
+      /* Get the overall plugin acls 
+       */
+      $overall_acl ="";
+      if(isset($currentAcl[0])){
+        $overall_acl = $currentAcl[0];
+      }
+
       /* Object header */
       if(session::get('js')) {
         if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
@@ -637,14 +695,14 @@ class acl extends plugin
                      "\n  <tr>".
                      "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
                      "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
+                     "\n    <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
                      "\n  </tr>";
         } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
           $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
                      "\n  <tr>".
                      "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
                      "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
+                     "\n    <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
                      "\n  </tr>";
         } else {
           $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
@@ -661,24 +719,24 @@ class acl extends plugin
 
       /* Generate options */
       $spc= "&nbsp;&nbsp;";
-      if ($this->isContainer && $this->aclType != 'base'){
-        $options= $this->mkchkbx($key."_0_c",  _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
-        $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
-        $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
+#      if ($this->isContainer && $this->aclType != 'base'){
+        $options= $this->mkchkbx($key."_0_c",  _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
+        $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
+        $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
         if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
-          $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
+          $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
         }
-      } else {
-        $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
-        $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
-        if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
-          $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
-        }
-      }
+ #     } else {
+ #       $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
+ #       $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
+ #       if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ #         $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
+ #       }
+ #     }
 
       /* Global options */
-      $more_options= $this->mkchkbx($key."_0_r",  _("read"), preg_match('/r/', $currentAcl[0])).$spc;
-      $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $currentAcl[0]));
+      $more_options= $this->mkchkbx($key."_0_r",  _("read"), preg_match('/r/', $overall_acl)).$spc;
+      $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
 
       $display.= "\n  <tr>".
                  "\n    <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
@@ -758,8 +816,12 @@ class acl extends plugin
   function mkchkbx($name, $text, $state= FALSE)
   {
     $state= $state?"checked":"";
-    return "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
-           "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+    if($this->acl_is_writeable("")){
+      return "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
+        "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+    }else{
+      return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
+    }
   }
 
 
@@ -767,17 +829,33 @@ class acl extends plugin
   {
     $rstate= preg_match('/r/', $state)?'checked':'';
     $wstate= preg_match('/w/', $state)?'checked':'';
-    return ("\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
-            "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
-            "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
-            "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+      
+    if($this->acl_is_writeable("")){
+      return ("\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
+          "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
+          "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
+          "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+    }else{
+      return ("\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
+          "\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
+    }
   }
 
 
   static function explodeACL($acl)
   {
-    list($index, $type)= split(':', $acl);
+
+    $list= split(':', $acl);
+    if(count($list) == 5){
+      list($index, $type,$member,$permission,$filter)= $list;
+      $filter = base64_decode($filter);
+    }else{
+      $filter = "";
+      list($index, $type,$member,$permission)= $list;
+    }
+
     $a= array( $index => array("type" => $type,
+                               "filter"=> $filter,
                                "members" => acl::extractMembers($acl,$type == "role")));
    
     /* Handle different types */
@@ -798,7 +876,7 @@ class acl extends plugin
         break;
       
       default:
-        msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type), ERROR_DIALOG);
+        msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
         $a= array();
     }
     return ($a);
@@ -852,7 +930,7 @@ class acl extends plugin
   static function extractACL($acl)
   {
     /* Rip acl off the string, seperate by ',' and place it in an array */
-    $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
+    $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
     $aa= split(',', $as);
     $a= array();
 
@@ -903,7 +981,7 @@ class acl extends plugin
         if(isset($this->roles[$entry['acl']])){  
           $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
         }else{
-          $summary.= sprintf(_("Role: %s"), "<i>"._("Unknown role, possibly removed")."</i>");
+          $summary.= sprintf(_("Role: %s"), "<i>"._("unknown role")."</i>");
         }
       }else{
         foreach ($entry['acl'] as $name => $object){
@@ -920,13 +998,13 @@ class acl extends plugin
       $summary.= ", ";
     }
     if (count($entry['members'])){
-      $summary.= _("Members:")." ";
+      $summary.= _("Members").": ";
       foreach ($entry['members'] as $cn){
         $cn= preg_replace('/ \[.*$/', '', $cn);
         $summary.= $cn.", ";
       }
     } else {
-      $summary.= _("ACL is valid for all users");
+      $summary.= _("ACL takes effect for all users");
     }
 
     return (preg_replace('/, $/', '', $summary));
@@ -938,6 +1016,7 @@ class acl extends plugin
     /* New entry gets presets... */
     if ($new){
       $this->aclType= 'base';
+      $this->aclFilter= "";
       $this->recipients= array();
       $this->aclContents= array();
     } else {
@@ -945,6 +1024,7 @@ class acl extends plugin
       $this->aclType= $acl['type'];
       $this->recipients= $acl['members'];
       $this->aclContents= $acl['acl'];
+      $this->aclFilter= $acl['filter'];
     }
 
     $this->wasNewEntry= $new;
@@ -976,6 +1056,7 @@ class acl extends plugin
   {
     /* Assemble ACL's */
     $tmp_acl= array();
+  
     foreach ($this->gosaAclEntry as $prio => $entry){
       $final= "";
       $members= "";
@@ -1019,6 +1100,12 @@ class acl extends plugin
         $final.= preg_replace('/,$/', '', $acl);
       }
 
+      /* Append additional filter options 
+       */
+      if(!empty($entry['filter'])){
+        $final .= ":".base64_encode($entry['filter']);
+      }
+
       $tmp_acl[]= $final;
     } 
 
@@ -1053,7 +1140,9 @@ class acl extends plugin
       new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
     }
 
-    show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
+    if (!$ldap->success()){
+      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
+    }
 
     /* Refresh users ACLs */
     $ui= get_userinfo();
@@ -1160,6 +1249,7 @@ class acl extends plugin
       $acl -> save();
     }
   }
+
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: