X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_userinfo.inc;h=2c46e9efcd63f72ca88a5fe53b5824f4845b36e5;hb=6bc38be280f4dd4b0386b2c256749934cb37e86e;hp=68455e08765db4dd6345f8a8193c21a04c790bb4;hpb=f72505093df188e8de73073b534c83fa85832370;p=gosa.git

diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index 68455e087..2c46e9efc 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -33,11 +33,12 @@ class userinfo
   var $ACL= array();
   var $ocMapping= array();
   var $groups= array();
+  var $result_cache =array();
 
   /* get acl's an put them into the userinfo object
      attr subtreeACL (userdn:components, userdn:component1#sub1#sub2,component2,...) */
-  function userinfo($config, $userdn){
-    $this->config= $config;
+  function userinfo(&$config, $userdn){
+    $this->config= &$config;
     $ldap= $this->config->get_ldap_link();
     $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag'));
     $attrs= $ldap->fetch();
@@ -63,38 +64,25 @@ class userinfo
     $this->dn= $userdn;
     $this->uid= $attrs['uid'][0];
     $this->ip= $_SERVER['REMOTE_ADDR'];
+
+    /* Initialize ACL_CACHE */
+    $_SESSION['ACL_CACHE']= array();
+    $this->reset_acl_cache();
   }
 
 
-  function loadACL()
+  public function reset_acl_cache()
   {
+    /* Initialize ACL_CACHE */
+    $_SESSION['ACL_CACHE']= array();
+  }
 
-#--------------------------------------------------------------------------OLD-BUT-ACTIVE-----------------------------
-    $ldap= $this->config->get_ldap_link();
-
-    /* Load ACL's from all groups we're in */
-    $this->subtreeACL= array();
-    $ldap->cd($this->config->current['BASE']);
-    if ($this->gidNumber == -1){
-      $ldap->search("(&(objectClass=posixGroup)(objectClass=gosaObject)".
-          "(memberUid=$this->username))");
-    } else {
-      $ldap->search("(&(objectClass=posixGroup)(objectClass=gosaObject)".
-          "(|(memberUid=$this->username)(gidNumber=$this->gidNumber)))");
-    }
-
-    while($attrs = $ldap->fetch()){
-      $base= preg_replace('/^[^,]+,ou=[^,]+,/i', "",$ldap->getDN());
-      $base= preg_replace("/[ ]*,[ ]*/", ",", $base);
-
-      for ($i= 0; $i<$attrs["gosaSubtreeACL"]["count"]; $i++){
-        $this->subtreeACL[$base][]= $attrs["gosaSubtreeACL"][$i];
-      }
-    }
-#echo "NEW ACL LOADING --------------------------------------------------------------------------------------------<br>";
-
+  function loadACL()
+  {
     $this->ACL= array();    
     $this->groups= array();    
+    $this->result_cache =array();
+    $this->reset_acl_cache();
     $ldap= $this->config->get_ldap_link();
     $ldap->cd($this->config->current['BASE']);
 
@@ -120,6 +108,31 @@ class userinfo
       $aclc[$attrs['dn']]= $ol;
     }
 
+    /* Resolve roles here. 
+     */
+    foreach($aclc as $dn => $data){
+      foreach($data as $prio => $aclc_value)  {
+        if($aclc_value['type'] == "role"){
+
+          unset($aclc[$dn][$prio]);
+
+          $ldap->cat($aclc_value['acl'],array("gosaAclTemplate"));
+          $attrs = $ldap->fetch();
+
+          if(isset($attrs['gosaAclTemplate'])){
+            for($i= 0; $i<$attrs['gosaAclTemplate']['count']; $i++){
+              $tmp = @acl::explodeAcl($attrs['gosaAclTemplate'][$i]);  
+
+              foreach($tmp as $new_acl){
+                $new_acl['members'] = $aclc_value['members'];
+                $aclc[$dn][] =$new_acl;
+              }
+            }      
+          }
+        }
+      }
+    }
+
     /* ACL's read, sort for tree depth */
     asort($aclp);
 
@@ -157,7 +170,6 @@ class userinfo
       }
 
     }
-
   }
 
 
@@ -177,6 +189,11 @@ class userinfo
 
   function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE)
   {
+    /* Push cache answer? */
+    if (isset($_SESSION['ACL_CACHE']["$dn+$object+$attribute"])){
+      return ($_SESSION['ACL_CACHE']["$dn+$object+$attribute"]);
+    }
+
     $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => "");
 
     /* Build dn array */
@@ -206,6 +223,11 @@ class userinfo
             continue;
           }
 
+          if($subacl['type'] == "role") {
+            echo "role skipped";
+            continue;
+          }
+
           /* Per attribute ACL? */
           if (isset($subacl['acl'][$object][$attribute])){
             $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attribute]);
@@ -249,6 +271,7 @@ class userinfo
       $ret= preg_replace('/w/', '', $ret);
     }
 
+    $_SESSION['ACL_CACHE']["$dn+$object+$attribute"]= $ret;
     return ($ret);
   }
 
@@ -310,6 +333,11 @@ class userinfo
               $acl= $this->cleanACL($acl, TRUE);
               continue;
             }
+    
+            if($subacl['type'] == 'role'){
+              echo "role skipped";
+              continue;
+            }
 
             /* Per object ACL? */
             foreach ($objects as $object){
@@ -350,6 +378,10 @@ class userinfo
 
   function mergeACL($acl, $type, $newACL)
   {
+    if (strpos($newACL, 'w') !== FALSE && strpos($newACL, 'r') === FALSE){
+      $newACL .= "r";
+    }
+
     foreach(str_split($newACL) as $char){
 
       /* Ignore invalid characters */
@@ -389,20 +421,20 @@ class userinfo
 
   function cleanACL($acl, $reset= FALSE)
   {
-    foreach ($acl as $key => $value){
+    foreach ($acl as &$value){
 
       /* Reset removes everything but 'p' */
       if ($reset && $value != 'p'){
-        $acl[$key]= "";
+        $value= "";
         continue;
       }
 
       /* Decrease tree level */
-      if (preg_match('/^[0-9]+$/', $value)){
-        if ($value > 0){
-          $acl[$key]= $value - 1;
+      if (is_int($value)){
+        if ($value){
+          $value--;
         } else {
-          $acl[$key]= "";
+          $value= "";
         }
       }
     }
@@ -410,6 +442,48 @@ class userinfo
     return ($acl);
   }
 
+
+  /* #FIXME This could be logical wrong or could be optimized in the future
+     Return combined acls for a given category. 
+     All acls will be combined like boolean AND 
+      As example ('rwcdm' + 'rcd' + 'wrm'= 'r') 
+    
+     Results will be cached in $this->result_cache.
+      $this->result_cache will be resetted if load_acls is called.
+  */
+  function has_complete_category_acls($dn,$category)
+  {
+    $acl    = "rwcdm";
+    $types  = "rwcdm";
+
+    if(!is_string($category)){
+      trigger_error("category must be string");   
+      $acl = "";
+    }else{
+      if(!isset($this->result_cache['has_complete_category_acls'][$dn][$category]))   {
+        if (isset($this->ocMapping[$category])){
+          foreach($this->ocMapping[$category] as $oc){
+
+            /* Skip objectClass '0' (e.g. users/0) get_permissions will ever return '' ??  */
+            if($oc == "0") continue;
+            $tmp =  $this->get_permissions($dn, $category."/".$oc);
+            for($i = 0 ; $i < strlen($types); $i++) {
+              if(!preg_match("/".$types[$i]."/",$tmp)){ 
+                $acl = preg_replace("/".$types[$i]."/","",$acl);
+              }
+            }
+          }
+        }else{
+          trigger_error("Invalid type of category ".$category);
+          $acl = "";
+        }
+        $this->result_cache['has_complete_category_acls'][$dn][$category] = $acl;
+      }else{
+        $acl = $this->result_cache['has_complete_category_acls'][$dn][$category];
+      }
+    }
+    return($acl);
+  }
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: