X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_userinfo.inc;h=2c46e9efcd63f72ca88a5fe53b5824f4845b36e5;hb=6bc38be280f4dd4b0386b2c256749934cb37e86e;hp=c25cab419498e8b671e6b7b7c846b075b242af85;hpb=c199bfbb3c1206b7d7e4d40f35538a923301c2cf;p=gosa.git diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index c25cab419..2c46e9efc 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -37,8 +37,8 @@ class userinfo /* get acl's an put them into the userinfo object attr subtreeACL (userdn:components, userdn:component1#sub1#sub2,component2,...) */ - function userinfo($config, $userdn){ - $this->config= $config; + function userinfo(&$config, $userdn){ + $this->config= &$config; $ldap= $this->config->get_ldap_link(); $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag')); $attrs= $ldap->fetch(); @@ -64,14 +64,25 @@ class userinfo $this->dn= $userdn; $this->uid= $attrs['uid'][0]; $this->ip= $_SERVER['REMOTE_ADDR']; + + /* Initialize ACL_CACHE */ + $_SESSION['ACL_CACHE']= array(); + $this->reset_acl_cache(); } + public function reset_acl_cache() + { + /* Initialize ACL_CACHE */ + $_SESSION['ACL_CACHE']= array(); + } + function loadACL() { $this->ACL= array(); $this->groups= array(); $this->result_cache =array(); + $this->reset_acl_cache(); $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); @@ -97,6 +108,31 @@ class userinfo $aclc[$attrs['dn']]= $ol; } + /* Resolve roles here. + */ + foreach($aclc as $dn => $data){ + foreach($data as $prio => $aclc_value) { + if($aclc_value['type'] == "role"){ + + unset($aclc[$dn][$prio]); + + $ldap->cat($aclc_value['acl'],array("gosaAclTemplate")); + $attrs = $ldap->fetch(); + + if(isset($attrs['gosaAclTemplate'])){ + for($i= 0; $i<$attrs['gosaAclTemplate']['count']; $i++){ + $tmp = @acl::explodeAcl($attrs['gosaAclTemplate'][$i]); + + foreach($tmp as $new_acl){ + $new_acl['members'] = $aclc_value['members']; + $aclc[$dn][] =$new_acl; + } + } + } + } + } + } + /* ACL's read, sort for tree depth */ asort($aclp); @@ -153,6 +189,11 @@ class userinfo function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE) { + /* Push cache answer? */ + if (isset($_SESSION['ACL_CACHE']["$dn+$object+$attribute"])){ + return ($_SESSION['ACL_CACHE']["$dn+$object+$attribute"]); + } + $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => ""); /* Build dn array */ @@ -182,6 +223,11 @@ class userinfo continue; } + if($subacl['type'] == "role") { + echo "role skipped"; + continue; + } + /* Per attribute ACL? */ if (isset($subacl['acl'][$object][$attribute])){ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attribute]); @@ -225,6 +271,7 @@ class userinfo $ret= preg_replace('/w/', '', $ret); } + $_SESSION['ACL_CACHE']["$dn+$object+$attribute"]= $ret; return ($ret); } @@ -286,6 +333,11 @@ class userinfo $acl= $this->cleanACL($acl, TRUE); continue; } + + if($subacl['type'] == 'role'){ + echo "role skipped"; + continue; + } /* Per object ACL? */ foreach ($objects as $object){ @@ -326,9 +378,10 @@ class userinfo function mergeACL($acl, $type, $newACL) { - if(preg_match("/w/",$newACL) && !preg_match("/r/",$newACL)){ + if (strpos($newACL, 'w') !== FALSE && strpos($newACL, 'r') === FALSE){ $newACL .= "r"; } + foreach(str_split($newACL) as $char){ /* Ignore invalid characters */ @@ -368,20 +421,20 @@ class userinfo function cleanACL($acl, $reset= FALSE) { - foreach ($acl as $key => $value){ + foreach ($acl as &$value){ /* Reset removes everything but 'p' */ if ($reset && $value != 'p'){ - $acl[$key]= ""; + $value= ""; continue; } /* Decrease tree level */ - if (preg_match('/^[0-9]+$/', $value)){ - if ($value > 0){ - $acl[$key]= $value - 1; + if (is_int($value)){ + if ($value){ + $value--; } else { - $acl[$key]= ""; + $value= ""; } } } @@ -403,7 +456,6 @@ class userinfo $acl = "rwcdm"; $types = "rwcdm"; - if(!is_string($category)){ trigger_error("category must be string"); $acl = "";