X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_plugin.inc;h=c32eca5f0c17daddceda8a87c5c0b04ff6cf9899;hb=d2a7f50083180fccb855c116a0f16cbca2636f62;hp=a4182cfd8773ba680b67ae5fa1a2a2dc39a14306;hpb=7bc6f21b34a8a3c432296d1430dcd91485985a5e;p=gosa.git diff --git a/include/class_plugin.inc b/include/class_plugin.inc index a4182cfd8..c32eca5f0 100644 --- a/include/class_plugin.inc +++ b/include/class_plugin.inc @@ -105,9 +105,12 @@ class plugin /* attribute list for save action */ var $attributes= array(); var $objectclasses= array(); - var $new= TRUE; + var $is_new= TRUE; var $saved_attributes= array(); + var $acl_base= ""; + var $acl_category= ""; + /* Plugin identifier */ var $plHeadline= ""; var $plDescription= ""; @@ -119,7 +122,7 @@ class plugin \param dn Distinguished name to initialize plugin from \sa plugin() */ - function plugin ($config, $dn= NULL) + function plugin ($config, $dn= NULL, $parent= NULL) { /* Configuration is fine, allways */ $this->config= $config; @@ -130,13 +133,20 @@ class plugin return; } + /* Save current dn as acl_base */ + $this->acl_base= $dn; + /* Get LDAP descriptor */ $ldap= $this->config->get_ldap_link(); if ($dn != NULL){ /* Load data to 'attrs' and save 'dn' */ - $ldap->cat ($dn); - $this->attrs= $ldap->fetch(); + if ($parent != NULL){ + $this->attrs= $parent->attrs; + } else { + $ldap->cat ($dn); + $this->attrs= $ldap->fetch(); + } /* Copy needed attributes */ foreach ($this->attributes as $val){ @@ -212,7 +222,9 @@ class plugin */ function execute() { - # This one is empty currently. Fabian - please fill in the docu code + gosa_log("ACL ".get_class($this)." - ".$this->acl_category." - ".$this->acl_base); + + /* This one is empty currently. Fabian - please fill in the docu code */ $_SESSION['current_class_for_help'] = get_class($this); /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ $_SESSION['LOCK_VARS_TO_USE'] =array(); @@ -313,10 +325,10 @@ class plugin if (isset($tmp['objectClass'])){ $oc= $tmp["objectClass"]; - $this->new= FALSE; + $this->is_new= FALSE; } else { $oc= array("count" => 0); - $this->new= TRUE; + $this->is_new= TRUE; } /* Load (minimum) attributes, add missing ones */ @@ -331,7 +343,7 @@ class plugin foreach ($this->attributes as $val){ if ($this->$val != ""){ $this->attrs["$val"]= $this->$val; - } elseif (!$this->new) { + } elseif (!$this->is_new) { $this->attrs["$val"]= array(); } } @@ -511,14 +523,13 @@ class plugin /* Show header message for tab dialogs */ function show_enable_header($button_text, $text, $disabled= FALSE) { - if ($disabled == TRUE){ + if (($disabled == TRUE) || (!$this->acl_is_createable())){ $state= "disabled"; } else { $state= ""; } $display= "\n

$text

\n"; - $display.= "acl_is_createable()?'':'disabled')." ".$state. + $display.= "

 

"; return($display); @@ -528,14 +539,13 @@ class plugin /* Show header message for tab dialogs */ function show_disable_header($button_text, $text, $disabled= FALSE) { - if ($disabled == TRUE){ + if (($disabled == TRUE) || !$this->acl_is_removeable()){ $state= "disabled"; } else { $state= ""; } $display= "\n

$text

\n"; - $display.= "acl_is_removeable()?'':'disabled')." ".$state. + $display.= "

 

"; return($display); @@ -905,7 +915,9 @@ class plugin } $todo[] = "is_account"; foreach($todo as $var){ - $this->$var = $source->$var; + if (isset($source->$var)){ + $this->$var= $source->$var; + } } } @@ -1113,18 +1125,13 @@ class plugin function remove_snapshot($dn) { -echo "FIXME: remove_snapshot uses old acl's
"; - $ui = get_userinfo(); - $acl = get_permissions ($dn, $ui->subtreeACL); - $acl = get_module_permission($acl, "snapshot", $dn); - - if (chkacl($this->acl, "delete") == ""){ - $ldap = $this->config->get_ldap_link(); - $ldap->cd($this->config->current['BASE']); - $ldap->rmdir_recursive($dn); - }else{ - print_red (_("You are not allowed to delete this snapshot!")); - } + $ui = get_userinfo(); + $old_dn = $this->dn; + $this->dn = $dn; + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ldap->rmdir_recursive($dn); + $this->dn = $old_dn; } @@ -1345,7 +1352,8 @@ echo "FIXME: remove_snapshot uses old acl's
"; /* Restore one of the already deleted objects */ if(preg_match("/^RestoreDeletedSnapShot_/",$name) && $once){ $once = false; - $this->snapDialog = new SnapShotDialog($this->config,$baseSuffixe,$this); + $this->snapDialog = new SnapShotDialog($this->config,"",$this); + $this->snapDialog->set_snapshot_bases($baseSuffixe); $this->snapDialog->display_restore_dialog = true; $this->snapDialog->display_all_removed_objects = true; } @@ -1399,46 +1407,107 @@ echo "FIXME: remove_snapshot uses old acl's
"; } + function set_acl_base($base) + { + $this->acl_base= $base; + } + + + function set_acl_category($category) + { + $this->acl_category= "$category/"; + } + + function acl_is_writeable($attribute,$skip_write = FALSE) { $ui= get_userinfo(); - return preg_match('/w/', $ui->get_permissions($this->dn, get_class($this), $attribute,$skip_write)); + return preg_match('/w/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute, $skip_write)); } function acl_is_readable($attribute) { $ui= get_userinfo(); - return preg_match('/r/', $ui->get_permissions($this->dn, get_class($this), $attribute)); + return preg_match('/r/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute)); } function acl_is_createable() { $ui= get_userinfo(); - return preg_match('/c/', $ui->get_permissions($this->dn, get_class($this), '0')); + return preg_match('/c/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); } function acl_is_removeable() { $ui= get_userinfo(); - return preg_match('/d/', $ui->get_permissions($this->dn, get_class($this), '0')); + return preg_match('/d/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); } function acl_is_moveable() { $ui= get_userinfo(); - return preg_match('/m/', $ui->get_permissions($this->dn, get_class($this), '0')); + return preg_match('/m/', $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), '0')); + } + + + function acl_have_any_permissions() + { } function getacl($attribute,$skip_write= FALSE) { $ui= get_userinfo(); - return $ui->get_permissions($this->dn, get_class($this), $attribute,$skip_write); + return $ui->get_permissions($this->acl_base, $this->acl_category.get_class($this), $attribute,$skip_write); + } + + /* Get all allowed bases to move an object to or to create a new object. + Idepartments also contains all base departments which lead to the allowed bases */ + function get_allowed_bases($category = "") + { + $ui = get_userinfo(); + $deps = array(); + + /* Set category */ + if(empty($category)){ + $category = $this->acl_category.get_class($this); + } + + /* Is this a new object ? Or just an edited existing object */ + if(!$this->initially_was_account && $this->is_account){ + $new = true; + }else{ + $new = false; + } + + /* Add current base */ + if(isset($this->base) && isset($this->config->idepartments[$this->base])){ + $deps[$this->base] = $this->config->idepartments[$this->base]; + }else{ + echo "No default base found. ".$this->base."
"; + } + + $cat_bases = $ui->get_module_departments(preg_replace("/\/.*$/","",$category)); + foreach($this->config->idepartments as $dn => $name){ + + if(!in_array_ics($dn,$cat_bases)){ + continue; + } + + $acl = $ui->get_permissions($dn,$category); + if($new && preg_match("/c/",$acl)){ + $deps[$dn] = $name; + }elseif(!$new && preg_match("/m/",$acl)){ + $deps[$dn] = $name; + } + } + return($deps); } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?>