X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=c79a7f2876dd4fa1344e67d1abbfa47127236b95;hb=534bedd511854e012e6453f3c1a97e947fdbd139;hp=e7ff5d0797c38b9001b8ea09efafa66c52830927;hpb=74975ea220067c36c9dd9e27fdf454965276478d;p=gosa.git diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc index e7ff5d079..c79a7f287 100644 --- a/gosa-core/include/class_acl.inc +++ b/gosa-core/include/class_acl.inc @@ -20,6 +20,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/*! \brief ACL management plugin */ class acl extends plugin { /* Definitions */ @@ -51,6 +52,7 @@ class acl extends plugin var $ocMapping= array(); var $savedAclContents= array(); var $myAclObjects = array(); + var $acl_category = "acl/"; function acl (&$config, $parent, $dn= NULL) { @@ -86,7 +88,18 @@ class acl extends plugin $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn')); } while ($attrs= $ldap->fetch()){ - $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']'; + + // Allow objects without cn to be listed without causing an error. + if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['uid'][0]; + }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['cn'][0]; + }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){ + $this->users['U:'.$attrs['dn']]= $attrs['dn']; + }else{ + $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']'; + } + } ksort($this->users); @@ -104,6 +117,7 @@ class acl extends plugin } $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']'; } + $this->groups['G:*']= _("All users"); ksort($this->groups); /* Roles */ @@ -131,7 +145,7 @@ class acl extends plugin } /* Objects */ - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; $cats = array(); if (isset($this->parent) && $this->parent !== NULL){ @@ -139,7 +153,8 @@ class acl extends plugin foreach ($this->parent->by_object as $key => $obj){ $oc= array_merge($oc, $obj->objectclasses); if(isset($obj->acl_category)){ - $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category); + $tmp= str_replace("/","",$obj->acl_category); + $cats[$tmp] = $tmp; } } if (in_array_ics('organizationalUnit', $oc)){ @@ -228,7 +243,7 @@ class acl extends plugin /* Call parent execute */ plugin::execute(); - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; /* Handle posts */ @@ -243,91 +258,112 @@ class acl extends plugin $aclDialog= FALSE; $firstedit= FALSE; - /* Only handle posts, if we allowed to modify ACLs + /* Act on HTML post and gets here. */ - if($this->acl_is_writeable("")){ - foreach($_POST as $name => $post){ - - /* Actions... */ - if (preg_match('/^acl_edit_.*_x/', $name)){ - $this->dialogState= 'create'; - $firstedit= TRUE; - $this->dialog= TRUE; - $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name); - $this->loadAclEntry(); - continue; - } - if (preg_match('/^acl_del_.*_x/', $name)){ - unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]); - continue; - } + if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){ + $id = trim($_GET['id']); + $this->dialogState= 'create'; + $firstedit= TRUE; + $this->dialog= TRUE; + $this->currentIndex= $id; + $this->loadAclEntry(); + } - if (preg_match('/^cat_edit_.*_x/', $name)){ - $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name); - $this->dialogState= 'edit'; - foreach ($this->ocMapping[$this->aclObject] as $oc){ - if (isset($this->aclContents[$oc])){ - $this->savedAclContents[$oc]= $this->aclContents[$oc]; - } + foreach($_POST as $name => $post){ + + /* Actions... */ + if (preg_match('/^acl_edit_[0-9]*$/', $name)){ + $this->dialogState= 'create'; + $firstedit= TRUE; + $this->dialog= TRUE; + $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name); + $this->loadAclEntry(); + continue; + } + + if (preg_match('/^cat_edit_.*$/', $name)){ + $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name); + $this->dialogState= 'edit'; + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->aclContents[$oc])){ + $this->savedAclContents[$oc]= $this->aclContents[$oc]; } - continue; } - if (preg_match('/^cat_del_.*_x/', $name)){ - $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name); - foreach ($this->ocMapping[$idx] as $key){ + continue; + } + + /* Only handle posts, if we allowed to modify ACLs */ + if(!$this->acl_is_writeable("")){ + continue; + } + + if (preg_match('/^acl_del_[0-9]*$/', $name)){ + unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]); + continue; + } + + if (preg_match('/^cat_del_.*$/', $name)){ + $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name); + foreach ($this->ocMapping[$idx] as $key){ + if(isset($this->aclContents[$idx])) + unset($this->aclContents[$idx]); + if(isset($this->aclContents["$idx/$key"])) unset($this->aclContents["$idx/$key"]); - } - continue; } + continue; + } - /* Sorting... */ - if (preg_match('/^sortup_.*_x/', $name)){ - $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name); - if ($index > 0){ - $tmp= $this->gosaAclEntry[$index]; - $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1]; - $this->gosaAclEntry[$index-1]= $tmp; - } - continue; + /* Sorting... */ + if (preg_match('/^sortup_[0-9]*$/', $name)){ + $index= preg_replace('/^sortup_([0-9]*)$/', '\1', $name); + if ($index > 0){ + $tmp= $this->gosaAclEntry[$index]; + $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1]; + $this->gosaAclEntry[$index-1]= $tmp; } - if (preg_match('/^sortdown_.*_x/', $name)){ - $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name); - if ($index < count($this->gosaAclEntry)-1){ - $tmp= $this->gosaAclEntry[$index]; - $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1]; - $this->gosaAclEntry[$index+1]= $tmp; - } - continue; + continue; + } + if (preg_match('/^sortdown_[0-9]*$/', $name)){ + $index= preg_replace('/^sortdown_([0-9]*)$/', '\1', $name); + if ($index < count($this->gosaAclEntry)-1){ + $tmp= $this->gosaAclEntry[$index]; + $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1]; + $this->gosaAclEntry[$index+1]= $tmp; } + continue; + } - /* ACL saving... */ - if (preg_match('/^acl_.*_[^xy]$/', $name)){ - $aclDialog= TRUE; - list($dummy, $object, $attribute, $value)= split('_', $name); - - /* Skip for detection entry */ - if ($object == 'dummy') { - continue; - } + /* ACL saving... */ + if (preg_match('/^acl_.*_[^xy]$/', $name)){ + list($dummy, $object, $attribute, $value)= explode('_', $name); - /* Ordinary ACLs */ - if (!isset($new_acl[$object])){ - $new_acl[$object]= array(); - } - if (isset($new_acl[$object][$attribute])){ - $new_acl[$object][$attribute].= $value; - } else { - $new_acl[$object][$attribute]= $value; - } + /* Skip for detection entry */ + if ($object == 'dummy') { + continue; } - if(isset($_POST['selected_role'])){ - $this->aclContents = ""; - $this->aclContents = base64_decode($_POST['selected_role']); + /* Ordinary ACLs */ + if (!isset($new_acl[$object])){ + $new_acl[$object]= array(); } + if (isset($new_acl[$object][$attribute])){ + $new_acl[$object][$attribute].= $value; + } else { + $new_acl[$object][$attribute]= $value; + } + } + + // Remember the selected ACL role. + if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){ + $this->aclContents = ""; + $this->aclContents = base64_decode($_POST['selected_role']); } } + if(isset($_POST['acl_dummy_0_0_0'])){ + $aclDialog= TRUE; + } + if($this->acl_is_writeable("")){ /* Only be interested in new acl's, if we're in the right _POST place */ @@ -337,6 +373,7 @@ class acl extends plugin if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){ unset($this->aclContents[$oc]); + }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){ unset($this->aclContents[$this->aclObject.'/'.$oc]); }else{ # trigger_error("Huhm?"); @@ -365,6 +402,15 @@ class acl extends plugin } } + /* Save common values */ + if($this->acl_is_writeable("")){ + foreach (array("aclType","aclFilter", "aclObject", "target") as $key){ + if (isset($_POST[$key])){ + $this->$key= validate($_POST[$key]); + } + } + } + /* Store ACL in main object? */ if (isset($_POST['submit_new_acl'])){ $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType; @@ -421,17 +467,12 @@ class acl extends plugin } } - /* Save common values */ - if($this->acl_is_writeable("")){ - foreach (array("aclType","aclFilter", "aclObject", "target") as $key){ - if (isset($_POST[$key])){ - $this->$key= validate($_POST[$key]); - } - } - } - /* Create templating instance */ $smarty= get_smarty(); + $smarty->assign("acl_readable",$this->acl_is_readable("")); + if(!$this->acl_is_readable("")){ + return ($smarty->fetch (get_template_path('acl.tpl'))); + } if ($this->dialogState == 'head'){ /* Draw list */ @@ -443,19 +484,26 @@ class acl extends plugin if(!$this->acl_is_readable("")) continue; $action =""; + + if($this->acl_is_readable("")){ + $link = "".$this->assembleAclSummary($entry).""; + }else{ + $link = $this->assembleAclSummary($entry); + } $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'"); - $field2= array("string" => $this->assembleAclSummary($entry)); + $field2= array("string" => $link); if($this->acl_is_writeable("")){ - $action.= ""; - $action.= ""; + $action.= image('images/lists/sort-up.png', 'sortup_'.$key); + $action.= image('images/lists/sort-down.png', 'sortdown_'.$key); + } + + if($this->acl_is_readable("")){ + $action.= image('images/lists/edit.png','acl_edit_'.$key,msgPool::editButton(_("ACL"))); } - - $action.= ""; - - if($this->acl_is_removeable()){ - $action.= ""; + if($this->acl_is_removeable("")){ + $action.= image('images/lists/trash.png','acl_del_'.$key,msgPool::delButton(_("ACL"))); } $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'"); @@ -496,11 +544,17 @@ class acl extends plugin $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary)); } + $actions =""; + if($this->acl_is_readable("")){ + $actions.= image('images/lists/edit.png','cat_edit_'.$section, msgPool::editButton(_("category ACL"))); + } + if($this->acl_is_removeable()){ + $actions.= image('images/lists/trash.png','cat_del_'.$section, msgPool::delButton(_("category ACL"))); + } + $field1= array("string" => $dsc, "attach" => "style='width:100px'"); $field2= array("string" => $summary); - $action= ""; - $action.= ""; - $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'"); + $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'"); $aclList->AddEntry(array($field1, $field2, $field3)); } @@ -520,6 +574,9 @@ class acl extends plugin /* Generate list */ $tmp= array(); + if ($this->target == "group" && !isset($this->recipients["G:*"])){ + $tmp["G:*"]= _("All users"); + } foreach (array("user" => "users", "group" => "groups") as $field => $arr){ if ($this->target == $field){ foreach ($this->$arr as $key => $value){ @@ -581,7 +638,7 @@ class acl extends plugin function sort_by_priority($list) { - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; asort($plist); $newSort = array(); @@ -638,7 +695,7 @@ class acl extends plugin { $display= ""; $cols= 3; - $tmp= session::get('plist'); + $tmp= session::global_get('plist'); $plist= $tmp->info; asort($plist); @@ -646,33 +703,33 @@ class acl extends plugin $style = "style='width:100px;'"; if($this->acl_is_writeable("")){ - $display .= ""; - $display .= ""; - $display .= " - "; - $display .= ""; - $display .= " - "; + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= " - "; - $display .= ""; - $display .= ""; + $display .= ""; + $display .= ""; $display .= "
"; $style = "style='width:50px;'"; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= " - "; - $display .= ""; - $display .= ""; - $display .= ""; - $display .= " - "; - - $display .= ""; - $display .= ""; - $display .= ""; - $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; } /* Build general objects */ @@ -682,8 +739,11 @@ class acl extends plugin /* Create sub acl if it does not exist */ if (!isset($this->aclContents[$key])){ $this->aclContents[$key]= array(); + } + if(!isset($this->aclContents[$key][0])){ $this->aclContents[$key][0]= ''; } + $currentAcl= $this->aclContents[$key]; /* Get the overall plugin acls @@ -693,51 +753,49 @@ class acl extends plugin $overall_acl = $currentAcl[0]; } + // Detect configured plugins + $expand = count($currentAcl) > 1 || $currentAcl[0] != ""; + /* Object header */ - if(session::get('js')) { - if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n". - "\n ". - "\n ". - "\n ". - "\n "; - } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n
"._("Object").": $name". - "\n
". - "\n ". - "\n ". - "\n ". - "\n "; - } else { - $display.= "\n
"._("Object").": $name". - "\n
". - "\n ". - "\n ". - "\n "; - } + $tname= preg_replace("/[^a-z0-9]/i","_",$name); + + if($expand){ + $back_color = "#C8C8FF"; + }else{ + $back_color = "#C8C8C8"; + } + + if(isset($_SERVER['HTTP_USER_AGENT']) && + (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || + (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { + $display.= "\n
"._("Object").": $name
". + "\n ". + "\n ". + "\n ". + "\n "; + } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) { + $display.= "\n
"._("Object").": $name". + "\n
". + "\n ". + "\n ". + "\n ". + "\n "; } else { - $display.= "\n
"._("Object").": $name". + "\n
". - "\n ". - "\n ". - "\n "; + $display.= "\n
"._("Object").": $name
". + "\n ". + "\n ". + "\n "; } /* Generate options */ $spc= "  "; -# if ($this->isContainer && $this->aclType != 'base'){ - $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc; - $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc; - $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc; - if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ - $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc; - } - # } else { - # $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc; - # $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc; - # if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ - # $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc; - # } - # } + $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc; + $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc; + $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc; + if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ + $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc; + } /* Global options */ $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc; @@ -751,20 +809,23 @@ class acl extends plugin /* Walk through the list of attributes */ $cnt= 1; $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls']; -# asort($splist); - if(session::get('js')) { - if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { - $display.= "\n ". + if(session::global_get('js')) { + if(isset($_SERVER['HTTP_USER_AGENT']) && + (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) { + $display.= "\n ". "\n
"._("Object").": $name
". - "\n