X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=9302fbeb316651713be2a29278356909163f5a86;hb=2c35405295520149cdfb7a21cc9d7e73b4fb7442;hp=faeac26983282bd7c980f961ce8ed8cc7e0deed6;hpb=d72758e6357755e532597beb3902bf9c0b5c49c0;p=gosa.git diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc index faeac2698..9302fbeb3 100644 --- a/gosa-core/include/class_acl.inc +++ b/gosa-core/include/class_acl.inc @@ -20,6 +20,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/*! \brief ACL management plugin */ class acl extends plugin { /* Definitions */ @@ -51,6 +52,11 @@ class acl extends plugin var $ocMapping= array(); var $savedAclContents= array(); var $myAclObjects = array(); + var $acl_category = "acl/"; + + var $list =NULL; + + var $sectionList = NULL; function acl (&$config, $parent, $dn= NULL) { @@ -86,17 +92,28 @@ class acl extends plugin $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn')); } while ($attrs= $ldap->fetch()){ - $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']'; + + // Allow objects without cn to be listed without causing an error. + if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['uid'][0]; + }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['cn'][0]; + }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['dn']; + }else{ + $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']'; + } + } ksort($this->users); /* Groups */ $ldap->cd($config->current['BASE']); - if ($tag == ""){ +# if ($tag == ""){ $ldap->search('(objectClass=posixGroup)', array('cn', 'description')); - } else { - $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description')); - } +# } else { +# $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description')); +# } while ($attrs= $ldap->fetch()){ $dsc= ""; if (isset($attrs['description'][0])){ @@ -104,6 +121,7 @@ class acl extends plugin } $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']'; } + $this->groups['G:*']= _("All users"); ksort($this->groups); /* Roles */ @@ -131,7 +149,7 @@ class acl extends plugin } /* Objects */ - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; $cats = array(); if (isset($this->parent) && $this->parent !== NULL){ @@ -139,7 +157,8 @@ class acl extends plugin foreach ($this->parent->by_object as $key => $obj){ $oc= array_merge($oc, $obj->objectclasses); if(isset($obj->acl_category)){ - $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category); + $tmp= str_replace("/","",$obj->acl_category); + $cats[$tmp] = $tmp; } } if (in_array_ics('organizationalUnit', $oc)){ @@ -160,13 +179,14 @@ class acl extends plugin /* Non numeric index means -> base object containing more informations */ if (preg_match('/^[0-9]+$/', $idx)){ + if (!isset($this->ocMapping[$data])){ $this->ocMapping[$data]= array(); $this->ocMapping[$data][]= '0'; } if(isset($cats[$data])){ - $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; + $this->myAclObjects[$data.'/'.$class]= $acls['plDescription']; } $this->ocMapping[$data][]= $class; } else { @@ -219,15 +239,61 @@ class acl extends plugin /* Finally - we want to get saved... */ $this->is_account= TRUE; + + $this->updateList(); + + // Prepare lists + $this->sectionList = new sortableListing(); + $this->sectionList->setDeleteable(false); + $this->sectionList->setEditable(false); + $this->sectionList->setWidth("100%"); + $this->sectionList->setHeight("120px"); + $this->sectionList->setColspecs(array('200px','*')); + $this->sectionList->setHeader(array(_("Section"),_("Description"))); + $this->sectionList->setDefaultSortColumn(1); + $this->sectionList->setAcl('rwcdm'); // All ACLs, we filter on our own here. + } + + + function updateList() + { + if(!$this->list){ + $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE); + $this->list->setDeleteable(true); + $this->list->setEditable(true); + $this->list->setColspecs(array('*')); + $this->list->setWidth("100%"); + $this->list->setHeight("400px"); + $this->list->setAcl("rwcdm"); + $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type"))); + } + + + // Add ACL entries to the listing + $lData = array(); + foreach($this->gosaAclEntry as $id => $entry){ + $lData[] = $this->convertForListing($entry); + } + $this->list->setListData($this->gosaAclEntry, $lData); + } + + + function convertForListing($entry) + { + $member = implode($entry['members'],", "); + $acl = implode(array_keys($entry['acl']),", "); + $type = implode(array_keys($entry['acl']),", "); + return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']]))); } + function execute() { /* Call parent execute */ plugin::execute(); - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; /* Handle posts */ @@ -241,24 +307,36 @@ class acl extends plugin $new_acl= array(); $aclDialog= FALSE; $firstedit= FALSE; + + // Get listing actions. Delete or Edit. + $this->list->save_object(); + $lAction = $this->list->getAction(); + $this->gosaAclEntry = $this->list->getMaintainedData(); + + /* Act on HTML post and gets here. + */ + if($lAction['action'] == "edit"){ + $this->currentIndex = $this->list->getKey($lAction['targets'][0]); + $this->dialogState= 'create'; + $firstedit= TRUE; + $this->dialog= TRUE; + $this->loadAclEntry(); + } + foreach($_POST as $name => $post){ /* Actions... */ - if (preg_match('/^acl_edit_.*_x/', $name)){ + if (preg_match('/^acl_edit_[0-9]*$/', $name)){ $this->dialogState= 'create'; $firstedit= TRUE; $this->dialog= TRUE; - $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name); + $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name); $this->loadAclEntry(); continue; } - if (preg_match('/^acl_del_.*_x/', $name)){ - unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]); - continue; - } - if (preg_match('/^cat_edit_.*_x/', $name)){ - $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name); + if (preg_match('/^cat_edit_.*$/', $name)){ + $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name); $this->dialogState= 'edit'; foreach ($this->ocMapping[$this->aclObject] as $oc){ if (isset($this->aclContents[$oc])){ @@ -267,38 +345,31 @@ class acl extends plugin } continue; } - if (preg_match('/^cat_del_.*_x/', $name)){ - $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name); - foreach ($this->ocMapping[$idx] as $key){ - unset($this->aclContents["$idx/$key"]); - } + + /* Only handle posts, if we allowed to modify ACLs */ + if(!$this->acl_is_writeable("")){ continue; } - /* Sorting... */ - if (preg_match('/^sortup_.*_x/', $name)){ - $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name); - if ($index > 0){ - $tmp= $this->gosaAclEntry[$index]; - $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1]; - $this->gosaAclEntry[$index-1]= $tmp; - } + if (preg_match('/^acl_del_[0-9]*$/', $name)){ + unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]); continue; } - if (preg_match('/^sortdown_.*_x/', $name)){ - $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name); - if ($index < count($this->gosaAclEntry)-1){ - $tmp= $this->gosaAclEntry[$index]; - $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1]; - $this->gosaAclEntry[$index+1]= $tmp; + + if (preg_match('/^cat_del_.*$/', $name)){ + $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name); + foreach ($this->ocMapping[$idx] as $key){ + if(isset($this->aclContents[$idx])) + unset($this->aclContents[$idx]); + if(isset($this->aclContents["$idx/$key"])) + unset($this->aclContents["$idx/$key"]); } continue; } /* ACL saving... */ if (preg_match('/^acl_.*_[^xy]$/', $name)){ - $aclDialog= TRUE; - list($dummy, $object, $attribute, $value)= split('_', $name); + list($dummy, $object, $attribute, $value)= explode('_', $name); /* Skip for detection entry */ if ($object == 'dummy') { @@ -316,30 +387,44 @@ class acl extends plugin } } - if(isset($_POST['selected_role'])){ + // Remember the selected ACL role. + if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){ $this->aclContents = ""; $this->aclContents = base64_decode($_POST['selected_role']); } } - - /* Only be interested in new acl's, if we're in the right _POST place */ - if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){ - foreach ($this->ocMapping[$this->aclObject] as $oc){ - unset($this->aclContents[$oc]); - unset($this->aclContents[$this->aclObject.'/'.$oc]); - if (isset($new_acl[$oc])){ - $this->aclContents[$oc]= $new_acl[$oc]; - } - if (isset($new_acl[$this->aclObject.'/'.$oc])){ - $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc]; + if(isset($_POST['acl_dummy_0_0_0'])){ + $aclDialog= TRUE; + } + + if($this->acl_is_writeable("")){ + + /* Only be interested in new acl's, if we're in the right _POST place */ + if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){ + + foreach ($this->ocMapping[$this->aclObject] as $oc){ + + if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){ + unset($this->aclContents[$oc]); + }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){ + unset($this->aclContents[$this->aclObject.'/'.$oc]); + }else{ +# trigger_error("Huhm?"); + } + if (isset($new_acl[$oc]) && is_array($new_acl)){ + $this->aclContents[$oc]= $new_acl[$oc]; + } + if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){ + $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc]; + } } } - } - /* Save new acl in case of base edit mode */ - if ($this->aclType == 'base' && !$firstedit){ - $this->aclContents= $new_acl; + /* Save new acl in case of base edit mode */ + if ($this->aclType == 'base' && !$firstedit){ + $this->aclContents= $new_acl; + } } /* Cancel new acl? */ @@ -351,6 +436,15 @@ class acl extends plugin } } + /* Save common values */ + if($this->acl_is_writeable("")){ + foreach (array("aclType","aclFilter", "aclObject", "target") as $key){ + if (isset($_POST[$key])){ + $this->$key= validate($_POST[$key]); + } + } + } + /* Store ACL in main object? */ if (isset($_POST['submit_new_acl'])){ $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType; @@ -407,77 +501,75 @@ class acl extends plugin } } - /* Save common values */ - foreach (array("aclType","aclFilter", "aclObject", "target") as $key){ - if (isset($_POST[$key])){ - $this->$key= validate($_POST[$key]); - } - } - /* Create templating instance */ $smarty= get_smarty(); + $smarty->assign("usePrototype", "true"); + $smarty->assign("acl_readable",$this->acl_is_readable("")); + if(!$this->acl_is_readable("")){ + return ($smarty->fetch (get_template_path('acl.tpl'))); + } if ($this->dialogState == 'head'){ - /* Draw list */ - $aclList= new divSelectBox("aclList"); - $aclList->SetHeight(450); - - /* Fill in entries */ - foreach ($this->gosaAclEntry as $key => $entry){ - $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'"); - $field2= array("string" => $this->assembleAclSummary($entry)); - $action= ""; - $action.= ""; - $action.= ""; - $action.= ""; - - $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'"); - $aclList->AddEntry(array($field1, $field2, $field3)); - } - - $smarty->assign("aclList", $aclList->DrawList()); + $this->updateList(); + $smarty->assign("aclList", $this->list->render()); } if ($this->dialogState == 'create'){ - /* Draw list */ - $aclList= new divSelectBox("aclList"); - $aclList->SetHeight(150); - - /* Add settings for all categories to the (permanent) list */ - foreach ($this->aclObjects as $section => $dsc){ - $summary= ""; - foreach($this->ocMapping[$section] as $oc){ - if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) && - $this->aclContents[$oc][0] != ""){ - - $summary.= "$oc, "; - continue; - } - if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"])){ - $summary.= "$oc, "; - continue; - } - if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){ - $summary.= "$oc, "; - } - } - /* Set summary... */ - if ($summary == ""){ - $summary= ''._("No ACL settings for this category!").''; - } else { - $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary)); - } + // Create a map of all used sections, this allows us to simply hide the remove button + // if no acl is configured for the given section + // e.g. ';all;department/country;users/user; + $usedList = ";".implode(array_keys($this->aclContents),';').";"; + + /* Add settings for all categories to the (permanent) list */ + $data = $lData = array(); + foreach ($this->aclObjects as $section => $dsc){ + $summary= ""; + foreach($this->ocMapping[$section] as $oc){ + if (isset($this->aclContents[$oc]) && + count($this->aclContents[$oc]) && + isset($this->aclContents[$oc][0]) && + $this->aclContents[$oc][0] != ""){ + + $summary.= "$oc, "; + continue; + } + if (isset($this->aclContents["$section/$oc"]) && + count($this->aclContents["$section/$oc"])){ + $summary.= "$oc, "; + continue; + } + if (isset($this->aclContents[$oc]) && + !isset($this->aclContents[$oc][0]) && + count($this->aclContents[$oc])){ + $summary.= "$oc, "; + } + } - $field1= array("string" => $dsc, "attach" => "style='width:100px'"); - $field2= array("string" => $summary); - $action= ""; - $action.= ""; - $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'"); - $aclList->AddEntry(array($field1, $field2, $field3)); - } + /* Set summary... */ + if ($summary == ""){ + $summary= ''._("No ACL settings for this category!").''; + } else { + $summary= trim($summary,", "); + $summary= " ".sprintf(_("Contains ACLs for these objects: %s"), $summary); + } - $smarty->assign("aclList", $aclList->DrawList()); + $actions =""; + if($this->acl_is_readable("")){ + $actions.= image('images/lists/edit.png','cat_edit_'.$section, + msgPool::editButton(_("category ACL"))); + } + if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){ + $actions.= image('images/lists/trash.png','cat_del_'.$section, + msgPool::delButton(_("category ACL"))); + } + $data[] = $section; + $lData[] = array('data'=>array($dsc, $summary, $actions)); + } + $this->sectionList->setListData($data,$lData); + $this->sectionList->update(); + $smarty->assign("aclList", $this->sectionList->render()); + $smarty->assign("aclType", $this->aclType); $smarty->assign("aclFilter", $this->aclFilter); $smarty->assign("aclTypes", $this->aclTypes); @@ -493,6 +585,9 @@ class acl extends plugin /* Generate list */ $tmp= array(); + if ($this->target == "group" && !isset($this->recipients["G:*"])){ + $tmp["G:*"]= _("All users"); + } foreach (array("user" => "users", "group" => "groups") as $field => $arr){ if ($this->target == $field){ foreach ($this->$arr as $key => $value){ @@ -541,6 +636,12 @@ class acl extends plugin /* Show main page */ $smarty->assign("dialogState", $this->dialogState); + + /* Assign acls */ + $smarty->assign("acl_createable",$this->acl_is_createable()); + $smarty->assign("acl_writeable" ,$this->acl_is_writeable("")); + $smarty->assign("acl_readable" ,$this->acl_is_readable("")); + $smarty->assign("acl_removeable",$this->acl_is_removeable()); return ($smarty->fetch (get_template_path('acl.tpl'))); } @@ -548,7 +649,7 @@ class acl extends plugin function sort_by_priority($list) { - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; asort($plist); $newSort = array(); @@ -605,40 +706,42 @@ class acl extends plugin { $display= ""; $cols= 3; - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; asort($plist); /* Add select all/none buttons */ $style = "style='width:100px;'"; - $display .= ""; - $display .= ""; - $display .= " - "; - $display .= ""; - $display .= " - "; - - $display .= ""; - $display .= ""; - - $display .= "
"; - - $style = "style='width:50px;'"; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= " - "; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= " - "; - - $display .= ""; - $display .= ""; - $display .= ""; - $display .= ""; + if($this->acl_is_writeable("")){ + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + + $display .= "
"; + + $style = "style='width:50px;'"; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + } /* Build general objects */ $list =$this->sort_by_priority($list); @@ -647,8 +750,11 @@ class acl extends plugin /* Create sub acl if it does not exist */ if (!isset($this->aclContents[$key])){ $this->aclContents[$key]= array(); + } + if(!isset($this->aclContents[$key][0])){ $this->aclContents[$key][0]= ''; } + $currentAcl= $this->aclContents[$key]; /* Get the overall plugin acls @@ -658,50 +764,48 @@ class acl extends plugin $overall_acl = $currentAcl[0]; } + // Detect configured plugins + $expand = count($currentAcl) > 1 || $currentAcl[0] != ""; + /* Object header */ - if(session::get('js')) { - if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n". - "\n ". - "\n ". - "\n ". - "\n "; - } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n
"._("Object").": $name". - "\n
". - "\n ". - "\n ". - "\n ". - "\n "; - } else { - $display.= "\n
"._("Object").": $name". - "\n
". - "\n ". - "\n ". - "\n "; - } + $tname= preg_replace("/[^a-z0-9]/i","_",$name); + + if($expand){ + $back_color = "#C8C8FF"; + }else{ + $back_color = "#C8C8C8"; + } + + if(isset($_SERVER['HTTP_USER_AGENT']) && + (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || + (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { + $display.= "\n
"._("Object").": $name
". + "\n ". + "\n ". + "\n ". + "\n "; + } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) { + $display.= "\n
"._("Object").": $name". + "\n
". + "\n ". + "\n ". + "\n ". + "\n "; } else { - $display.= "\n
"._("Object").": $name". + "\n
". - "\n ". - "\n ". - "\n "; + $display.= "\n
"._("Object").": $name
". + "\n ". + "\n ". + "\n "; } /* Generate options */ $spc= "  "; - if ($this->isContainer && $this->aclType != 'base'){ - $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc; - $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc; - $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc; - if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ - $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc; - } - } else { - $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc; - $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc; - if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ - $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc; - } + $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc; + $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc; + $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc; + if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ + $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc; } /* Global options */ @@ -716,20 +820,23 @@ class acl extends plugin /* Walk through the list of attributes */ $cnt= 1; $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls']; - asort($splist); - if(session::get('js')) { - if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n ". + if(session::global_get('js')) { + if(isset($_SERVER['HTTP_USER_AGENT']) && + (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { + $display.= "\n ". "\n
"._("Object").": $name
". - "\n