X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_acl.inc;h=9bf8e623825c0b6f49257a732a9d599cff2689ca;hb=28ae00a52f184c2e0818500fafc38280e44f9efb;hp=9a9a396c8f789124b0ead00937fc8707e5d9961a;hpb=af3743878cb005b76b2a568acdde1a3b2eaf72f1;p=gosa.git
diff --git a/include/class_acl.inc b/include/class_acl.inc
index 9a9a396c8..9bf8e6238 100644
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
@@ -21,6 +21,7 @@ class acl extends plugin
var $aclObjects= array();
var $aclMyObjects= array();
var $users= array();
+ var $roles= array();
var $groups= array();
var $recipients= array();
var $isContainer= FALSE;
@@ -28,9 +29,9 @@ class acl extends plugin
var $wasNewEntry= FALSE;
var $ocMapping= array();
var $savedAclContents= array();
+ var $myAclObjects = array();
-
- function acl ($config, $parent, $dn= NULL)
+ function acl (&$config, $parent, $dn= NULL)
{
/* Include config object */
plugin::plugin($config, $dn);
@@ -46,10 +47,10 @@ class acl extends plugin
ksort($this->gosaAclEntry);
/* Save parent - we've to know more about it than other plugins... */
- $this->parent= $parent;
+ $this->parent= &$parent;
/* Container? */
- if (preg_match('/^(ou|c|l|dc)=/i', $dn)){
+ if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
$this->isContainer= TRUE;
}
@@ -84,13 +85,41 @@ class acl extends plugin
}
ksort($this->groups);
+ /* Roles */
+ $ldap->cd($config->current['BASE']);
+ if ($tag == ""){
+ $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
+ } else {
+ $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
+ }
+ while ($attrs= $ldap->fetch()){
+ $dsc= "";
+ if (isset($attrs['description'][0])){
+ $dsc= $attrs['description'][0];
+ }
+
+ $role_id = $attrs['dn'];
+
+ $this->roles[$role_id]['acls'] =array();
+ for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
+ $acl= $attrs['gosaAclTemplate'][$i];
+ $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],$this->explodeACL($acl));
+ }
+ $this->roles[$role_id]['description'] = $dsc;
+ $this->roles[$role_id]['cn'] = $attrs['cn'][0];
+ }
+
/* Objects */
$tmp= get_global('plist');
$plist= $tmp->info;
- if (isset($this->parent) && $this->parent != NULL){
+ $cats = array();
+ if (isset($this->parent) && $this->parent !== NULL){
$oc= array();
foreach ($this->parent->by_object as $key => $obj){
$oc= array_merge($oc, $obj->objectclasses);
+ if(isset($obj->acl_category)){
+ $cats[preg_replace("/\//","",$obj->acl_category)] = preg_replace("/\//","",$obj->acl_category);
+ }
}
if (in_array_ics('organizationalUnit', $oc)){
$this->isContainer= TRUE;
@@ -99,7 +128,6 @@ class acl extends plugin
$oc= $this->attrs['objectClass'];
}
-
/* Extract available categories from plugin info list */
foreach ($plist as $class => $acls){
@@ -115,6 +143,10 @@ class acl extends plugin
$this->ocMapping[$data]= array();
$this->ocMapping[$data][]= '0';
}
+
+ if(isset($cats[$data])){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ }
$this->ocMapping[$data][]= $class;
} else {
if (!isset($this->ocMapping[$idx])){
@@ -154,8 +186,8 @@ class acl extends plugin
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
- "psub" => _("Complete subtree (permanent)"));
- //"role" => _("Use ACL defined in role"));
+ "psub" => _("Complete subtree (permanent)"),
+ "role" => _("Use ACL defined in role"));
} else {
$this->aclTypes= array("base" => _("Current object"),
"role" => _("Use ACL defined in role"));
@@ -173,7 +205,7 @@ class acl extends plugin
{
/* Call parent execute */
plugin::execute();
-
+
$tmp= get_global('plist');
$plist= $tmp->info;
@@ -262,6 +294,11 @@ class acl extends plugin
$new_acl[$object][$attribute]= $value;
}
}
+
+ if(isset($_POST['selected_role'])){
+ $this->aclContents = "";
+ $this->aclContents = base64_decode($_POST['selected_role']);
+ }
}
/* Only be interested in new acl's, if we're in the right _POST place */
@@ -360,12 +397,12 @@ class acl extends plugin
if ($this->dialogState == 'head'){
/* Draw list */
- $aclList= new DivSelectBox("aclList");
+ $aclList= new divSelectBox("aclList");
$aclList->SetHeight(450);
/* Fill in entries */
foreach ($this->gosaAclEntry as $key => $entry){
- $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:150px'");
$field2= array("string" => $this->assembleAclSummary($entry));
$action= "";
$action.= "";
@@ -381,7 +418,7 @@ class acl extends plugin
if ($this->dialogState == 'create'){
/* Draw list */
- $aclList= new DivSelectBox("aclList");
+ $aclList= new divSelectBox("aclList");
$aclList->SetHeight(150);
/* Add settings for all categories to the (permanent) list */
@@ -451,6 +488,12 @@ class acl extends plugin
if ($this->aclType == 'base'){
$smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
}
+
+ /* Role selector if scope is base */
+ if ($this->aclType == 'role'){
+ $smarty->assign('roleSelector', "Role selector");#, $this->buildRoleSelector($this->myAclObjects));
+ $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
+ }
}
if ($this->dialogState == 'edit'){
@@ -466,7 +509,13 @@ class acl extends plugin
if ($this->aclObject == 'all'){
$aclObjects['all']= _("All objects in current subtree");
}
- $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
+
+ /* Role selector if scope is base */
+ if ($this->aclType == 'role'){
+ $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
+ } else {
+ $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
+ }
}
/* Show main page */
@@ -475,15 +524,20 @@ class acl extends plugin
return ($smarty->fetch (get_template_path('acl.tpl')));
}
+
function sort_by_priority($list)
{
$tmp= get_global('plist');
$plist= $tmp->info;
asort($plist);
+ $newSort = array();
foreach($list as $name => $translation){
$na = preg_replace("/^.*\//","",$name);
- $prio= $plist[$na]['plPriority'] ;
+ $prio = 0;
+ if(isset($plist[$na]['plPriority'])){
+ $prio= $plist[$na]['plPriority'] ;
+ }
$newSort[$name] = $prio;
}
@@ -497,6 +551,35 @@ class acl extends plugin
return($ret);
}
+
+ function buildRoleSelector($list)
+ {
+ $D_List =new divSelectBox("Acl_Roles");
+
+ $selected = $this->aclContents;
+ if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
+ $selected = key($list);
+ }
+
+ $str ="";
+ foreach($list as $dn => $values){
+
+ if($dn == $selected){
+ $option = "";
+ }else{
+ $option = "";
+ }
+
+ $field1 = array("string" => $option) ;
+ $field2 = array("string" => $values['cn'], "attach" => "style='width:200px;'") ;
+ $field3 = array("string" => $values['description'],"attach" => "style='border-right:0px;'") ;
+
+ $D_List->AddEntry(array($field1,$field2,$field3));
+ }
+ return($D_List->DrawList());
+ }
+
+
function buildAclSelector($list)
{
$display= "";
@@ -676,7 +759,7 @@ class acl extends plugin
{
$state= $state?"checked":"";
return "\n ".
- "\n ";
+ "\n ";
}
@@ -685,9 +768,9 @@ class acl extends plugin
$rstate= preg_match('/r/', $state)?'checked':'';
$wstate= preg_match('/w/', $state)?'checked':'';
return ("\n ".
- "\n ".
+ "\n ".
"\n ".
- "\n ");
+ "\n ");
}
@@ -695,8 +778,8 @@ class acl extends plugin
{
list($index, $type)= split(':', $acl);
$a= array( $index => array("type" => $type,
- "members" => acl::extractMembers($acl)));
-
+ "members" => acl::extractMembers($acl,$type == "role")));
+
/* Handle different types */
switch ($type){
@@ -708,7 +791,7 @@ class acl extends plugin
break;
case 'role':
- echo "Role";
+ $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
break;
case 'reset':
@@ -718,18 +801,21 @@ class acl extends plugin
print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
$a= array();
}
-
return ($a);
}
- function extractMembers($acl)
+ function extractMembers($acl,$role = FALSE)
{
global $config;
$a= array();
/* Rip acl off the string, seperate by ',' and place it in an array */
- $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ if($role){
+ $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ }else{
+ $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ }
if ($ms == $acl){
return $a;
}
@@ -811,12 +897,22 @@ class acl extends plugin
/* Summarize ACL */
if (isset($entry['acl'])){
$acl= "";
- foreach ($entry['acl'] as $name => $object){
- if (count($object)){
- $acl.= "$name, ";
+
+ if($entry['type'] == "role"){
+
+ if(isset($this->roles[$entry['acl']])){
+ $summary.= sprintf(_("Role: %s"), $this->roles[$entry['acl']]['cn']);
+ }else{
+ $summary.= sprintf(_("Role: %s"), ""._("Unknown role, possibly removed")."");
}
+ }else{
+ foreach ($entry['acl'] as $name => $object){
+ if (count($object)){
+ $acl.= "$name, ";
+ }
+ }
+ $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
}
- $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
}
/* Summarize members */
@@ -865,6 +961,16 @@ class acl extends plugin
return FALSE;
}
+
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+
+ $dn = $source['dn'];
+ $acl_c = new acl($this->config, $this->parent,$dn);
+ $this->gosaAclEntry = $acl_c->gosaAclEntry;
+ }
+
function save()
{
@@ -878,7 +984,12 @@ class acl extends plugin
$members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
}
}
- $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
+
+ if($entry['type'] != "role"){
+ $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
+ }else{
+ $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
+ }
/* ACL's if needed */
if ($entry['type'] != "reset" && $entry['type'] != "role"){
@@ -938,6 +1049,10 @@ class acl extends plugin
$this->cleanup();
$ldap->modify ($this->attrs);
+ if(count($this->attrs)){
+ new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ }
+
show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
/* Refresh users ACLs */
@@ -949,8 +1064,102 @@ class acl extends plugin
function remove_from_parent()
{
+ plugin::remove_from_parent();
+
+ /* include global link_info */
+ $ldap= $this->config->get_ldap_link();
+
+ $ldap->cd($this->dn);
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
+
+ new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+
+ /* Optionally execute a command after we're done */
+ $this->handle_post_events("remove",array("uid" => $this->uid));
+ }
+
+
+ /* Return plugin informations for acl handling */
+ function plInfo()
+ {
+ return (array(
+ "plShortName" => _("ACL"),
+ "plDescription" => _("ACL")._("Access control list").")",
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("administration"),
+ "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
+ "objectClass" => array("gosaAcl","gosaRole"))),
+ "plProvidedAcls"=> array(
+ "cn" => _("Role name"),
+ "description" => _("Role description"))
+
+ ));
+ }
+
+
+ /* Remove acls defined for $src */
+ function remove_acl()
+ {
+ $this->remove_acl_for_dn($this->dn);
+ }
+
+
+ /* Remove acls defined for $src */
+ function remove_acl_for_dn($src = "")
+ {
+ if($src == ""){
+ $src = $this->dn;
+ }
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
}
+ function update_acl_membership($src,$dst)
+ {
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "U:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "G:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: