X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fplugins%2Fadmin%2Facl%2Fclass_aclRole.inc;h=b78c955e156c7b00831412de4567e57e50a0cf51;hb=1614974f4859704c1bae1f39fae4300721d2bfdc;hp=e8297b74f382cf2f0742c3cb23130b71b44e4c62;hpb=4e7e87afae542a936568fb5e9a888e9bd0c65d89;p=gosa.git
diff --git a/gosa-core/plugins/admin/acl/class_aclRole.inc b/gosa-core/plugins/admin/acl/class_aclRole.inc
index e8297b74f..b78c955e1 100644
--- a/gosa-core/plugins/admin/acl/class_aclRole.inc
+++ b/gosa-core/plugins/admin/acl/class_aclRole.inc
@@ -23,8 +23,8 @@
class aclrole extends acl
{
/* Definitions */
- var $plHeadline= "Access control list templates";
- var $plDescription= "Edit ACL roles";
+ var $plHeadline= "Access control roles";
+ var $plDescription= "Edit AC roles";
/* attribute list for save action */
var $attributes= array('gosaAclTemplate',"cn","description");
@@ -51,6 +51,7 @@ class aclrole extends acl
var $cn = "";
var $description = "";
var $orig_dn;
+ var $orig_base;
var $base ="";
function aclrole (&$config, $dn= NULL)
@@ -62,7 +63,7 @@ class aclrole extends acl
$this->base = session::get('CurrentMainBase');
}else{
$this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
- new log("view","aclroles/".get_class($this),$this->dn);
+ new log("view","acl/".get_class($this),$this->dn);
}
/* Load ACL's */
@@ -127,7 +128,7 @@ class aclrole extends acl
asort($this->aclObjects);
/* Fill acl types */
- $this->aclTypes= array( "reset" => _("Reset ACLs"),
+ $this->aclTypes= array( "reset" => _("Reset ACL"),
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
@@ -136,6 +137,8 @@ class aclrole extends acl
/* Finally - we want to get saved... */
$this->is_account= TRUE;
+ $this->orig_base = $this->base;
+ $this->orig_dn = $this->dn;
}
@@ -178,7 +181,7 @@ class aclrole extends acl
$plist= $tmp->info;
/* Handle posts */
- if (isset($_POST['new_acl'])){
+ if (isset($_POST['new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
$this->dialog= TRUE;
$this->currentIndex= count($this->gosaAclTemplate);
@@ -188,6 +191,18 @@ class aclrole extends acl
$new_acl= array();
$aclDialog= FALSE;
$firstedit= FALSE;
+
+ /* Act on HTML post and gets here.
+ */
+ if(isset($_GET['id']) && isset($_GET['act']) && $_GET['act'] == "edit"){
+ $id = trim($_GET['id']);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= $id;
+ $this->loadAclEntry();
+ }
+
foreach($_POST as $name => $post){
/* Actions... */
@@ -199,11 +214,6 @@ class aclrole extends acl
$this->loadAclEntry();
continue;
}
- if (preg_match('/^acl_del_.*_x/', $name)){
- unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
- continue;
- }
-
if (preg_match('/^cat_edit_.*_x/', $name)){
$this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
$this->dialogState= 'edit';
@@ -214,7 +224,17 @@ class aclrole extends acl
}
continue;
}
- if (preg_match('/^cat_del_.*_x/', $name)){
+
+ if(!$this->acl_is_writeable("gosaAclEntry")){
+ continue;
+ }
+
+ if (preg_match('/^acl_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
+ unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+ continue;
+ }
+
+ if (preg_match('/^cat_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
foreach ($this->ocMapping[$idx] as $key){
unset($this->aclContents["$idx/$key"]);
@@ -223,7 +243,7 @@ class aclrole extends acl
}
/* Sorting... */
- if (preg_match('/^sortup_.*_x/', $name)){
+ if (preg_match('/^sortup_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
if ($index > 0){
$tmp= $this->gosaAclTemplate[$index];
@@ -232,7 +252,7 @@ class aclrole extends acl
}
continue;
}
- if (preg_match('/^sortdown_.*_x/', $name)){
+ if (preg_match('/^sortdown_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){
$index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
if ($index < count($this->gosaAclTemplate)-1){
$tmp= $this->gosaAclTemplate[$index];
@@ -243,8 +263,7 @@ class aclrole extends acl
}
/* ACL saving... */
- if (preg_match('/^acl_.*_[^xy]$/', $name)){
- $aclDialog= TRUE;
+ if (preg_match('/^acl_.*_[^xy]$/', $name) && $this->acl_is_writeable("gosaAclEntry")){
list($dummy, $object, $attribute, $value)= split('_', $name);
/* Skip for detection entry */
@@ -252,7 +271,7 @@ class aclrole extends acl
continue;
}
- /* Ordinary ACLs */
+ /* Ordinary ACL */
if (!isset($new_acl[$object])){
$new_acl[$object]= array();
}
@@ -263,7 +282,11 @@ class aclrole extends acl
}
}
}
-
+
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
+ }
+
/* Only be interested in new acl's, if we're in the right _POST place */
if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
@@ -294,7 +317,7 @@ class aclrole extends acl
}
/* Store ACL in main object? */
- if (isset($_POST['submit_new_acl'])){
+ if (isset($_POST['submit_new_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
$this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
$this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
@@ -313,12 +336,12 @@ class aclrole extends acl
}
/* Save edit acl? */
- if (isset($_POST['submit_edit_acl'])){
+ if (isset($_POST['submit_edit_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'create';
}
/* Add acl? */
- if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
+ if (isset($_POST['add_acl']) && $_POST['aclObject'] != "" && $this->acl_is_writeable("gosaAclEntry")){
$this->dialogState= 'edit';
$this->savedAclContents= array();
foreach ($this->ocMapping[$this->aclObject] as $oc){
@@ -330,7 +353,7 @@ class aclrole extends acl
/* Save common values */
foreach (array("aclType", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
+ if (isset($_POST[$key]) && $this->acl_is_writeable("gosaAclEntry")){
$this->$key= validate($_POST[$key]);
}
}
@@ -350,15 +373,34 @@ class aclrole extends acl
/* Draw list */
$aclList= new divSelectBox("aclList");
$aclList->SetHeight(350);
-
+
/* Fill in entries */
foreach ($this->gosaAclTemplate as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
- $field2= array("string" => $this->assembleAclSummary($entry));
- $action= "";
- $action.= "";
- $action.= "";
- $action.= "";
+
+ if($this->acl_is_readable("")){
+ $link = "".$this->assembleAclSummary($entry)."";
+ }else{
+ $link = $this->assembleAclSummary($entry);
+ }
+
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
+ $field2= array("string" => $link);
+
+ $action ="";
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "";
+ $action.= "";
+ }
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "";
+ }
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
$aclList->AddEntry(array($field1, $field2, $field3));
@@ -397,13 +439,21 @@ class aclrole extends acl
if ($summary == ""){
$summary= ''._("No ACL settings for this category").'';
} else {
- $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
+ $summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary));
+ }
+
+ $action = "";
+ if($this->acl_is_readable("gosaAclEntry")){
+ $action.= "";
+ }
+ if($this->acl_is_writeable("gosaAclEntry")){
+ $action.= "";
}
$field1= array("string" => $dsc, "attach" => "style='width:140px'");
$field2= array("string" => $summary);
- $action= "";
- $action.= "";
$field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
$aclList->AddEntry(array($field1, $field2, $field3));
}
@@ -491,7 +541,7 @@ class aclrole extends acl
function aclPostHandler()
{
- if (isset($_POST['save_acl'])){
+ if (isset($_POST['save_acl']) && $this->acl_is_writeable("gosaAclEntry")){
$this->save();
return TRUE;
}
@@ -572,20 +622,20 @@ class aclrole extends acl
$ldap->cd($this->dn);
$this->cleanup();
$ldap->modify ($this->attrs);
- new log("modify","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("modify","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}else{
$ldap->cd($this->config->current['BASE']);
$ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
$ldap->cd($this->dn);
$ldap->add($this->attrs);
- new log("create","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("create","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
}
- /* Refresh users ACLs */
+ /* Refresh users ACL */
$ui= get_userinfo();
$ui->loadACL();
session::set('ui',$ui);
@@ -620,7 +670,7 @@ class aclrole extends acl
}
$ldap->rmDir($this->dn);
- new log("remove","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ new log("remove","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
if (!$ldap->success()){
msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class()));
}
@@ -692,20 +742,43 @@ class aclrole extends acl
{
return (array(
"plShortName" => _("Role"),
- "plDescription" => _("ACL roles"),
+ "plDescription" => _("Access control roles"),
"plSelfModify" => FALSE,
"plDepends" => array(),
"plPriority" => 0,
- "plSection" => array("admin"),
- "plCategory" => array("aclroles" => array("objectClass" => "gosaRole", "description" => _("Acl roles"))),
-
+ "plSection" => array("administration"),
+ "plCategory" => array("acl"),
"plProvidedAcls" => array(
"cn" => _("Name"),
"base" => _("Base"),
- "description" => _("Description"))
+ "description" => _("Description"),
+ "gosaAclEntry" => _("Permissions"))
));
}
+ function check()
+ {
+ $message = plugin::check();
+
+ if(empty($this->cn)){
+ $message[] = msgPool::required(_("Name"));
+ }
+
+ if(!count($this->gosaAclTemplate)){
+ $message[] = msgPool::required(_("ACL"));
+ }
+
+ /* Check if we are allowed to create or move this object
+ */
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->base)){
+ $message[] = msgPool::permCreate();
+ }elseif($this->orig_dn != "new" && $this->base != $this->orig_base && !$this->acl_is_moveable($this->base)){
+ $message[] = msgPool::permMove();
+ }
+
+ return($message);
+ }
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: