X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Fclass_userinfo.inc;h=c25cab419498e8b671e6b7b7c846b075b242af85;hb=c8e88e997402e4906104cd66cd8e22157209d87f;hp=2c5fb932ca9653b9099d34305ff5fefeac6924a9;hpb=6856edf1b09292b592fade8e70e4a39603ca8890;p=gosa.git

diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index 2c5fb932c..c25cab419 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -33,6 +33,7 @@ class userinfo
   var $ACL= array();
   var $ocMapping= array();
   var $groups= array();
+  var $result_cache =array();
 
   /* get acl's an put them into the userinfo object
      attr subtreeACL (userdn:components, userdn:component1#sub1#sub2,component2,...) */
@@ -68,34 +69,9 @@ class userinfo
 
   function loadACL()
   {
-
-#--------------------------------------------------------------------------OLD-BUT-ACTIVE-----------------------------
-    $ldap= $this->config->get_ldap_link();
-
-    /* Load ACL's from all groups we're in */
-    $this->subtreeACL= array();
-    $ldap->cd($this->config->current['BASE']);
-    if ($this->gidNumber == -1){
-      $ldap->search("(&(objectClass=posixGroup)(objectClass=gosaObject)".
-          "(memberUid=$this->username))");
-    } else {
-      $ldap->search("(&(objectClass=posixGroup)(objectClass=gosaObject)".
-          "(|(memberUid=$this->username)(gidNumber=$this->gidNumber)))");
-    }
-
-    while($attrs = $ldap->fetch()){
-      $base= preg_replace('/^[^,]+,ou=[^,]+,/i', "",$ldap->getDN());
-      $base= preg_replace("/[ ]*,[ ]*/", ",", $base);
-
-      for ($i= 0; $i<$attrs["gosaSubtreeACL"]["count"]; $i++){
-        $this->subtreeACL[$base][]= $attrs["gosaSubtreeACL"][$i];
-      }
-    }
-#echo "NEW ACL LOADING --------------------------------------------------------------------------------------------<br>";
-
     $this->ACL= array();    
-    $this->ocMapping= array();
     $this->groups= array();    
+    $this->result_cache =array();
     $ldap= $this->config->get_ldap_link();
     $ldap->cd($this->config->current['BASE']);
 
@@ -133,18 +109,19 @@ class userinfo
         /* No members? This is good for all users... */
         if (!count($type['members'])){
           $interresting= TRUE;
-        }
+        } else {
 
-        /* Inspect members... */
-        foreach ($type['members'] as $grp => $grpdsc){
-          /* Some group inside the members that is relevant for us? */
-          if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){
-            $interresting= TRUE;
-          }
+          /* Inspect members... */
+          foreach ($type['members'] as $grp => $grpdsc){
+            /* Some group inside the members that is relevant for us? */
+            if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){
+              $interresting= TRUE;
+            }
 
-          /* User inside the members? */
-          if (preg_replace('/^U:/', '', $grp) == $this->dn){
-            $interresting= TRUE;
+            /* User inside the members? */
+            if (preg_replace('/^U:/', '', $grp) == $this->dn){
+              $interresting= TRUE;
+            }
           }
         }
 
@@ -157,7 +134,6 @@ class userinfo
       }
 
     }
-
   }
 
 
@@ -167,7 +143,7 @@ class userinfo
     $acl= "";
     if (isset($this->ocMapping[$category])){
       foreach($this->ocMapping[$category] as $oc){
-        $acl.= $this->get_permissions($dn, $category."/".$oc, "");
+        $acl.= $this->get_permissions($dn, $category."/".$oc);
       }
     }
 
@@ -253,6 +229,8 @@ class userinfo
   }
 
 
+  /* Extract all departments that are accessible (direct or 'on the way' to an
+     accessible department) */
   function get_module_departments($module)
   {
     global $plist;
@@ -278,15 +256,12 @@ class userinfo
       }
     }
 
-    /* Get all gosaDepartments */
-    $ldap= $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search('objectClass=gosaDepartment', array('dn'));
-    while ($attrs= $ldap->fetch()){
+    /* For all gosaDepartments */
+    foreach ($this->config->departments as $dn){
       $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => "");
 
       /* Build dn array */
-      $path= split(',', $attrs['dn']);
+      $path= split(',', $dn);
       $path= array_reverse($path);
 
       /* Walk along the path to evaluate the acl */
@@ -314,28 +289,32 @@ class userinfo
 
             /* Per object ACL? */
             foreach ($objects as $object){
-              if (isset($subacl['acl'][$object])){
-                foreach($subacl['acl'][$object] as $attribute => $dcl){
-                  if (isset($subacl['acl'][$object][$attribute])){
-                    $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][$attribute]));
-                  }
+              if (isset($subacl['acl']["$module/$object"])){
+                foreach($subacl['acl']["$module/$object"] as $attribute => $dcl){
+                  $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/$object"][$attribute]);
                 }
               }
             }
 
             /* Global ACL? */
-            if (isset($subacl['acl'][0])){
-              $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0]));
+            if (isset($subacl['acl']["$module/all"][0])){
+              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/all"][0]);
+              continue;
+            }
+
+            /* Global ACL? */
+            if (isset($subacl['acl']["all"][0])){
+              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["all"][0]);
               continue;
             }
           }
         }
       }
 
-      /* Add department, if we have (some) permissions for the requred module */
+      /* Add department, if we have (some) permissions for the required module */
       foreach ($acl as $val){
         if ($val != ""){
-          $deps[]= $attrs['dn'];
+          $deps[]= $dn;
           break;
         }
       }
@@ -347,6 +326,9 @@ class userinfo
 
   function mergeACL($acl, $type, $newACL)
   {
+    if(preg_match("/w/",$newACL) && !preg_match("/r/",$newACL)){
+      $newACL .= "r";
+    }
     foreach(str_split($newACL) as $char){
 
       /* Ignore invalid characters */
@@ -407,6 +389,49 @@ class userinfo
     return ($acl);
   }
 
+
+  /* #FIXME This could be logical wrong or could be optimized in the future
+     Return combined acls for a given category. 
+     All acls will be combined like boolean AND 
+      As example ('rwcdm' + 'rcd' + 'wrm'= 'r') 
+    
+     Results will be cached in $this->result_cache.
+      $this->result_cache will be resetted if load_acls is called.
+  */
+  function has_complete_category_acls($dn,$category)
+  {
+    $acl    = "rwcdm";
+    $types  = "rwcdm";
+
+
+    if(!is_string($category)){
+      trigger_error("category must be string");   
+      $acl = "";
+    }else{
+      if(!isset($this->result_cache['has_complete_category_acls'][$dn][$category]))   {
+        if (isset($this->ocMapping[$category])){
+          foreach($this->ocMapping[$category] as $oc){
+
+            /* Skip objectClass '0' (e.g. users/0) get_permissions will ever return '' ??  */
+            if($oc == "0") continue;
+            $tmp =  $this->get_permissions($dn, $category."/".$oc);
+            for($i = 0 ; $i < strlen($types); $i++) {
+              if(!preg_match("/".$types[$i]."/",$tmp)){ 
+                $acl = preg_replace("/".$types[$i]."/","",$acl);
+              }
+            }
+          }
+        }else{
+          trigger_error("Invalid type of category ".$category);
+          $acl = "";
+        }
+        $this->result_cache['has_complete_category_acls'][$dn][$category] = $acl;
+      }else{
+        $acl = $this->result_cache['has_complete_category_acls'][$dn][$category];
+      }
+    }
+    return($acl);
+  }
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: