X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_userinfo.inc;h=85417cdb150254e873884e716683968338515409;hb=2255bc8f95b2e1159d9306a99f1c563536eb06c6;hp=20c48209b71ac4c6758286d5017793afa2891d45;hpb=da6de1ed136c1659d451e61cf00b950b7cf2e249;p=gosa.git diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index 20c48209b..85417cdb1 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -31,7 +31,9 @@ class userinfo var $gosaUnitTag= ""; var $subtreeACL= array(); var $ACL= array(); + var $ocMapping= array(); var $groups= array(); + var $result_cache =array(); /* get acl's an put them into the userinfo object attr subtreeACL (userdn:components, userdn:component1#sub1#sub2,component2,...) */ @@ -94,6 +96,7 @@ class userinfo $this->ACL= array(); $this->groups= array(); + $this->result_cache =array(); $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); @@ -131,18 +134,19 @@ class userinfo /* No members? This is good for all users... */ if (!count($type['members'])){ $interresting= TRUE; - } + } else { - /* Inspect members... */ - foreach ($type['members'] as $grp => $grpdsc){ - /* Some group inside the members that is relevant for us? */ - if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){ - $interresting= TRUE; - } + /* Inspect members... */ + foreach ($type['members'] as $grp => $grpdsc){ + /* Some group inside the members that is relevant for us? */ + if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){ + $interresting= TRUE; + } - /* User inside the members? */ - if (preg_replace('/^U:/', '', $grp) == $this->dn){ - $interresting= TRUE; + /* User inside the members? */ + if (preg_replace('/^U:/', '', $grp) == $this->dn){ + $interresting= TRUE; + } } } @@ -155,10 +159,25 @@ class userinfo } } + } - function get_permissions($dn, $object, $attribute, $skip_write= FALSE) + function get_category_permissions($dn, $category) + { + /* Get list of objectClasses and get the permissions for it */ + $acl= ""; + if (isset($this->ocMapping[$category])){ + foreach($this->ocMapping[$category] as $oc){ + $acl.= $this->get_permissions($dn, $category."/".$oc); + } + } + + return ($acl); + } + + + function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE) { $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => ""); @@ -197,18 +216,25 @@ class userinfo /* Per object ACL? */ if (isset($subacl['acl'][$object][0])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][0])); + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][0]); continue; } /* Global ACL? */ - if (isset($subacl['acl']['all'])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl']['all'][0])); + if (isset($subacl['acl']['all'][0])){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']['all'][0]); continue; } - } + /* If attribute is "", we want to know, if we've *any* permissions here... */ + if ($attribute == "" && isset($subacl['acl'][$object])){ + foreach($subacl['acl'][$object] as $attr => $dummy){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]); + } + continue; + } + } } } @@ -229,6 +255,8 @@ class userinfo } + /* Extract all departments that are accessible (direct or 'on the way' to an + accessible department) */ function get_module_departments($module) { global $plist; @@ -238,6 +266,9 @@ class userinfo /* Extract all relevant objects for this module from plist */ foreach ($plist->info as $object => $info){ + if (!isset($info['plCategory'])){ + continue; + } foreach ($info['plCategory'] as $idx => $data){ if (preg_match('/^[0-9]+$/', $idx)){ if ($data == $module){ @@ -251,15 +282,12 @@ class userinfo } } - /* Get all gosaDepartments */ - $ldap= $this->config->get_ldap_link(); - $ldap->cd($this->config->current['BASE']); - $ldap->search('objectClass=gosaDepartment', array('dn')); - while ($attrs= $ldap->fetch()){ + /* For all gosaDepartments */ + foreach ($this->config->departments as $dn){ $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => ""); /* Build dn array */ - $path= split(',', $attrs['dn']); + $path= split(',', $dn); $path= array_reverse($path); /* Walk along the path to evaluate the acl */ @@ -287,28 +315,32 @@ class userinfo /* Per object ACL? */ foreach ($objects as $object){ - if (isset($subacl['acl'][$object])){ - foreach($subacl['acl'][$object] as $attribute => $dcl){ - if (isset($subacl['acl'][$object][$attribute])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][$attribute])); - } + if (isset($subacl['acl']["$module/$object"])){ + foreach($subacl['acl']["$module/$object"] as $attribute => $dcl){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/$object"][$attribute]); } } } /* Global ACL? */ - if (isset($subacl['acl'][0])){ - $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0])); + if (isset($subacl['acl']["$module/all"][0])){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/all"][0]); + continue; + } + + /* Global ACL? */ + if (isset($subacl['acl']["all"][0])){ + $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["all"][0]); continue; } } } } - /* Add department, if we have (some) permissions for the requred module */ + /* Add department, if we have (some) permissions for the required module */ foreach ($acl as $val){ if ($val != ""){ - $deps[]= $attrs['dn']; + $deps[]= $dn; break; } } @@ -380,6 +412,49 @@ class userinfo return ($acl); } + + /* #FIXME This could be logical wrong or could be optimized in the future + Return combined acls for a given category. + All acls will be combined like boolean AND + As example ('rwcdm' + 'rcd' + 'wrm'= 'r') + + Results will be cached in $this->result_cache. + $this->result_cache will be resetted if load_acls is called. + */ + function has_complete_category_acls($dn,$category) + { + $acl = "rwcdm"; + $types = "rwcdm"; + + + if(!is_string($category)){ + trigger_error("category must be string"); + $acl = ""; + }else{ + if(!isset($this->result_cache['has_complete_category_acls'][$dn][$category])) { + if (isset($this->ocMapping[$category])){ + foreach($this->ocMapping[$category] as $oc){ + + /* Skip objectClass '0' (e.g. users/0) get_permissions will ever return '' ?? */ + if($oc == "0") continue; + $tmp = $this->get_permissions($dn, $category."/".$oc); + for($i = 0 ; $i < strlen($types); $i++) { + if(!preg_match("/".$types[$i]."/",$tmp)){ + $acl = preg_replace("/".$types[$i]."/","",$acl); + } + } + } + }else{ + trigger_error("Invalid type of category ".$category); + $acl = ""; + } + $this->result_cache['has_complete_category_acls'][$dn][$category] = $acl; + }else{ + $acl = $this->result_cache['has_complete_category_acls'][$dn][$category]; + } + } + return($acl); + } } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: