X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_plugin.inc;h=6cbec1b4eddc6cf2a5559cf6b04e21b406a3c27c;hb=440d89fb458e56ac12369a090b1156e2d6711160;hp=3e7725a5eaf48ab38d58d7a7368964c23bfbeb0e;hpb=18057bd682416dc1b209fb1b119d2256c291915b;p=gosa.git
diff --git a/include/class_plugin.inc b/include/class_plugin.inc
index 3e7725a5e..6cbec1b4e 100644
--- a/include/class_plugin.inc
+++ b/include/class_plugin.inc
@@ -105,9 +105,16 @@ class plugin
/* attribute list for save action */
var $attributes= array();
var $objectclasses= array();
- var $new= TRUE;
+ var $is_new= TRUE;
var $saved_attributes= array();
+ var $acl_base= "";
+ var $acl_category= "";
+
+ /* Plugin identifier */
+ var $plHeadline= "";
+ var $plDescription= "";
+
/*! \brief plugin constructor
If 'dn' is set, the node loads the given 'dn' from LDAP
@@ -115,7 +122,7 @@ class plugin
\param dn Distinguished name to initialize plugin from
\sa plugin()
*/
- function plugin ($config, $dn= NULL)
+ function plugin ($config, $dn= NULL, $parent= NULL)
{
/* Configuration is fine, allways */
$this->config= $config;
@@ -126,13 +133,20 @@ class plugin
return;
}
+ /* Save current dn as acl_base */
+ $this->acl_base= $dn;
+
/* Get LDAP descriptor */
$ldap= $this->config->get_ldap_link();
if ($dn != NULL){
/* Load data to 'attrs' and save 'dn' */
- $ldap->cat ($dn);
- $this->attrs= $ldap->fetch();
+ if ($parent != NULL){
+ $this->attrs= $parent->attrs;
+ } else {
+ $ldap->cat ($dn);
+ $this->attrs= $ldap->fetch();
+ }
/* Copy needed attributes */
foreach ($this->attributes as $val){
@@ -208,10 +222,13 @@ class plugin
*/
function execute()
{
- # This one is empty currently. Fabian - please fill in the docu code
+ gosa_log("ACL ".get_class($this)." - ".$this->acl_category." - ".$this->acl_base);
+
+ /* This one is empty currently. Fabian - please fill in the docu code */
$_SESSION['current_class_for_help'] = get_class($this);
+
/* Reset Lock message POST/GET check array, to prevent perg_match errors*/
- $_SESSION['LOCK_VARS_TO_USE'] =array();
+ $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array();
}
/*! \brief execute plugin
@@ -263,7 +280,7 @@ class plugin
{
/* Save values to object */
foreach ($this->attributes as $val){
- if (chkacl ($this->acl, "$val") == "" && isset ($_POST["$val"])){
+ if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){
/* Check for modifications */
if (get_magic_quotes_gpc()) {
$data= stripcslashes($_POST["$val"]);
@@ -285,6 +302,9 @@ class plugin
$data = "";
}
$this->$val= $data;
+ //echo "".$val."
";
+ }else{
+ //echo "".$val."
";
}
}
}
@@ -306,10 +326,10 @@ class plugin
if (isset($tmp['objectClass'])){
$oc= $tmp["objectClass"];
- $this->new= FALSE;
+ $this->is_new= FALSE;
} else {
$oc= array("count" => 0);
- $this->new= TRUE;
+ $this->is_new= TRUE;
}
/* Load (minimum) attributes, add missing ones */
@@ -324,7 +344,7 @@ class plugin
foreach ($this->attributes as $val){
if ($this->$val != ""){
$this->attrs["$val"]= $this->$val;
- } elseif (!$this->new) {
+ } elseif (!$this->is_new) {
$this->attrs["$val"]= array();
}
}
@@ -500,9 +520,43 @@ class plugin
return FALSE;
}
+
+ /* Show header message for tab dialogs */
+ function show_enable_header($button_text, $text, $disabled= FALSE)
+ {
+ if (($disabled == TRUE) || (!$this->acl_is_createable())){
+ $state= "disabled";
+ } else {
+ $state= "";
+ }
+ $display= "
";
+
+ return($display);
+ }
+
+
+ /* Show header message for tab dialogs */
+ function show_disable_header($button_text, $text, $disabled= FALSE)
+ {
+ if (($disabled == TRUE) || !$this->acl_is_removeable()){
+ $state= "disabled";
+ } else {
+ $state= "";
+ }
+ $display= "";
+
+ return($display);
+ }
+
+
/* Show header message for tab dialogs */
function show_header($button_text, $text, $disabled= FALSE)
{
+ echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header
";
if ($disabled == TRUE){
$state= "disabled";
} else {
@@ -510,12 +564,13 @@ class plugin
}
$display= "";
return($display);
}
+
function postcreate($add_attrs= array())
{
/* Find postcreate entries for this class */
@@ -861,7 +916,9 @@ class plugin
}
$todo[] = "is_account";
foreach($todo as $var){
- $this->$var = $source->$var;
+ if (isset($source->$var)){
+ $this->$var= $source->$var;
+ }
}
}
@@ -928,7 +985,7 @@ class plugin
echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."
";
flush();
}
- $nattrs= array("gosaUnitTag" => $this->gosaUnitTag);
+ $nattrs= array("gosaUnitTag" => $tag);
$nattrs['objectClass']= array();
for ($i= 0; $i<$attrs['objectClass']['count']; $i++){
$oc= $attrs['objectClass'][$i];
@@ -939,7 +996,7 @@ class plugin
$nattrs['objectClass'][]= "gosaAdministrativeUnitTag";
$ldap->cd($dn);
$ldap->modify($nattrs);
- show_ldap_error($ldap->get_error(), _("Handle object tagging failed"));
+ show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
} else {
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging");
}
@@ -968,7 +1025,7 @@ class plugin
}
$ldap->cd($dn);
$ldap->modify($nattrs);
- show_ldap_error($ldap->get_error(), _("Handle object tagging failed"));
+ show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn));
} else {
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging");
}
@@ -996,12 +1053,6 @@ class plugin
/* Get configuration from gosa.conf */
$tmp = $this->config->current;
- /* Check if the undo level is specified */
- if(isset($tmp['SNAPSHOT_UNDO_LEVEL'])){
- $UndoLvl = $tmp['SNAPSHOT_UNDO_LEVEL'];
- }else{
- $UndoLvl = 5;
- }
/* Create lokal ldap connection */
$ldap= $this->config->get_ldap_link();
@@ -1022,10 +1073,9 @@ class plugin
$ldap_to = new LDAP($user,$password, $server);
$ldap_to -> cd($snapldapbase);
- show_ldap_error($ldap_to->get_error(), _("Snapshot failed."));
+ show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase));
}
-
/* check if the dn exists */
if ($ldap->dn_exists($this->dn)){
@@ -1069,28 +1119,22 @@ class plugin
$ldap_to->cd($new_dn);
$ldap_to->add($target);
- show_ldap_error($ldap_to->get_error(), _("Create snapshot failed."));
- show_ldap_error($ldap->get_error(), _("Create snapshot failed."));
-
- /* Check amount of used snapshots, and remove old ones if necessary */
- $test = $this->Available_SnapsShots($this->dn,true);
- if(count($test) > $UndoLvl){
- $toDel = array();
- foreach($test as $entry){
- $toDel[preg_replace("/-/","",$entry['gosaSnapshotTimestamp'][0])] = $entry['dn'];
- }
- krsort($toDel);
- $i = 0 ;
- foreach($toDel as $entryID => $entry){
- $i ++ ;
- if($i > $UndoLvl){
- $ldap_to->rmdir_recursive($entry);
- }
- }
- }
+ show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
+ show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base));
}
}
+ function remove_snapshot($dn)
+ {
+ $ui = get_userinfo();
+ $old_dn = $this->dn;
+ $this->dn = $dn;
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->rmdir_recursive($dn);
+ $this->dn = $old_dn;
+ }
+
/* returns true if snapshots are enabled, and false if it is disalbed
There will also be some errors psoted, if the configuration failed */
@@ -1146,7 +1190,7 @@ class plugin
$snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
$ldap_to = new LDAP($user,$password, $server);
$ldap_to -> cd ($snapldapbase);
- show_ldap_error($ldap_to->get_error(), _("Snapshot failed."));
+ show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn));
}else{
$ldap_to = $ldap;
}
@@ -1202,7 +1246,7 @@ class plugin
$snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
$ldap_to = new LDAP($user,$password, $server);
$ldap_to->cd ($snapldapbase);
- show_ldap_error($ldap_to->get_error(), _("Snapshot failed."));
+ show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn));
}else{
$ldap_to = $ldap;
}
@@ -1266,7 +1310,7 @@ class plugin
$snapldapbase = $tmp['SNAPSHOT_LDAP_BASE'];
$ldap_to = new LDAP($user,$password, $server);
$ldap_to->cd ($snapldapbase);
- show_ldap_error($ldap_to->get_error(), _("Snapshot failed."));
+ show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase));
}else{
$ldap_to = $ldap;
}
@@ -1280,7 +1324,7 @@ class plugin
/* Import the given data */
$ldap->import_complete_ldif($data,$err,false,false);
- show_ldap_error($ldap_to->get_error().$err, _("Restore snapshot failed."));
+ show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn));
}
@@ -1290,28 +1334,40 @@ class plugin
foreach($_POST as $name => $value){
/* Create a new snapshot, display a dialog */
- if(preg_match("/^CreateSnapShot_/",$name) && $once){
+ if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^CreateSnapShot_/","",$name);
+ $entry = preg_replace("/^CreateSnapShotDialog_/","",$name);
$entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
$this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
}
/* Restore a snapshot, display a dialog with all snapshots of the current object */
- if(preg_match("/^RestoreSnapShot_/",$name) && $once){
+ if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){
$once = false;
- $entry = preg_replace("/^RestoreSnapShot_/","",$name);
+ $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name);
$entry = base64_decode(preg_replace("/_[xy]$/","",$entry));
$this->snapDialog = new SnapShotDialog($this->config,$entry,$this);
- $this->snapDialog->Restore = true;
+ $this->snapDialog->display_restore_dialog = true;
}
/* Restore one of the already deleted objects */
if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){
$once = false;
- $this->snapDialog = new SnapShotDialog($this->config,$baseSuffixe,$this);
- $this->snapDialog->Restore = true;
- $this->snapDialog->DeletedOnes = true;
+ $this->snapDialog = new SnapShotDialog($this->config,"",$this);
+ $this->snapDialog->set_snapshot_bases($baseSuffixe);
+ $this->snapDialog->display_restore_dialog = true;
+ $this->snapDialog->display_all_removed_objects = true;
+ }
+
+ /* Restore selected snapshot */
+ if(preg_match("/^RestoreSnapShot_/",$name) && $once){
+ $once = false;
+ $entry = preg_replace("/^RestoreSnapShot_/","",$name);
+ $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry)));
+ if(!empty($entry)){
+ $this->restore_snapshot($entry);
+ $this->snapDialog = NULL;
+ }
}
}
@@ -1333,12 +1389,6 @@ class plugin
/* Restore is requested, restore the object with the posted dn .*/
if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){
- $entry =trim($_POST['SnapShot']);
- if(!empty($entry)){
- $entry = base64_decode($entry);
- $this->restore_snapshot($entry);
- $this->snapDialog = NULL;
- }
}
if(isset($_POST['CancelSnapshot'])){
@@ -1350,6 +1400,215 @@ class plugin
return($this->snapDialog->execute());
}
}
+
+
+ function plInfo()
+ {
+ return array();
+ }
+
+
+ function set_acl_base($base)
+ {
+ $this->acl_base= $base;
+ }
+
+
+ function set_acl_category($category)
+ {
+ $this->acl_category= "$category/";
+ }
+
+
+ function acl_is_writeable($attribute,$skip_write = FALSE)
+ {
+ $ui= get_userinfo();
+ return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write));
+ }
+
+
+ function acl_is_readable($attribute)
+ {
+ $ui= get_userinfo();
+ return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute));
+ }
+
+
+ function acl_is_createable()
+ {
+ $ui= get_userinfo();
+ return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ }
+
+
+ function acl_is_removeable()
+ {
+ $ui= get_userinfo();
+ return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ }
+
+
+ function acl_is_moveable()
+ {
+ $ui= get_userinfo();
+ return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0'));
+ }
+
+
+ function acl_have_any_permissions()
+ {
+ }
+
+
+ function getacl($attribute,$skip_write= FALSE)
+ {
+ $ui= get_userinfo();
+ return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write);
+ }
+
+ /* Get all allowed bases to move an object to or to create a new object.
+ Idepartments also contains all base departments which lead to the allowed bases */
+ function get_allowed_bases($category = "")
+ {
+ $ui = get_userinfo();
+ $deps = array();
+
+ /* Set category */
+ if(empty($category)){
+ $category = $this->acl_category.get_class($this);
+ }
+
+ /* Is this a new object ? Or just an edited existing object */
+ if(!$this->initially_was_account && $this->is_account){
+ $new = true;
+ }else{
+ $new = false;
+ }
+
+ $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category));
+ foreach($this->config->idepartments as $dn => $name){
+
+ if(!in_array_ics($dn,$cat_bases)){
+ continue;
+ }
+
+ $acl = $ui->get_permissions($dn,$category);
+ if($new && preg_match("/c/",$acl)){
+ $deps[$dn] = $name;
+ }elseif(!$new && preg_match("/m/",$acl)){
+ $deps[$dn] = $name;
+ }
+ }
+
+ /* Add current base */
+ if(isset($this->base) && isset($this->config->idepartments[$this->base])){
+ $deps[$this->base] = $this->config->idepartments[$this->base];
+ }else{
+ echo "No default base found. ".$this->base."
";
+ }
+
+ return($deps);
+ }
+
+ /* This function modifies object acls too, if an object is moved.
+ * $old_dn specifies the actually used dn
+ * $new_dn specifies the destiantion dn
+ */
+ function update_acls($old_dn,$new_dn,$output_changes = FALSE)
+ {
+ global $config;
+
+ /* Check if old_dn is empty. This should never happen */
+ if(empty($old_dn) || empty($new_dn)){
+ trigger_error("Failed to check acl dependencies, wrong dn given.");
+ return;
+ }
+
+ /* Update userinfo if necessary */
+ if($_SESSION['ui']->dn == $old_dn){
+ $_SESSION['ui']->dn = $new_dn;
+ gosa_log(_("Updated current user dn from '".$old_dn."' to '".$new_dn."'"));
+ }
+
+ /* Object was moved, ensure that all acls will be moved too */
+ if($new_dn != $old_dn && $old_dn != "new"){
+
+ /* get_ldap configuration */
+ $update = array();
+ $ldap = $config->get_ldap_link();
+ $ldap->cd ($config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry"));
+ while($attrs = $ldap->fetch()){
+
+ $acls = array();
+
+ /* Walk through acls */
+ for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){
+
+ /* Reset vars */
+ $found = false;
+
+ /* Get Acl parts */
+ $acl_parts = split(":",$attrs['gosaAclEntry'][$i]);
+
+ /* Get every single member for this acl */
+ $members = array();
+ if(preg_match("/,/",$acl_parts[2])){
+ $members = split(",",$acl_parts[2]);
+ }else{
+ $members = array($acl_parts[2]);
+ }
+
+ /* Check if member match current dn */
+ foreach($members as $key => $member){
+ $member = base64_decode($member);
+ if($member == $old_dn){
+ $found = true;
+ $members[$key] = base64_encode($new_dn);
+ }
+ }
+
+ /* Create new member string */
+ $new_members = "";
+ foreach($members as $member){
+ $new_members .= $member.",";
+ }
+ $new_members = preg_replace("/,$/","",$new_members);
+ $acl_parts[2] = $new_members;
+
+ /* Reconstruckt acl entry */
+ $acl_str ="";
+ foreach($acl_parts as $t){
+ $acl_str .= $t.":";
+ }
+ $acl_str = preg_replace("/:$/","",$acl_str);
+ }
+
+ /* Acls for this object must be adjusted */
+ if($found){
+
+ if($output_changes){
+ echo "".
+ _("Changing ACL dn")." :
-"._("from")." ".
+ $old_dn.
+ "
-"._("to")." ".
+ $new_dn.
+ "
";
+ }
+ $update[$attrs['dn']] =array();
+ foreach($acls as $acl){
+ $update[$attrs['dn']]['gosaAclEntry'][] = $acl;
+ }
+ }
+ }
+
+ /* Write updated acls */
+ foreach($update as $dn => $attrs){
+ $ldap->cd($dn);
+ $ldap->modify($attrs);
+ }
+ }
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>