X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_plugin.inc;h=6cbec1b4eddc6cf2a5559cf6b04e21b406a3c27c;hb=76c4c4c531f38b9ab5a8cd0e49cc34c91260c354;hp=df9412f90b03c70d953e11bfe7dd009a7430bd73;hpb=9c7a5a68b6025703828c7f2437b3751851566c07;p=gosa.git diff --git a/include/class_plugin.inc b/include/class_plugin.inc index df9412f90..6cbec1b4e 100644 --- a/include/class_plugin.inc +++ b/include/class_plugin.inc @@ -105,9 +105,16 @@ class plugin /* attribute list for save action */ var $attributes= array(); var $objectclasses= array(); - var $new= TRUE; + var $is_new= TRUE; var $saved_attributes= array(); + var $acl_base= ""; + var $acl_category= ""; + + /* Plugin identifier */ + var $plHeadline= ""; + var $plDescription= ""; + /*! \brief plugin constructor If 'dn' is set, the node loads the given 'dn' from LDAP @@ -115,7 +122,7 @@ class plugin \param dn Distinguished name to initialize plugin from \sa plugin() */ - function plugin ($config, $dn= NULL) + function plugin ($config, $dn= NULL, $parent= NULL) { /* Configuration is fine, allways */ $this->config= $config; @@ -126,13 +133,20 @@ class plugin return; } + /* Save current dn as acl_base */ + $this->acl_base= $dn; + /* Get LDAP descriptor */ $ldap= $this->config->get_ldap_link(); if ($dn != NULL){ /* Load data to 'attrs' and save 'dn' */ - $ldap->cat ($dn); - $this->attrs= $ldap->fetch(); + if ($parent != NULL){ + $this->attrs= $parent->attrs; + } else { + $ldap->cat ($dn); + $this->attrs= $ldap->fetch(); + } /* Copy needed attributes */ foreach ($this->attributes as $val){ @@ -208,10 +222,13 @@ class plugin */ function execute() { - # This one is empty currently. Fabian - please fill in the docu code + gosa_log("ACL ".get_class($this)." - ".$this->acl_category." - ".$this->acl_base); + + /* This one is empty currently. Fabian - please fill in the docu code */ $_SESSION['current_class_for_help'] = get_class($this); + /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ - $_SESSION['LOCK_VARS_TO_USE'] =array(); + $_SESSION['LOCK_VARS_TO_USE'] = $_SESSION['LOCK_VARS_USED'] =array(); } /*! \brief execute plugin @@ -263,7 +280,7 @@ class plugin { /* Save values to object */ foreach ($this->attributes as $val){ - if (chkacl ($this->acl, "$val") == "" && isset ($_POST["$val"])){ + if ($this->acl_is_writeable($val) && isset ($_POST["$val"])){ /* Check for modifications */ if (get_magic_quotes_gpc()) { $data= stripcslashes($_POST["$val"]); @@ -285,6 +302,9 @@ class plugin $data = ""; } $this->$val= $data; + //echo "".$val."
"; + }else{ + //echo "".$val."
"; } } } @@ -306,10 +326,10 @@ class plugin if (isset($tmp['objectClass'])){ $oc= $tmp["objectClass"]; - $this->new= FALSE; + $this->is_new= FALSE; } else { $oc= array("count" => 0); - $this->new= TRUE; + $this->is_new= TRUE; } /* Load (minimum) attributes, add missing ones */ @@ -324,7 +344,7 @@ class plugin foreach ($this->attributes as $val){ if ($this->$val != ""){ $this->attrs["$val"]= $this->$val; - } elseif (!$this->new) { + } elseif (!$this->is_new) { $this->attrs["$val"]= array(); } } @@ -500,9 +520,43 @@ class plugin return FALSE; } + + /* Show header message for tab dialogs */ + function show_enable_header($button_text, $text, $disabled= FALSE) + { + if (($disabled == TRUE) || (!$this->acl_is_createable())){ + $state= "disabled"; + } else { + $state= ""; + } + $display= "\n

$text

\n"; + $display.= "

 

"; + + return($display); + } + + + /* Show header message for tab dialogs */ + function show_disable_header($button_text, $text, $disabled= FALSE) + { + if (($disabled == TRUE) || !$this->acl_is_removeable()){ + $state= "disabled"; + } else { + $state= ""; + } + $display= "\n

$text

\n"; + $display.= "

 

"; + + return($display); + } + + /* Show header message for tab dialogs */ function show_header($button_text, $text, $disabled= FALSE) { + echo "FIXME: show_header should be replaced by show_disable_header and show_enable_header
"; if ($disabled == TRUE){ $state= "disabled"; } else { @@ -510,12 +564,13 @@ class plugin } $display= "\n

$text

\n"; $display.= "acl, "all")." ".$state. + ($this->acl_is_createable()?'':'disabled')." ".$state. ">

 

"; return($display); } + function postcreate($add_attrs= array()) { /* Find postcreate entries for this class */ @@ -861,7 +916,9 @@ class plugin } $todo[] = "is_account"; foreach($todo as $var){ - $this->$var = $source->$var; + if (isset($source->$var)){ + $this->$var= $source->$var; + } } } @@ -928,7 +985,7 @@ class plugin echo sprintf(_("Adding tag (%s) to object '%s'"), $tag, @LDAP::fix($dn))."
"; flush(); } - $nattrs= array("gosaUnitTag" => $this->gosaUnitTag); + $nattrs= array("gosaUnitTag" => $tag); $nattrs['objectClass']= array(); for ($i= 0; $i<$attrs['objectClass']['count']; $i++){ $oc= $attrs['objectClass'][$i]; @@ -939,7 +996,7 @@ class plugin $nattrs['objectClass'][]= "gosaAdministrativeUnitTag"; $ldap->cd($dn); $ldap->modify($nattrs); - show_ldap_error($ldap->get_error(), _("Handle object tagging failed")); + show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn)); } else { @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not tagging ($tag) $dn - seems to have moved away", "Tagging"); } @@ -968,7 +1025,7 @@ class plugin } $ldap->cd($dn); $ldap->modify($nattrs); - show_ldap_error($ldap->get_error(), _("Handle object tagging failed")); + show_ldap_error($ldap->get_error(), sprintf(_("Handle object tagging with dn '%s' failed."),$dn)); } else { @DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, "Not removing tag ($tag) $dn - seems to have moved away", "Tagging"); } @@ -996,12 +1053,6 @@ class plugin /* Get configuration from gosa.conf */ $tmp = $this->config->current; - /* Check if the undo level is specified */ - if(isset($tmp['SNAPSHOT_UNDO_LEVEL'])){ - $UndoLvl = $tmp['SNAPSHOT_UNDO_LEVEL']; - }else{ - $UndoLvl = 5; - } /* Create lokal ldap connection */ $ldap= $this->config->get_ldap_link(); @@ -1022,10 +1073,9 @@ class plugin $ldap_to = new LDAP($user,$password, $server); $ldap_to -> cd($snapldapbase); - show_ldap_error($ldap_to->get_error(), _("Snapshot failed.")); + show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$snapldapbase)); } - /* check if the dn exists */ if ($ldap->dn_exists($this->dn)){ @@ -1069,28 +1119,22 @@ class plugin $ldap_to->cd($new_dn); $ldap_to->add($target); - show_ldap_error($ldap_to->get_error(), _("Create snapshot failed.")); - show_ldap_error($ldap->get_error(), _("Create snapshot failed.")); - - /* Check amount of used snapshots, and remove old ones if necessary */ - $test = $this->Available_SnapsShots($this->dn,true); - if(count($test) > $UndoLvl){ - $toDel = array(); - foreach($test as $entry){ - $toDel[preg_replace("/-/","",$entry['gosaSnapshotTimestamp'][0])] = $entry['dn']; - } - krsort($toDel); - $i = 0 ; - foreach($toDel as $entryID => $entry){ - $i ++ ; - if($i > $UndoLvl){ - $ldap_to->rmdir_recursive($entry); - } - } - } + show_ldap_error($ldap->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base)); + show_ldap_error($ldap_to->get_error(), sprintf(_("Saving object snapshot with dn '%s' failed."),$new_base)); } } + function remove_snapshot($dn) + { + $ui = get_userinfo(); + $old_dn = $this->dn; + $this->dn = $dn; + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->rmdir_recursive($dn); + $this->dn = $old_dn; + } + /* returns true if snapshots are enabled, and false if it is disalbed There will also be some errors psoted, if the configuration failed */ @@ -1146,7 +1190,7 @@ class plugin $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE']; $ldap_to = new LDAP($user,$password, $server); $ldap_to -> cd ($snapldapbase); - show_ldap_error($ldap_to->get_error(), _("Snapshot failed.")); + show_ldap_error($ldap->get_error(), sprintf(_("Method get available snapshots with dn '%s' failed."),$this->dn)); }else{ $ldap_to = $ldap; } @@ -1202,7 +1246,7 @@ class plugin $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE']; $ldap_to = new LDAP($user,$password, $server); $ldap_to->cd ($snapldapbase); - show_ldap_error($ldap_to->get_error(), _("Snapshot failed.")); + show_ldap_error($ldap->get_error(), sprintf(_("Method get deleted snapshots with dn '%s' failed."),$this->dn)); }else{ $ldap_to = $ldap; } @@ -1266,7 +1310,7 @@ class plugin $snapldapbase = $tmp['SNAPSHOT_LDAP_BASE']; $ldap_to = new LDAP($user,$password, $server); $ldap_to->cd ($snapldapbase); - show_ldap_error($ldap_to->get_error(), _("Snapshot failed.")); + show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$snapldapbase)); }else{ $ldap_to = $ldap; } @@ -1280,7 +1324,7 @@ class plugin /* Import the given data */ $ldap->import_complete_ldif($data,$err,false,false); - show_ldap_error($ldap_to->get_error().$err, _("Restore snapshot failed.")); + show_ldap_error($ldap->get_error(), sprintf(_("Restore snapshot with dn '%s' failed."),$dn)); } @@ -1290,17 +1334,17 @@ class plugin foreach($_POST as $name => $value){ /* Create a new snapshot, display a dialog */ - if(preg_match("/^CreateSnapShot_/",$name) && $once){ + if(preg_match("/^CreateSnapShotDialog_/",$name) && $once){ $once = false; - $entry = preg_replace("/^CreateSnapShot_/","",$name); + $entry = preg_replace("/^CreateSnapShotDialog_/","",$name); $entry = base64_decode(preg_replace("/_[xy]$/","",$entry)); $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); } /* Restore a snapshot, display a dialog with all snapshots of the current object */ - if(preg_match("/^RestoreSnapShot_/",$name) && $once){ + if(preg_match("/^RestoreSnapShotDialog_/",$name) && $once){ $once = false; - $entry = preg_replace("/^RestoreSnapShot_/","",$name); + $entry = preg_replace("/^RestoreSnapShotDialog_/","",$name); $entry = base64_decode(preg_replace("/_[xy]$/","",$entry)); $this->snapDialog = new SnapShotDialog($this->config,$entry,$this); $this->snapDialog->display_restore_dialog = true; @@ -1309,9 +1353,21 @@ class plugin /* Restore one of the already deleted objects */ if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){ $once = false; - $this->snapDialog = new SnapShotDialog($this->config,$baseSuffixe,$this); + $this->snapDialog = new SnapShotDialog($this->config,"",$this); + $this->snapDialog->set_snapshot_bases($baseSuffixe); $this->snapDialog->display_restore_dialog = true; - $this->snapDialog->DeletedOnes = true; + $this->snapDialog->display_all_removed_objects = true; + } + + /* Restore selected snapshot */ + if(preg_match("/^RestoreSnapShot_/",$name) && $once){ + $once = false; + $entry = preg_replace("/^RestoreSnapShot_/","",$name); + $entry = base64_decode(trim(preg_replace("/_[xy]$/","",$entry))); + if(!empty($entry)){ + $this->restore_snapshot($entry); + $this->snapDialog = NULL; + } } } @@ -1333,12 +1389,6 @@ class plugin /* Restore is requested, restore the object with the posted dn .*/ if((isset($_POST['RestoreSnapshot'])) && (isset($_POST['SnapShot']))){ - $entry =trim($_POST['SnapShot']); - if(!empty($entry)){ - $entry = base64_decode($entry); - $this->restore_snapshot($entry); - $this->snapDialog = NULL; - } } if(isset($_POST['CancelSnapshot'])){ @@ -1350,6 +1400,215 @@ class plugin return($this->snapDialog->execute()); } } + + + function plInfo() + { + return array(); + } + + + function set_acl_base($base) + { + $this->acl_base= $base; + } + + + function set_acl_category($category) + { + $this->acl_category= "$category/"; + } + + + function acl_is_writeable($attribute,$skip_write = FALSE) + { + $ui= get_userinfo(); + return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write)); + } + + + function acl_is_readable($attribute) + { + $ui= get_userinfo(); + return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute)); + } + + + function acl_is_createable() + { + $ui= get_userinfo(); + return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + } + + + function acl_is_removeable() + { + $ui= get_userinfo(); + return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + } + + + function acl_is_moveable() + { + $ui= get_userinfo(); + return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + } + + + function acl_have_any_permissions() + { + } + + + function getacl($attribute,$skip_write= FALSE) + { + $ui= get_userinfo(); + return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write); + } + + /* Get all allowed bases to move an object to or to create a new object. + Idepartments also contains all base departments which lead to the allowed bases */ + function get_allowed_bases($category = "") + { + $ui = get_userinfo(); + $deps = array(); + + /* Set category */ + if(empty($category)){ + $category = $this->acl_category.get_class($this); + } + + /* Is this a new object ? Or just an edited existing object */ + if(!$this->initially_was_account && $this->is_account){ + $new = true; + }else{ + $new = false; + } + + $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category)); + foreach($this->config->idepartments as $dn => $name){ + + if(!in_array_ics($dn,$cat_bases)){ + continue; + } + + $acl = $ui->get_permissions($dn,$category); + if($new && preg_match("/c/",$acl)){ + $deps[$dn] = $name; + }elseif(!$new && preg_match("/m/",$acl)){ + $deps[$dn] = $name; + } + } + + /* Add current base */ + if(isset($this->base) && isset($this->config->idepartments[$this->base])){ + $deps[$this->base] = $this->config->idepartments[$this->base]; + }else{ + echo "No default base found. ".$this->base."
"; + } + + return($deps); + } + + /* This function modifies object acls too, if an object is moved. + * $old_dn specifies the actually used dn + * $new_dn specifies the destiantion dn + */ + function update_acls($old_dn,$new_dn,$output_changes = FALSE) + { + global $config; + + /* Check if old_dn is empty. This should never happen */ + if(empty($old_dn) || empty($new_dn)){ + trigger_error("Failed to check acl dependencies, wrong dn given."); + return; + } + + /* Update userinfo if necessary */ + if($_SESSION['ui']->dn == $old_dn){ + $_SESSION['ui']->dn = $new_dn; + gosa_log(_("Updated current user dn from '".$old_dn."' to '".$new_dn."'")); + } + + /* Object was moved, ensure that all acls will be moved too */ + if($new_dn != $old_dn && $old_dn != "new"){ + + /* get_ldap configuration */ + $update = array(); + $ldap = $config->get_ldap_link(); + $ldap->cd ($config->current['BASE']); + $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*))",array("cn","gosaAclEntry")); + while($attrs = $ldap->fetch()){ + + $acls = array(); + + /* Walk through acls */ + for($i = 0 ; $i < $attrs['gosaAclEntry']['count'] ; $i ++ ){ + + /* Reset vars */ + $found = false; + + /* Get Acl parts */ + $acl_parts = split(":",$attrs['gosaAclEntry'][$i]); + + /* Get every single member for this acl */ + $members = array(); + if(preg_match("/,/",$acl_parts[2])){ + $members = split(",",$acl_parts[2]); + }else{ + $members = array($acl_parts[2]); + } + + /* Check if member match current dn */ + foreach($members as $key => $member){ + $member = base64_decode($member); + if($member == $old_dn){ + $found = true; + $members[$key] = base64_encode($new_dn); + } + } + + /* Create new member string */ + $new_members = ""; + foreach($members as $member){ + $new_members .= $member.","; + } + $new_members = preg_replace("/,$/","",$new_members); + $acl_parts[2] = $new_members; + + /* Reconstruckt acl entry */ + $acl_str =""; + foreach($acl_parts as $t){ + $acl_str .= $t.":"; + } + $acl_str = preg_replace("/:$/","",$acl_str); + } + + /* Acls for this object must be adjusted */ + if($found){ + + if($output_changes){ + echo "". + _("Changing ACL dn")." : 
 -"._("from")."  ". + $old_dn. + "
 -"._("to")." ". + $new_dn. + "
"; + } + $update[$attrs['dn']] =array(); + foreach($acls as $acl){ + $update[$attrs['dn']]['gosaAclEntry'][] = $acl; + } + } + } + + /* Write updated acls */ + foreach($update as $dn => $attrs){ + $ldap->cd($dn); + $ldap->modify($attrs); + } + } + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>