X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=c79a7f2876dd4fa1344e67d1abbfa47127236b95;hb=534bedd511854e012e6453f3c1a97e947fdbd139;hp=ef05955b53391f0af9a2fbef0ec20f98e2cd89d6;hpb=821be82f194f9c25e2c6c574b3878de121d4cf6a;p=gosa.git

diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc
index ef05955b5..c79a7f287 100644
--- a/gosa-core/include/class_acl.inc
+++ b/gosa-core/include/class_acl.inc
@@ -20,6 +20,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+/*! \brief ACL management plugin */ 
 class acl extends plugin
 {
   /* Definitions */
@@ -51,6 +52,7 @@ class acl extends plugin
   var $ocMapping= array();
   var $savedAclContents= array();
   var $myAclObjects = array();
+  var $acl_category = "acl/";
 
   function acl (&$config, $parent, $dn= NULL)
   {
@@ -86,17 +88,28 @@ class acl extends plugin
       $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
     }
     while ($attrs= $ldap->fetch()){
-      $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+
+      // Allow objects without cn to be listed without causing an error.
+      if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
+        $this->users['U:'.$attrs['dn']]=  $attrs['uid'][0];
+      }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
+        $this->users['U:'.$attrs['dn']]=  $attrs['cn'][0];
+      }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
+        $this->users['U:'.$attrs['dn']]= $attrs['dn'];
+      }else{
+        $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+      }
+
     }
     ksort($this->users);
 
     /* Groups */
     $ldap->cd($config->current['BASE']);
-    if ($tag == ""){
+#    if ($tag == ""){
       $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
-    } else {
-      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
-    }
+#    } else {
+#      $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
+#    }
     while ($attrs= $ldap->fetch()){
       $dsc= "";
       if (isset($attrs['description'][0])){
@@ -104,6 +117,7 @@ class acl extends plugin
       }
       $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
     }
+    $this->groups['G:*']= _("All users");
     ksort($this->groups);
 
     /* Roles */
@@ -131,7 +145,7 @@ class acl extends plugin
     }
 
     /* Objects */
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
     $cats = array();
     if (isset($this->parent) && $this->parent !== NULL){
@@ -139,7 +153,8 @@ class acl extends plugin
       foreach ($this->parent->by_object as $key => $obj){
         $oc= array_merge($oc, $obj->objectclasses);
         if(isset($obj->acl_category)){
-          $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
+					$tmp= str_replace("/","",$obj->acl_category);
+          $cats[$tmp] = $tmp;
         }
       }
       if (in_array_ics('organizationalUnit', $oc)){
@@ -228,7 +243,7 @@ class acl extends plugin
     /* Call parent execute */
     plugin::execute();
 
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
 
     /* Handle posts */
@@ -242,24 +257,32 @@ class acl extends plugin
     $new_acl= array();
     $aclDialog= FALSE;
     $firstedit= FALSE;
+
+    /* Act on HTML post and gets here.
+     */
+    if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+      $id = trim($_GET['id']);
+      $this->dialogState= 'create';
+      $firstedit= TRUE;
+      $this->dialog= TRUE;
+      $this->currentIndex= $id;
+      $this->loadAclEntry();
+    }
+
     foreach($_POST as $name => $post){
 
       /* Actions... */
-      if (preg_match('/^acl_edit_.*_x/', $name)){
+      if (preg_match('/^acl_edit_[0-9]*$/', $name)){
         $this->dialogState= 'create';
         $firstedit= TRUE;
         $this->dialog= TRUE;
-        $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
+        $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
         $this->loadAclEntry();
         continue;
       }
-      if (preg_match('/^acl_del_.*_x/', $name)){
-        unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
-        continue;
-      }
 
-      if (preg_match('/^cat_edit_.*_x/', $name)){
-        $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
+      if (preg_match('/^cat_edit_.*$/', $name)){
+        $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
         $this->dialogState= 'edit';
         foreach ($this->ocMapping[$this->aclObject] as $oc){
           if (isset($this->aclContents[$oc])){
@@ -268,17 +291,31 @@ class acl extends plugin
         }
         continue;
       }
-      if (preg_match('/^cat_del_.*_x/', $name)){
-        $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
+
+      /* Only handle posts, if we allowed to modify ACLs */
+      if(!$this->acl_is_writeable("")){
+        continue;
+      }
+
+      if (preg_match('/^acl_del_[0-9]*$/', $name)){
+        unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
+        continue;
+      }
+
+      if (preg_match('/^cat_del_.*$/', $name)){
+        $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
         foreach ($this->ocMapping[$idx] as $key){
-          unset($this->aclContents["$idx/$key"]);
+          if(isset($this->aclContents[$idx]))
+            unset($this->aclContents[$idx]);
+          if(isset($this->aclContents["$idx/$key"]))
+            unset($this->aclContents["$idx/$key"]);
         }
         continue;
       }
 
       /* Sorting... */
-      if (preg_match('/^sortup_.*_x/', $name)){
-        $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
+      if (preg_match('/^sortup_[0-9]*$/', $name)){
+        $index= preg_replace('/^sortup_([0-9]*)$/', '\1', $name);
         if ($index > 0){
           $tmp= $this->gosaAclEntry[$index];
           $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
@@ -286,8 +323,8 @@ class acl extends plugin
         }
         continue;
       }
-      if (preg_match('/^sortdown_.*_x/', $name)){
-        $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
+      if (preg_match('/^sortdown_[0-9]*$/', $name)){
+        $index= preg_replace('/^sortdown_([0-9]*)$/', '\1', $name);
         if ($index < count($this->gosaAclEntry)-1){
           $tmp= $this->gosaAclEntry[$index];
           $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
@@ -298,8 +335,7 @@ class acl extends plugin
 
       /* ACL saving... */
       if (preg_match('/^acl_.*_[^xy]$/', $name)){
-        $aclDialog= TRUE;
-        list($dummy, $object, $attribute, $value)= split('_', $name);
+        list($dummy, $object, $attribute, $value)= explode('_', $name);
 
         /* Skip for detection entry */
         if ($object == 'dummy') {
@@ -317,12 +353,17 @@ class acl extends plugin
         }
       }
 
-      if(isset($_POST['selected_role'])){
+      // Remember the selected ACL role.
+      if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
         $this->aclContents = "";
         $this->aclContents = base64_decode($_POST['selected_role']);
       }
     }
 
+    if(isset($_POST['acl_dummy_0_0_0'])){
+      $aclDialog= TRUE;
+    }
+
     if($this->acl_is_writeable("")){
       
       /* Only be interested in new acl's, if we're in the right _POST place */
@@ -332,6 +373,7 @@ class acl extends plugin
 
           if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
             unset($this->aclContents[$oc]);
+          }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
             unset($this->aclContents[$this->aclObject.'/'.$oc]);
           }else{
 #          trigger_error("Huhm?");
@@ -360,6 +402,15 @@ class acl extends plugin
       }
     }
 
+    /* Save common values */
+    if($this->acl_is_writeable("")){
+      foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
+        if (isset($_POST[$key])){
+          $this->$key= validate($_POST[$key]);
+        }
+      }
+    }
+
     /* Store ACL in main object? */
     if (isset($_POST['submit_new_acl'])){
       $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
@@ -416,17 +467,12 @@ class acl extends plugin
       }
     }
 
-    /* Save common values */
-    if($this->acl_is_writeable("")){
-      foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
-        if (isset($_POST[$key])){
-          $this->$key= validate($_POST[$key]);
-        }
-      }
-    }
-
     /* Create templating instance */
     $smarty= get_smarty();
+    $smarty->assign("acl_readable",$this->acl_is_readable(""));
+    if(!$this->acl_is_readable("")){
+      return ($smarty->fetch (get_template_path('acl.tpl')));
+    }
 
     if ($this->dialogState == 'head'){
       /* Draw list */
@@ -438,19 +484,26 @@ class acl extends plugin
         if(!$this->acl_is_readable("")) continue;
 
         $action ="";      
+
+        if($this->acl_is_readable("")){
+          $link = "<a href=?plug=".$_GET['plug']."&amp;id=".$key."&amp;act=edit>".$this->assembleAclSummary($entry)."</a>";
+        }else{
+          $link = $this->assembleAclSummary($entry);
+        }
   
         $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
-        $field2= array("string" => $this->assembleAclSummary($entry));
+        $field2= array("string" => $link);
 
         if($this->acl_is_writeable("")){
-          $action.= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
-          $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/lists/sort-down.png'>";
+          $action.= image('images/lists/sort-up.png', 'sortup_'.$key);
+          $action.= image('images/lists/sort-down.png', 'sortdown_'.$key);
+        } 
+    
+        if($this->acl_is_readable("")){
+          $action.= image('images/lists/edit.png','acl_edit_'.$key,msgPool::editButton(_("ACL")));
         }
-
-        $action.= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
-
-        if($this->acl_is_removeable()){
-          $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+        if($this->acl_is_removeable("")){
+          $action.= image('images/lists/trash.png','acl_del_'.$key,msgPool::delButton(_("ACL")));
         }
 
         $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
@@ -491,11 +544,17 @@ class acl extends plugin
           $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
         }
 
+        $actions ="";
+        if($this->acl_is_readable("")){
+          $actions.= image('images/lists/edit.png','cat_edit_'.$section, msgPool::editButton(_("category ACL")));
+        }
+        if($this->acl_is_removeable()){
+          $actions.= image('images/lists/trash.png','cat_del_'.$section, msgPool::delButton(_("category ACL")));
+        }   
+
         $field1= array("string" => $dsc, "attach" => "style='width:100px'");
         $field2= array("string" => $summary);
-        $action= "<input class='center' type='image' src='images/lists/edit.png' alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
-        $action.= "<input class='center' type='image' src='images/lists/trash.png' alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
-        $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
+        $field3= array("string" => $actions, "attach" => "style='border-right:0px;width:50px'");
         $aclList->AddEntry(array($field1, $field2, $field3));
       }
 
@@ -515,6 +574,9 @@ class acl extends plugin
 
       /* Generate list */
       $tmp= array();
+      if ($this->target == "group" && !isset($this->recipients["G:*"])){
+        $tmp["G:*"]= _("All users");
+      }
       foreach (array("user" => "users", "group" => "groups") as $field => $arr){
         if ($this->target == $field){
           foreach ($this->$arr as $key => $value){
@@ -576,7 +638,7 @@ class acl extends plugin
 
   function sort_by_priority($list)
   {
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
     asort($plist);
     $newSort = array();
@@ -633,7 +695,7 @@ class acl extends plugin
   {
     $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
     $cols= 3;
-    $tmp= session::get('plist');
+    $tmp= session::global_get('plist');
     $plist= $tmp->info;
     asort($plist);
 
@@ -641,33 +703,33 @@ class acl extends plugin
     $style = "style='width:100px;'";
 
     if($this->acl_is_writeable("")){
-      $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
-      $display .= "<input ".$style." type='button' name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
+      $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
+      $display .= "<button type='button' ".$style." name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
 
-      $display .= "<input ".$style." type='button' name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
+      $display .= "<button type='button' ".$style." name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
 
       $display .= "<br>";
 
       $style = "style='width:50px;'";
-      $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
-      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
-
-      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+      $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
+      $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
+
+      $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
     }
 
     /* Build general objects */
@@ -677,8 +739,11 @@ class acl extends plugin
       /* Create sub acl if it does not exist */
       if (!isset($this->aclContents[$key])){
         $this->aclContents[$key]= array();
+      }
+      if(!isset($this->aclContents[$key][0])){
         $this->aclContents[$key][0]= '';
       }
+
       $currentAcl= $this->aclContents[$key];
 
       /* Get the overall plugin acls 
@@ -688,51 +753,49 @@ class acl extends plugin
         $overall_acl = $currentAcl[0];
       }
 
+      // Detect configured plugins
+      $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
+
       /* Object header */
-      if(session::get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
-                     "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
-                     "\n  </tr>";
-        } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
-                     "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/hide advanced settings")."' /></td>".
-                     "\n  </tr>";
-        } else {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
-                     "\n  </tr>";
-        }
+			$tname= preg_replace("/[^a-z0-9]/i","_",$name);
+
+      if($expand){
+        $back_color = "#C8C8FF";
+      }else{
+        $back_color = "#C8C8C8";
+      }
+
+      if(isset($_SERVER['HTTP_USER_AGENT']) && 
+          (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
+          (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+        $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+          "\n  <tr>".
+          "\n    <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+          "\n    <td align='right' style='background-color:{$back_color};height:1.8em;'>".
+          "\n    <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+          "\n  </tr>";
+      } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+        $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+          "\n  <tr>".
+          "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+          "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
+          "\n    <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+          "\n  </tr>";
       } else {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
-                     "\n  </tr>";
+        $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+          "\n  <tr>".
+          "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
+          "\n  </tr>";
       }
 
       /* Generate options */
       $spc= "&nbsp;&nbsp;";
-#      if ($this->isContainer && $this->aclType != 'base'){
-        $options= $this->mkchkbx($key."_0_c",  _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
-        $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
-        $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
-        if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
-          $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
-        }
- #     } else {
- #       $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $overall_acl)).$spc;
- #       $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $overall_acl)).$spc;
- #       if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
- #         $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $overall_acl)).$spc;
- #       }
- #     }
+      $options= $this->mkchkbx($key."_0_c",  _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
+      $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
+      $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
+      if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+        $options.= $this->mkchkbx($key."_0_s", _("Grant permission to owner"), preg_match('/s/', $overall_acl)).$spc;
+      }
 
       /* Global options */
       $more_options= $this->mkchkbx($key."_0_r",  _("read"), preg_match('/r/', $overall_acl)).$spc;
@@ -746,20 +809,23 @@ class acl extends plugin
       /* Walk through the list of attributes */
       $cnt= 1;
       $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
-      asort($splist);
-      if(session::get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
-          $display.= "\n  <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+      if(session::global_get('js')) {
+        if(isset($_SERVER['HTTP_USER_AGENT']) && 
+            (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+          $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
                      "\n    <td colspan=".$cols.">".
-                     "\n      <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
-                     "\n        <table style='width:100%;'>";
+                     "\n      <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
+                     "\n        <table style='width:100%;' summary='{$name}'>";
         } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
-          $display.= "\n  <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+          $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
                      "\n    <td colspan=".$cols.">".
-                     "\n      <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
-                     "\n        <table style='width:100%;'>";
+                     "\n      <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
+                     "\n        <table style='width:100%;' summary='{$name}'>";
+        }else{
         }
       }
+
+  
       foreach($splist as $attr => $dsc){
 
         /* Skip pl* attributes, they are internal... */
@@ -797,8 +863,11 @@ class acl extends plugin
        $display.= str_repeat("\n    <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'>&nbsp;</td>", $cols-$cnt); 
       }
 
-      if(session::get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
+      if(session::global_get('js')) {
+        if(isset($_SERVER['HTTP_USER_AGENT']) && 
+            (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
+            (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) || 
+            (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
           $display.= "\n        </table>".
                      "\n      </div>".
                      "\n    </td>".
@@ -817,8 +886,9 @@ class acl extends plugin
   {
     $state= $state?"checked":"";
     if($this->acl_is_writeable("")){
-      return "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
-        "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."'>$text</label>";
+			$tname= preg_replace("/[^a-z0-9]/i","_",$name);
+      return "\n      <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
+        "\n      <label for='acl_$tname'>$text</label>";
     }else{
       return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
     }
@@ -829,12 +899,13 @@ class acl extends plugin
   {
     $rstate= preg_match('/r/', $state)?'checked':'';
     $wstate= preg_match('/w/', $state)?'checked':'';
+		$tname= preg_replace("/[^a-z0-9]/i","_",$name);
       
     if($this->acl_is_writeable("")){
-      return ("\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
-          "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r'>"._("read")."</label>".
-          "\n      <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
-          "\n      <label for='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w'>"._("write")."</label>");
+      return ("\n      <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
+          "\n      <label for='acl_".$tname."_r'>"._("read")."</label>".
+          "\n      <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
+          "\n      <label for='acl_".$tname."_w'>"._("write")."</label>");
     }else{
       return ("\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
           "\n      <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
@@ -845,7 +916,7 @@ class acl extends plugin
   static function explodeACL($acl)
   {
 
-    $list= split(':', $acl);
+    $list= explode(':', $acl);
     if(count($list) == 5){
       list($index, $type,$member,$permission,$filter)= $list;
       $filter = base64_decode($filter);
@@ -897,29 +968,35 @@ class acl extends plugin
     if ($ms == $acl){
       return $a;
     }
-    $ma= split(',', $ms);
+    $ma= explode(',', $ms);
 
     /* Decode dn's, fill with informations from LDAP */
     $ldap= $config->get_ldap_link();
     foreach ($ma as $memberdn){
+      // Check for wildcard here
       $dn= base64_decode($memberdn);
-      $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+      if ($dn != "*") {
+        $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+
+        /* Found entry... */
+        if ($ldap->count()){
+          $attrs= $ldap->fetch();
+          if (in_array_ics('gosaAccount', $attrs['objectClass'])){
+            $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+          } else {
+            $a['G:'.$dn]= $attrs['cn'][0];
+            if (isset($attrs['description'][0])){
+              $a['G:'.$dn].= " [".$attrs['description'][0]."]";
+            }
+          }
 
-      /* Found entry... */
-      if ($ldap->count()){
-        $attrs= $ldap->fetch();
-        if (in_array_ics('gosaAccount', $attrs['objectClass'])){
-          $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+        /* ... or not */
         } else {
-          $a['G:'.$dn]= $attrs['cn'][0];
-          if (isset($attrs['description'][0])){
-            $a['G:'.$dn].= " [".$attrs['description'][0]."]";
-          }
+          $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
         }
 
-      /* ... or not */
       } else {
-        $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
+        $a['G:*']= sprintf(_("All users"));
       }
     }
 
@@ -931,14 +1008,14 @@ class acl extends plugin
   {
     /* Rip acl off the string, seperate by ',' and place it in an array */
     $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
-    $aa= split(',', $as);
+    $aa= explode(',', $as);
     $a= array();
 
     /* Dis-assemble single ACLs */
     foreach($aa as $sacl){
       
       /* Dis-assemble field ACLs */
-      $ao= split('#', $sacl);
+      $ao= explode('#', $sacl);
       $gobject= "";
       foreach($ao as $idx => $ssacl){
 
@@ -957,7 +1034,7 @@ class acl extends plugin
         } else {
 
           /* All other entries get appended... */
-          list($field, $facl)= split(';', $ssacl);
+          list($field, $facl)= explode(';', $ssacl);
           $a[$gobject][$field]= $facl;
         }
 
@@ -993,20 +1070,22 @@ class acl extends plugin
       }
     }
 
+
     /* Summarize members */
-    if ($summary != ""){
-      $summary.= ", ";
-    }
-    if (count($entry['members'])){
-      $summary.= _("Members").": ";
-      foreach ($entry['members'] as $cn){
-        $cn= preg_replace('/ \[.*$/', '', $cn);
-        $summary.= $cn.", ";
+    if(!($this instanceOf aclrole)){
+      if ($summary != ""){
+        $summary.= ", ";
+      }
+      if (count($entry['members'])){
+        $summary.= _("Members").": ";
+        foreach ($entry['members'] as $cn){
+          $cn= preg_replace('/ \[.*$/', '', $cn);
+          $summary.= $cn.", ";
+        }
+      } else {
+        $summary.= "<font color='red'><i>"._("inactive")."&nbsp;-&nbsp;"._("No members")."</i></font>";
       }
-    } else {
-      $summary.= _("ACL takes effect for all users");
     }
-
     return (preg_replace('/, $/', '', $summary));
   }
 
@@ -1141,13 +1220,13 @@ class acl extends plugin
     }
 
     if (!$ldap->success()){
-      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()));
+      msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
     }
 
     /* Refresh users ACLs */
     $ui= get_userinfo();
     $ui->loadACL();
-    session::set('ui',$ui);
+    session::global_set('ui',$ui);
   }
 
 
@@ -1174,7 +1253,7 @@ class acl extends plugin
   {
     return (array(
           "plShortName"   => _("ACL"),
-          "plDescription" => _("ACL")._("Access control list").")",
+          "plDescription" => _("ACL")."&nbsp;("._("Access control list").")",
           "plSelfModify"  => FALSE,
           "plDepends"     => array(),
           "plPriority"    => 0,
@@ -1182,8 +1261,9 @@ class acl extends plugin
           "plCategory"    => array("acl" => array("description"  => _("ACL")."&nbsp;&amp;&nbsp;"._("ACL roles"),
                                                           "objectClass"  => array("gosaAcl","gosaRole"))),
           "plProvidedAcls"=> array(
-            "cn"          => _("Role name"),
-            "description" => _("Role description"))
+//            "cn"          => _("Role name"),
+//            "description" => _("Role description")
+            )
 
           ));
   }
@@ -1192,37 +1272,56 @@ class acl extends plugin
   /* Remove acls defined for $src */
   function remove_acl()
   {
-    $this->remove_acl_for_dn($this->dn);
+    acl::remove_acl_for($this->dn);
   }
 
 
   /* Remove acls defined for $src */
-  function remove_acl_for_dn($src = "")
-  {
-    if($src == ""){
-      $src = $this->dn;
-    }
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
-    while($attrs = $ldap->fetch()){
-      $acl = new acl($this->config,$this->parent,$attrs['dn']);
-      foreach($acl->gosaAclEntry as $id => $entry){
-        foreach($entry['members'] as $m_id => $member){
-          if($m_id == "U:".$src){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
-            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
-          }
-          if($m_id == "G:".$src){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
-            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
-          }
-        }
+  static function remove_acl_for($dn)
+  {                                  
+    global $config;                  
+
+    $ldap = $config->get_ldap_link();
+    $ldap->cd($config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
+    $new_entries= array();                                                                                      
+    while($attrs = $ldap->fetch()){                                                                             
+      if (!isset($attrs['gosaAclEntry'])) {                                                                     
+        continue;                                                                                               
+      }                                                                                                         
+      unset($attrs['gosaAclEntry']['count']);                                                                   
+
+      // Remove entry directly
+      foreach($attrs['gosaAclEntry'] as $id => $entry){
+        $parts= explode(':',$entry);                     
+        $members= explode(',',$parts[2]);                
+        $new_members= array();                         
+        foreach($members as $member) {                 
+          if (base64_decode($member) != $dn) {         
+            $new_members[]= $member;                   
+          } else {                                     
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
+          }                                                                                                                  
+        }                                                                                                                    
+
+        /* We can completely remove the entry if there are no members anymore */
+        if (count($new_members)) {                                              
+          $parts[2]= implode(",", $new_members);                                
+          $new_entries[]= implode(":", $parts);                                 
+        }                                                                       
+      }                                                                         
+
+      // There should be a modification, so write it back
+      $ldap->cd($attrs['dn']);
+      $new_attrs= array("gosaAclEntry" => $new_entries);
+      $ldap->modify($new_attrs);
+      if (!$ldap->success()){
+        msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
       }
-      $acl -> save();
     }
   }
 
+
   function update_acl_membership($src,$dst)
   {
     $ldap = $this->config->get_ldap_link();