X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_userinfo.inc;h=68455e08765db4dd6345f8a8193c21a04c790bb4;hb=7afa23783bbaf8d983427a43b13c19a398f01206;hp=d7c1fec4b15d5f28ee4f59662e7094d5f40ec070;hpb=ee193942fc2a59ed31a6169a428c4f68e3131bf4;p=gosa.git diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index d7c1fec4b..68455e087 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -31,6 +31,7 @@ class userinfo var $gosaUnitTag= ""; var $subtreeACL= array(); var $ACL= array(); + var $ocMapping= array(); var $groups= array(); /* get acl's an put them into the userinfo object @@ -114,7 +115,7 @@ class userinfo $aclc[$attrs['dn']]= array(); $ol= array(); for($i= 0; $i<$attrs['gosaAclEntry']['count']; $i++){ - $ol= array_merge($ol, acl::explodeAcl($attrs['gosaAclEntry'][$i])); + $ol= array_merge($ol, @acl::explodeAcl($attrs['gosaAclEntry'][$i])); } $aclc[$attrs['dn']]= $ol; } @@ -131,18 +132,19 @@ class userinfo /* No members? This is good for all users... */ if (!count($type['members'])){ $interresting= TRUE; - } + } else { - /* Inspect members... */ - foreach ($type['members'] as $grp => $grpdsc){ - /* Some group inside the members that is relevant for us? */ - if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){ - $interresting= TRUE; - } + /* Inspect members... */ + foreach ($type['members'] as $grp => $grpdsc){ + /* Some group inside the members that is relevant for us? */ + if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){ + $interresting= TRUE; + } - /* User inside the members? */ - if (preg_replace('/^U:/', '', $grp) == $this->dn){ - $interresting= TRUE; + /* User inside the members? */ + if (preg_replace('/^U:/', '', $grp) == $this->dn){ + $interresting= TRUE; + } } } @@ -155,12 +157,27 @@ class userinfo } } + } - function get_permissions($dn, $object, $attribute) + function get_category_permissions($dn, $category) { - $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => ""); + /* Get list of objectClasses and get the permissions for it */ + $acl= ""; + if (isset($this->ocMapping[$category])){ + foreach($this->ocMapping[$category] as $oc){ + $acl.= $this->get_permissions($dn, $category."/".$oc); + } + } + + return ($acl); + } + + + function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE) + { + $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => ""); /* Build dn array */ $path= split(',', $dn); @@ -197,18 +214,25 @@ class userinfo /* Per object ACL? */ if (isset($subacl['acl'][$object][0])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][0])); + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][0]); continue; } /* Global ACL? */ - if (isset($subacl['acl'][0])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0])); + if (isset($subacl['acl']['all'][0])){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']['all'][0]); continue; } - } + /* If attribute is "", we want to know, if we've *any* permissions here... */ + if ($attribute == "" && isset($subacl['acl'][$object])){ + foreach($subacl['acl'][$object] as $attr => $dummy){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]); + } + continue; + } + } } } @@ -220,10 +244,17 @@ class userinfo } } + /* Remove write if needed */ + if ($skip_write){ + $ret= preg_replace('/w/', '', $ret); + } + return ($ret); } + /* Extract all departments that are accessible (direct or 'on the way' to an + accessible department) */ function get_module_departments($module) { global $plist; @@ -233,20 +264,28 @@ class userinfo /* Extract all relevant objects for this module from plist */ foreach ($plist->info as $object => $info){ - if (isset($info['plDepends']['objectClass']) && $info['plDepends']['objectClass'] == $module){ - $objects[$object]= $object; + if (!isset($info['plCategory'])){ + continue; + } + foreach ($info['plCategory'] as $idx => $data){ + if (preg_match('/^[0-9]+$/', $idx)){ + if ($data == $module){ + $objects[$object]= $object; + } + } else { + if ($idx == $module){ + $objects[$object]= $object; + } + } } } - /* Get all gosaDepartments */ - $ldap= $this->config->get_ldap_link(); - $ldap->cd($this->config->current['BASE']); - $ldap->search('objectClass=gosaDepartment', array('dn')); - while ($attrs= $ldap->fetch()){ - $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => ""); + /* For all gosaDepartments */ + foreach ($this->config->departments as $dn){ + $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => ""); /* Build dn array */ - $path= split(',', $attrs['dn']); + $path= split(',', $dn); $path= array_reverse($path); /* Walk along the path to evaluate the acl */ @@ -274,28 +313,32 @@ class userinfo /* Per object ACL? */ foreach ($objects as $object){ - if (isset($subacl['acl'][$object])){ - foreach($subacl['acl'][$object] as $attribute => $dcl){ - if (isset($subacl['acl'][$object][$attribute])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][$attribute])); - } + if (isset($subacl['acl']["$module/$object"])){ + foreach($subacl['acl']["$module/$object"] as $attribute => $dcl){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/$object"][$attribute]); } } } /* Global ACL? */ - if (isset($subacl['acl'][0])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0])); + if (isset($subacl['acl']["$module/all"][0])){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/all"][0]); + continue; + } + + /* Global ACL? */ + if (isset($subacl['acl']["all"][0])){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["all"][0]); continue; } } } } - /* Add department, if we have (some) permissions for the requred module */ + /* Add department, if we have (some) permissions for the required module */ foreach ($acl as $val){ if ($val != ""){ - $deps[]= $attrs['dn']; + $deps[]= $dn; break; } }