X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_userinfo.inc;h=68455e08765db4dd6345f8a8193c21a04c790bb4;hb=0adbff1190cf5933e2f48f5c9022496de7bade2e;hp=c077dc4c53e4c06f61af69de57b409ed4bd8c44a;hpb=972e6ba8a258637d0fea0a90b691c3373e3173a8;p=gosa.git

diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index c077dc4c5..68455e087 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -31,6 +31,7 @@ class userinfo
   var $gosaUnitTag= "";
   var $subtreeACL= array();
   var $ACL= array();
+  var $ocMapping= array();
   var $groups= array();
 
   /* get acl's an put them into the userinfo object
@@ -131,18 +132,19 @@ class userinfo
         /* No members? This is good for all users... */
         if (!count($type['members'])){
           $interresting= TRUE;
-        }
+        } else {
 
-        /* Inspect members... */
-        foreach ($type['members'] as $grp => $grpdsc){
-          /* Some group inside the members that is relevant for us? */
-          if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){
-            $interresting= TRUE;
-          }
+          /* Inspect members... */
+          foreach ($type['members'] as $grp => $grpdsc){
+            /* Some group inside the members that is relevant for us? */
+            if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){
+              $interresting= TRUE;
+            }
 
-          /* User inside the members? */
-          if (preg_replace('/^U:/', '', $grp) == $this->dn){
-            $interresting= TRUE;
+            /* User inside the members? */
+            if (preg_replace('/^U:/', '', $grp) == $this->dn){
+              $interresting= TRUE;
+            }
           }
         }
 
@@ -155,10 +157,25 @@ class userinfo
       }
 
     }
+
+  }
+
+
+  function get_category_permissions($dn, $category)
+  {
+    /* Get list of objectClasses and get the permissions for it */
+    $acl= "";
+    if (isset($this->ocMapping[$category])){
+      foreach($this->ocMapping[$category] as $oc){
+        $acl.= $this->get_permissions($dn, $category."/".$oc);
+      }
+    }
+
+    return ($acl);
   }
 
 
-  function get_permissions($dn, $object, $attribute, $skip_write= FALSE)
+  function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE)
   {
     $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => "");
 
@@ -202,13 +219,20 @@ class userinfo
           }
 
           /* Global ACL? */
-          if (isset($subacl['acl']['all'])){
+          if (isset($subacl['acl']['all'][0])){
             $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']['all'][0]);
             continue;
           }
 
-        }
+          /* If attribute is "", we want to know, if we've *any* permissions here... */
+          if ($attribute == "" && isset($subacl['acl'][$object])){
+            foreach($subacl['acl'][$object] as $attr => $dummy){
+              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]);
+            }
+            continue;
+          }
 
+        }
       }
     }
 
@@ -229,6 +253,8 @@ class userinfo
   }
 
 
+  /* Extract all departments that are accessible (direct or 'on the way' to an
+     accessible department) */
   function get_module_departments($module)
   {
     global $plist;
@@ -238,6 +264,9 @@ class userinfo
 
     /* Extract all relevant objects for this module from plist */
     foreach ($plist->info as $object => $info){
+      if (!isset($info['plCategory'])){
+        continue;
+      }
       foreach ($info['plCategory'] as $idx => $data){
         if (preg_match('/^[0-9]+$/', $idx)){
           if ($data == $module){
@@ -251,15 +280,12 @@ class userinfo
       }
     }
 
-    /* Get all gosaDepartments */
-    $ldap= $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search('objectClass=gosaDepartment', array('dn'));
-    while ($attrs= $ldap->fetch()){
+    /* For all gosaDepartments */
+    foreach ($this->config->departments as $dn){
       $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => "");
 
       /* Build dn array */
-      $path= split(',', $attrs['dn']);
+      $path= split(',', $dn);
       $path= array_reverse($path);
 
       /* Walk along the path to evaluate the acl */
@@ -287,28 +313,32 @@ class userinfo
 
             /* Per object ACL? */
             foreach ($objects as $object){
-              if (isset($subacl['acl'][$object])){
-                foreach($subacl['acl'][$object] as $attribute => $dcl){
-                  if (isset($subacl['acl'][$object][$attribute])){
-                    $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][$attribute]));
-                  }
+              if (isset($subacl['acl']["$module/$object"])){
+                foreach($subacl['acl']["$module/$object"] as $attribute => $dcl){
+                  $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/$object"][$attribute]);
                 }
               }
             }
 
             /* Global ACL? */
-            if (isset($subacl['acl'][0])){
-              $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0]));
+            if (isset($subacl['acl']["$module/all"][0])){
+              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/all"][0]);
+              continue;
+            }
+
+            /* Global ACL? */
+            if (isset($subacl['acl']["all"][0])){
+              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["all"][0]);
               continue;
             }
           }
         }
       }
 
-      /* Add department, if we have (some) permissions for the requred module */
+      /* Add department, if we have (some) permissions for the required module */
       foreach ($acl as $val){
         if ($val != ""){
-          $deps[]= $attrs['dn'];
+          $deps[]= $dn;
           break;
         }
       }