Initial application acl checkin

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4613 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/plugins/admin/applications/class_applicationManagement.inc b/plugins/admin/applications/class_applicationManagement.inc
index 6c35f6526beb58fad0be39db7aa85228debb0293..6029010c1348eda4260bbe879847596e0f3b38cb 100644 (file)
--- a/plugins/admin/applications/class_applicationManagement.inc
+++ b/plugins/admin/applications/class_applicationManagement.inc
@@ -31,7 +31,6 @@ class applicationManagement extends plugin
   var $CopyPasteHandler         = NULL;
   var $DivListApplication       = NULL;
   var $applications             = array();
-  var $acl                      = "";
   var $enableReleaseManagement  = false;
 
   function IsReleaseManagementActivated()
@@ -171,9 +170,8 @@ class applicationManagement extends plugin
       $this->dn= "new";
 
       /* Create new usertab object */
-      $this->apptabs= new apptabs($this->config,
-          $this->config->data['TABS']['APPSTABS'], $this->dn);
-      $this->apptabs->set_acl(array(':all'));
+      $this->apptabs= new apptabs($this->config,$this->config->data['TABS']['APPSTABS'], $this->dn,"application");
+      $this->apptabs->set_acl_base($this->dn);
     }
 
 
@@ -250,13 +248,9 @@ class applicationManagement extends plugin
          above dialog */
       add_lock ($this->dn, $this->ui->dn);
 
-      /* Set up the users ACL's for this 'dn' */
-      $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
-
       /* Register apptabs to trigger edit dialog */
-      $this->apptabs= new apptabs($this->config,
-          $this->config->data['TABS']['APPSTABS'], $this->dn);
-      $this->apptabs->set_acl($acl);
+      $this->apptabs= new apptabs($this->config,$this->config->data['TABS']['APPSTABS'], $this->dn,"application");
+      $this->apptabs->set_acl_base($this->dn);
       $_SESSION['objectinfo']= $this->dn;
     }
 
@@ -273,10 +267,10 @@ class applicationManagement extends plugin
 
       /* Load permissions for selected 'dn' and check if
          we're allowed to remove this 'dn' */
-      $acl= get_permissions ($this->dn, $this->ui->subtreeACL);
-      $this->acl= get_module_permission($acl, "application", $this->dn);
-      if (chkacl($this->acl, "delete") == ""){
+      $ui = get_userinfo();
+      $acl = $ui->get_permissions($this->dn ,"application/application");
 
+      if(preg_match("/d/",$acl)){
         /* Check locking, save current plugin in 'back_plugin', so
            the dialog knows where to return. */
         if (($user= get_lock($this->dn)) != ""){
@@ -306,12 +300,14 @@ class applicationManagement extends plugin
 
       /* Some nice guy may send this as POST, so we've to check
          for the permissions again. */
-      if (chkacl($this->acl, "delete") == ""){
+      $ui = get_userinfo();
+      $acl = $ui->get_permissions($this->dn ,"application/application");
+
+      if(preg_match("/d/",$acl)){
 
         /* Delete request is permitted, perform LDAP action */
-        $this->apptabs= new apptabs($this->config,
-            $this->config->data['TABS']['APPSTABS'], $this->dn);
-        $this->apptabs->set_acl(array($this->acl));
+        $this->apptabs= new apptabs($this->config, $this->config->data['TABS']['APPSTABS'], $this->dn,"application");
+        $this->apptabs->set_acl_base($this->dn);
         $this->apptabs->delete ();
         gosa_log ("Application object'".$this->dn."' has been removed");
         unset ($this->apptabs);

diff --git a/plugins/admin/applications/class_divListApplication.inc b/plugins/admin/applications/class_divListApplication.inc
index f1bf263426744c86450485b094de9af70c23c7af..204a9a7dd66040d46ef2a3bd1a40dd3cf079f097 100755 (executable)
--- a/plugins/admin/applications/class_divListApplication.inc
+++ b/plugins/admin/applications/class_divListApplication.inc
@@ -94,6 +94,8 @@ class divListApplication extends MultiSelectWindow
     /* Create listhead, it will be shown on top of the divlist.
      * It provides general navigation and object creation
      */
+    $ui  = get_userinfo();
+    $acl = $ui->get_permissions("cn=dummy,".$this->selectedBase,"application/application");
     $listhead = "<div style='background:#F0F0F9;padding:5px;'>".
       " <input class='center' type='image' src='images/list_root.png' align='middle' ".
       "title='"._("Go to root department")."' name='dep_root' alt='"._("Root")."'>&nbsp;".
@@ -105,9 +107,13 @@ class divListApplication extends MultiSelectWindow
       "title='"._("Reload list")."' name='submit_department' alt='"._("Submit")."'>&nbsp;".
       " <img class='center' src='images/list_seperator.png' align='middle' alt='' height='16' width='1'>&nbsp;";
     $listhead .= $this->get_snapshot_header($this->selectedBase);
-    $listhead .= " <input class='center' type='image' align='middle' src='images/list_new_app.png' alt='"._("new").
-      "' title='"._("Create new application")."' name='appl_new'>&nbsp;".
-      $Copy_Paste.
+
+    if(preg_match("/c/",$acl)){
+    $listhead .= " <input class='center' type='image' align='middle' src='images/list_new_app.png' alt='"._("new")."'
+       title='"._("Create new application")."' name='appl_new'>&nbsp;";
+    }
+
+    $listhead.=  $Copy_Paste.
       " <img class='center' src='images/list_seperator.png' align='middle' alt='' height='16' width='1'>&nbsp;".
       _("Base")."&nbsp;<select name='CurrentMainBase' onChange='mainform.submit()' class='center'>$options</select>".
       " <input class='center' type='image' src='images/list_submit.png' align='middle' 
@@ -147,22 +153,44 @@ class divListApplication extends MultiSelectWindow
     /********************
       Attach objects
      ********************/
-
+    
+    $ui = get_userinfo();
     foreach($list as $key => $val){
 
+      $acl = $ui->get_permissions($val['dn'],"application/application");
+
       /* Create action icons */
       $actions= "";
+
+
+      /* Add Copy & Paste icon */
       if($this->parent->CopyPasteHandler){
-        $actions.= "<input class='center' type='image'
-          src='images/editcut.png' alt='"._("cut")."' name='cut_%KEY%' title='"._("Cut this entry")."'>&nbsp;";
+
+        /* Only add cut icon, if we are allowed to move this user */
+        if(preg_match("/m/",$acl)){
+          $actions.= "<input class='center' type='image'
+            src='images/editcut.png' alt='"._("cut")."' name='cut_%KEY%' title='"._("Cut this entry")."'>&nbsp;";
+        }else{
+          $actions.= "<img src='images/empty.png' alt='&nbsp;'>";
+        }
+
+        /* Copy is allowed everytime */
         $actions.= "<input class='center' type='image'
           src='images/editcopy.png' alt='"._("copy")."' name='copy_%KEY%' title='"._("Copy this entry")."'>&nbsp;";
       }
+
+      /* Add edit icon */
       $actions.= "<input class='center' type='image'
         src='images/edit.png' alt='"._("edit")."' name='appl_edit_%KEY%' title='"._("Edit this entry")."'>";
       $actions.= $this->GetSnapShotActions($val['dn']);
-      $actions.= "<input class='center' type='image'
-        src='images/edittrash.png' alt='"._("delete")."' name='appl_del_%KEY%' title='"._("Delete this entry")."'>";
+
+      /* If we are allowed to remove the application account, display remove icon */
+      if(preg_match("/d/",$acl)){
+        $actions.= "<input class='center' type='image'
+          src='images/edittrash.png' alt='"._("delete")."' name='appl_del_%KEY%' title='"._("Delete this entry")."'>";
+      }else{
+        $actions.= "<img src='images/empty.png' alt='&nbsp;'>";
+      }
 
       $title = "title='".preg_replace('/ /', '&nbsp;', @LDAP::fix($val['dn']))."'";