X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=5e4a03e3e1edbb37f685a87a3e734d8efc532e1f;hb=46e5854a4fc9e9ed72276149b64ee8399abdb7d9;hp=f8b36d20fd92b0ccae14adc32ac254db7c66688e;hpb=7692f34a23250aa815f368cc9cd17064cf0af141;p=gosa.git

diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc
index f8b36d20f..5e4a03e3e 100644
--- a/gosa-core/include/class_acl.inc
+++ b/gosa-core/include/class_acl.inc
@@ -39,6 +39,7 @@ class acl extends plugin
   var $target= "group";
   var $aclTypes= array();
   var $aclObjects= array();
+  var $aclFilter= "";
   var $aclMyObjects= array();
   var $users= array();
   var $roles= array();
@@ -91,11 +92,11 @@ class acl extends plugin
 
     /* Groups */
     $ldap->cd($config->current['BASE']);
-    if ($tag == ""){
+#    if ($tag == ""){
       $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
-    } else {
-      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
-    }
+#    } else {
+#      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
+#    }
     while ($attrs= $ldap->fetch()){
       $dsc= "";
       if (isset($attrs['description'][0])){
@@ -159,13 +160,14 @@ class acl extends plugin
 
           /* Non numeric index means -> base object containing more informations */
           if (preg_match('/^[0-9]+$/', $idx)){
+
             if (!isset($this->ocMapping[$data])){
               $this->ocMapping[$data]= array();
               $this->ocMapping[$data][]= '0';
             }
 
             if(isset($cats[$data])){
-              $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+              $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
             }
             $this->ocMapping[$data][]= $class;
           } else {
@@ -225,7 +227,7 @@ class acl extends plugin
   {
     /* Call parent execute */
     plugin::execute();
-  
+
     $tmp= session::get('plist');
     $plist= $tmp->info;
 
@@ -320,25 +322,33 @@ class acl extends plugin
         $this->aclContents = base64_decode($_POST['selected_role']);
       }
     }
-    
-    /* Only be interested in new acl's, if we're in the right _POST place */
-    if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
 
-      foreach ($this->ocMapping[$this->aclObject] as $oc){
-        unset($this->aclContents[$oc]);
-        unset($this->aclContents[$this->aclObject.'/'.$oc]);
-        if (isset($new_acl[$oc])){
-          $this->aclContents[$oc]= $new_acl[$oc];
-        }
-        if (isset($new_acl[$this->aclObject.'/'.$oc])){
-          $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+    if($this->acl_is_writeable("")){
+      
+      /* Only be interested in new acl's, if we're in the right _POST place */
+      if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
+
+        foreach ($this->ocMapping[$this->aclObject] as $oc){
+
+          if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
+            unset($this->aclContents[$oc]);
+            unset($this->aclContents[$this->aclObject.'/'.$oc]);
+          }else{
+#          trigger_error("Huhm?");
+          }
+          if (isset($new_acl[$oc]) && is_array($new_acl)){
+            $this->aclContents[$oc]= $new_acl[$oc];
+          }
+          if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
+            $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+          }
         }
       }
-    }
 
-    /* Save new acl in case of base edit mode */
-    if ($this->aclType == 'base' && !$firstedit){
-      $this->aclContents= $new_acl;
+      /* Save new acl in case of base edit mode */
+      if ($this->aclType == 'base' && !$firstedit){
+        $this->aclContents= $new_acl;
+      }
     }
 
     /* Cancel new acl? */
@@ -355,6 +365,7 @@ class acl extends plugin
       $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
       $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
       $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
+      $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
       $this->dialogState= 'head';
       $this->dialog= FALSE;
     }
@@ -406,9 +417,11 @@ class acl extends plugin
     }
 
     /* Save common values */
-    foreach (array("aclType", "aclObject", "target") as $key){
-      if (isset($_POST[$key])){
-        $this->$key= validate($_POST[$key]);
+    if($this->acl_is_writeable("")){
+      foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
+        if (isset($_POST[$key])){
+          $this->$key= validate($_POST[$key]);
+        }
       }
     }
 
@@ -422,12 +435,23 @@ class acl extends plugin
       
       /* Fill in entries */
       foreach ($this->gosaAclEntry as $key => $entry){
+        if(!$this->acl_is_readable("")) continue;
+
+        $action ="";      
+  
         $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
         $field2= array("string" => $this->assembleAclSummary($entry));
-        $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
-        $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
-        $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
-        $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+
+        if($this->acl_is_writeable("")){
+          $action.= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
+          $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/lists/sort-down.png'>";
+        }
+
+        $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
+
+        if($this->acl_is_removeable()){
+          $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+        }
 
         $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
         $aclList->AddEntry(array($field1, $field2, $field3));
@@ -469,7 +493,7 @@ class acl extends plugin
 
         $field1= array("string" => $dsc, "attach" => "style='width:100px'");
         $field2= array("string" => $summary);
-        $action= "<input class='center' type='image' src='images/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
+        $action= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
         $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
         $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
         $aclList->AddEntry(array($field1, $field2, $field3));
@@ -477,6 +501,7 @@ class acl extends plugin
 
       $smarty->assign("aclList", $aclList->DrawList());
       $smarty->assign("aclType", $this->aclType);
+      $smarty->assign("aclFilter", $this->aclFilter);
       $smarty->assign("aclTypes", $this->aclTypes);
       $smarty->assign("target", $this->target);
       $smarty->assign("targets", $this->targets);
@@ -538,6 +563,12 @@ class acl extends plugin
 
     /* Show main page */
     $smarty->assign("dialogState", $this->dialogState);
+   
+    /* Assign acls */ 
+    $smarty->assign("acl_createable",$this->acl_is_createable());
+    $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
+    $smarty->assign("acl_readable"  ,$this->acl_is_readable(""));
+    $smarty->assign("acl_removeable",$this->acl_is_removeable());
 
     return ($smarty->fetch (get_template_path('acl.tpl')));
   }
@@ -609,33 +640,35 @@ class acl extends plugin
     /* Add select all/none buttons */
     $style = "style='width:100px;'";
 
-    $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
-    $display .= "<input ".$style." type='button' name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
-    
-    $display .= "<input ".$style." type='button' name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
-    $display .= "<input ".$style." type='button' name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
-  
-    $display .= "<br>";
-  
-    $style = "style='width:50px;'";
-    $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
-    $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
-
-    $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
-    $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
-    $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+    if($this->acl_is_writeable("")){
+      $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
+      $display .= "<input ".$style." type='button' name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
+
+      $display .= "<input ".$style." type='button' name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
+      $display .= "<input ".$style." type='button' name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
+
+      $display .= "<br>";
+
+      $style = "style='width:50px;'";
+      $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
+      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
+
+      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
+      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
+      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+    }
 
     /* Build general objects */
     $list =$this->sort_by_priority($list);
@@ -686,20 +719,20 @@ class acl extends plugin
 
       /* Generate options */
       $spc= "&nbsp;&nbsp;";
-      if ($this->isContainer && $this->aclType != 'base'){
+#      if ($this->isContainer && $this->aclType != 'base'){
         $options= $this->mkchkbx($key."_0_c",  _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
         $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
         $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
         if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
           $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
         }
-      } else {
-        $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
-        $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
-        if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
-          $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
-        }
-      }
+ #     } else {
+ #       $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
+ #       $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
+ #       if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ #         $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
+ #       }
+ #     }
 
       /* Global options */
       $more_options= $this->mkchkbx($key."_0_r",  _("read"), preg_match('/r/', $overall_acl)).$spc;
@@ -783,8 +816,12 @@ class acl extends plugin
   function mkchkbx($name, $text, $state= FALSE)
   {
     $state= $state?"checked":"";
-    return "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
-           "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+    if($this->acl_is_writeable("")){
+      return "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
+        "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+    }else{
+      return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
+    }
   }
 
 
@@ -792,17 +829,33 @@ class acl extends plugin
   {
     $rstate= preg_match('/r/', $state)?'checked':'';
     $wstate= preg_match('/w/', $state)?'checked':'';
-    return ("\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
-            "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
-            "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
-            "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+      
+    if($this->acl_is_writeable("")){
+      return ("\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
+          "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
+          "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
+          "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+    }else{
+      return ("\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
+          "\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
+    }
   }
 
 
   static function explodeACL($acl)
   {
-    list($index, $type)= split(':', $acl);
+
+    $list= split(':', $acl);
+    if(count($list) == 5){
+      list($index, $type,$member,$permission,$filter)= $list;
+      $filter = base64_decode($filter);
+    }else{
+      $filter = "";
+      list($index, $type,$member,$permission)= $list;
+    }
+
     $a= array( $index => array("type" => $type,
+                               "filter"=> $filter,
                                "members" => acl::extractMembers($acl,$type == "role")));
    
     /* Handle different types */
@@ -877,7 +930,7 @@ class acl extends plugin
   static function extractACL($acl)
   {
     /* Rip acl off the string, seperate by ',' and place it in an array */
-    $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
+    $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
     $aa= split(',', $as);
     $a= array();
 
@@ -963,6 +1016,7 @@ class acl extends plugin
     /* New entry gets presets... */
     if ($new){
       $this->aclType= 'base';
+      $this->aclFilter= "";
       $this->recipients= array();
       $this->aclContents= array();
     } else {
@@ -970,6 +1024,7 @@ class acl extends plugin
       $this->aclType= $acl['type'];
       $this->recipients= $acl['members'];
       $this->aclContents= $acl['acl'];
+      $this->aclFilter= $acl['filter'];
     }
 
     $this->wasNewEntry= $new;
@@ -1001,6 +1056,7 @@ class acl extends plugin
   {
     /* Assemble ACL's */
     $tmp_acl= array();
+  
     foreach ($this->gosaAclEntry as $prio => $entry){
       $final= "";
       $members= "";
@@ -1044,6 +1100,12 @@ class acl extends plugin
         $final.= preg_replace('/,$/', '', $acl);
       }
 
+      /* Append additional filter options 
+       */
+      if(!empty($entry['filter'])){
+        $final .= ":".base64_encode($entry['filter']);
+      }
+
       $tmp_acl[]= $final;
     } 
 
@@ -1187,6 +1249,7 @@ class acl extends plugin
       $acl -> save();
     }
   }
+
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: