X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=include%2Ffunctions.inc;h=286e0a18bb275dd5acbdd2c38405338ada99a816;hb=01f642762ae65b3e4fee377c5a95ea9a901b389c;hp=4c909b7d122ef8a1551140a005df1c9537df453f;hpb=557a6e52fca7b0a4080029c4c8989045ef1b6f56;p=gosa.git
diff --git a/include/functions.inc b/include/functions.inc
index 4c909b7d1..286e0a18b 100644
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -582,12 +582,10 @@ function get_lock ($object)
}
-function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
+function get_list($filter, $category, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
{
global $config, $ui;
- echo "get_list called. Replace it, it doesn't support new acls";
-
/* Get LDAP link */
$ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
@@ -598,12 +596,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
$ldap->cd ($base);
}
- /* Strict filter for administrative units? */
- if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
- preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
- $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)";
- }
-
/* Perform ONE or SUB scope searches? */
if ($flags & GL_SUBSEARCH) {
$ldap->search ($filter, $attributes);
@@ -619,12 +611,26 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
/* Crawl through reslut entries and perform the migration to the
result array */
$result= array();
+
while($attrs = $ldap->fetch()) {
$dn= $ldap->getDN();
- foreach ($subtreeACL as $key => $value){
- if (preg_match("/$key/", $dn)){
+ /* Sort in every value that fits the permissions */
+ if (is_array($category)){
+ foreach ($category as $o){
+ if ($ui->get_category_permissions($dn, $o) != ""){
+ if ($flags & GL_CONVERT){
+ $attrs["dn"]= convert_department_dn($dn);
+ } else {
+ $attrs["dn"]= $dn;
+ }
+ /* We found what we were looking for, break speeds things up */
+ $result[]= $attrs;
+ }
+ }
+ } else {
+ if ($ui->get_category_permissions($dn, $category) != ""){
if ($flags & GL_CONVERT){
$attrs["dn"]= convert_department_dn($dn);
} else {
@@ -633,7 +639,6 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
/* We found what we were looking for, break speeds things up */
$result[]= $attrs;
- break;
}
}
}
@@ -730,93 +735,17 @@ function getMenuCache()
}
-function get_permissions ($dn, $subtreeACL)
+function get_permissions ()
{
- global $config;
-echo "get_permissions() - to be removed
";
-
- $base= $config->current['BASE'];
- $tmp= "d,".$dn;
- $sacl= array();
-
- /* Sort subacl's for lenght to simplify matching
- for subtrees */
- foreach ($subtreeACL as $key => $value){
- $sacl[$key]= strlen($key);
- }
- arsort ($sacl);
- reset ($sacl);
-
- /* Successively remove leading parts of the dn's until
- it doesn't contain commas anymore */
- $tmp_dn= preg_replace('/\\\\,/', '', $tmp);
- while (preg_match('/,/', $tmp_dn)){
- $tmp_dn= ltrim(strstr($tmp_dn, ","), ",");
- $tmp= preg_replace('/\/', '\\,', $tmp);
-
- /* Check for acl that may apply */
- foreach ($sacl as $key => $value){
- if (preg_match("/$key$/", $tmp)){
- return ($subtreeACL[$key]);
- }
- }
- }
-
+ /* Look for attribute in ACL */
+ trigger_error("Don't use get_permissions() its obsolete. Use userinfo::get_permissions() instead.");
return array("");
}
-function get_module_permission($acl_array, $module, $dn)
+function get_module_permission()
{
- global $ui;
-echo "get_module_permissions() - to be removed
";
-
- $final= "";
- foreach($acl_array as $acl){
-
- /* Check for selfflag (!) in ACL to determine if
- the user is allowed to change parts of his/her
- own account */
- if (preg_match("/^!/", $acl)){
- if ($dn != "" && $dn != $ui->dn){
-
- /* No match for own DN, give up on this ACL */
- continue;
-
- } else {
-
- /* Matches own DN, remove the selfflag */
- $acl= preg_replace("/^!/", "", $acl);
-
- }
- }
-
- /* Remove leading garbage */
- $acl= preg_replace("/^:/", "", $acl);
-
- /* Discover if we've access to the submodule by comparing
- all allowed submodules specified in the ACL */
- $tmp= split(",", $acl);
- foreach ($tmp as $mod){
- if (preg_match("/^$module#/", $mod)){
- $final= strstr($mod, "#")."#";
- continue;
- }
- if (preg_match("/[^#]$module$/", $mod)){
- return ("#all#");
- }
- if (preg_match("/^all$/", $mod)){
- return ("#all#");
- }
- }
- }
-
- /* Return assembled ACL, or none */
- if ($final != ""){
- return (preg_replace('/##/', '#', $final));
- }
-
- /* Nothing matches - disable access for this object */
+ trigger_error("Don't use get_module_permission() its obsolete.");
return ("#none#");
}
@@ -926,16 +855,11 @@ function get_base_from_people($dn)
}
-function chkacl($acl, $name)
+function chkacl()
{
- echo "chkacl - to be removed
";
/* Look for attribute in ACL */
- if (preg_match("/#$name#/", $acl) || $acl == "#all#"){
- return ("");
- }
-
- /* Optically disable html object for no match */
- return (" disabled ");
+ trigger_error("Don't use chkacl() its obsolete. Use userinfo::getacl() instead.");
+ return("-deprecated-");
}
@@ -979,7 +903,7 @@ function is_uid($uid)
/* STRICT adds spaces and case insenstivity to the uid check.
This is dangerous and should not be used. */
- if (isset($config->current['STRICT']) && preg_match('/^no$/i', $config->current['STRICT'])){
+ if (isset($config->current['STRICT']) && preg_match('/^(no|false)$/i', $config->current['STRICT'])){
return preg_match ("/^[a-z0-9 _.-]+$/i", $uid);
} else {
return preg_match ("/^[a-z0-9_-]+$/", $uid);
@@ -1258,9 +1182,11 @@ function get_printer_list($cups_server)
/* Merge in printers from LDAP */
$ldap= $config->get_ldap_link();
$ldap->cd ($config->current['BASE']);
- $ldap->search('(objectClass=gotoPrinter)', array('cn'));
- while ($attrs= $ldap->fetch()){
- $res[$attrs["cn"][0]]= $attrs["cn"][0];
+ $ui= get_userinfo();
+ if (preg_match('/TRUE/i', $config->current['STRICT_UNITS']) && $ui->gosaUnitTag != ""){
+ $ldap->search('((objectClass=gotoPrinter)(gosaUnitTag='.$ui->gosaUnitTag.'))', array('cn'));
+ } else {
+ $ldap->search('(objectClass=gotoPrinter)', array('cn'));
}
return $res;
@@ -2169,6 +2095,65 @@ function obj_is_writable($dn, $object, $attribute)
}
+function gosa_ldap_explode_dn($dn,$config = NULL,$verify_in_ldap=false)
+{
+ /* Initialize variables */
+ $ret = array("count" => 0); // Set count to 0
+ $next = true; // if false, then skip next loops and return
+ $cnt = 0; // Current number of loops
+ $max = 100; // Just for security, prevent looops
+ $ldap = NULL; // To check if created result a valid
+ $keep = ""; // save last failed parse string
+
+ /* Check each parsed dn in ldap ? */
+ if($config!=NULL && $verify_in_ldap){
+ $ldap = $config->get_ldap_link();
+ }
+
+ $Diff = ldap_explode_dn($dn,0);
+
+ /* Lets start */
+ $called = false;
+ while(preg_match("/,/",$dn) && $next && $cnt < $max){
+
+ $cnt ++;
+ if(!preg_match("/,/",$dn)){
+ $next = false;
+ }
+ $object = preg_replace("/[,].*$/","",$dn);
+ $dn = preg_replace("/^[^,]+,/","",$dn);
+
+ $called = true;
+
+ /* Check if current dn is valid */
+ if($ldap!=NULL){
+ $ldap->cd($dn);
+ $ldap->cat($dn,array("dn"));
+ if($ldap->count()){
+ $ret[] = $keep.$object;
+ $keep = "";
+ }else{
+ $keep .= $object.",";
+ }
+ }else{
+ $ret[] = $keep.$object;
+ $keep = "";
+ }
+ }
+
+ /* Append the rest */
+ $test = $keep.$dn;
+ if($called && !empty($test)){
+ $ret[] = $keep.$dn;
+ }
+ $ret['count'] = count($ret) - 1;
+
+ $diff = array_diff($ret,$Diff);
+ if($diff){
+ print_a(array("Diff" => $diff,"OLD" => $Diff,"NEW"=> $ret,"DEBUG"=> debug_backtrace()));
+ }
+ return($ret);
+}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>