Added a seperate ACL filter

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@14937 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-core/plugins/admin/acl/acl-filter.xml b/gosa-core/plugins/admin/acl/acl-filter.xml
index 01b9a7b56b6fff46d422a52f4620bf573be762c1..0a9bd5f08901824182a8f0103e44b316cd7d847e 100644 (file)
--- a/gosa-core/plugins/admin/acl/acl-filter.xml
+++ b/gosa-core/plugins/admin/acl/acl-filter.xml
@@ -9,17 +9,7 @@
 
   <search>
     <query>
-      <backend>LDAP</backend>
-      <filter>(|$ACL$ROLE)$NAME</filter>
-      <method>cat</method>
-      <attribute>dn</attribute>
-      <attribute>objectClass</attribute>
-      <attribute>cn</attribute>
-      <attribute>ou</attribute>
-      <attribute>description</attribute>
-    </query>
-    <query>
-      <backend>LDAP</backend>
+      <backend>ACL</backend>
       <filter>(|$ACL$ROLE)$NAME</filter>
       <attribute>dn</attribute>
       <attribute>objectClass</attribute>
@@ -40,9 +30,10 @@
     <set>(|(cn=*$*)(ou=*$*)(description=*$*))</set>
     <alphabet>true</alphabet>
     <autocomplete>
-      <backend>LDAP</backend>
+      <backend>ACL</backend>
       <filter>(&amp;(|(objectClass=gosaAcl)(objectClass=gosaRole))(|(ou=*$NAME*)(description=*$NAME*)(cn=*$NAME*)))</filter>
       <attribute>ou</attribute>
+      <attribute>cn</attribute>
       <attribute>description</attribute>
       <frequency>0.5</frequency>
       <characters>3</characters>

diff --git a/gosa-core/plugins/admin/acl/acl-list.xml b/gosa-core/plugins/admin/acl/acl-list.xml
index 8e3ce12d763e03ed7983ad9ed25f1496c4e37d57..5db47fb3679ec6a625f6b26503397b6476d7ff6a 100644 (file)
--- a/gosa-core/plugins/admin/acl/acl-list.xml
+++ b/gosa-core/plugins/admin/acl/acl-list.xml
@@ -16,7 +16,7 @@
       <objectClass>gosaAcl</objectClass>
       <category>acl</category>
       <class>acl</class>
-      <image>plugins/users/images/select_template.png</image>
+      <image>images/lists/locked.png</image>
     </objectType>
 
     <objectType>
@@ -24,7 +24,7 @@
       <objectClass>gosaRole</objectClass>
       <category>acl</category>
       <class>acl</class>
-      <image>plugins/users/images/select_user.png</image>
+      <image>plugins/acl/images/role.png</image>
     </objectType>
 
   </definition>
@@ -47,7 +47,7 @@
 
     <column>
       <label>Name</label>
-      <sortAttribute>ou</sortAttribute>
+      <sortAttribute>dn</sortAttribute>
       <sortType>string</sortType>
       <value>%{filter:filterLabel(row,dn,"%s",ou,cn,pid,base)}</value>
       <export>true</export>

diff --git a/gosa-core/plugins/admin/acl/class_aclManagement.inc b/gosa-core/plugins/admin/acl/class_aclManagement.inc
index dc652a6e57861638ef49b11cc41de4c5744c1683..6329dc01b022131913922a05af602568116c69b9 100644 (file)
--- a/gosa-core/plugins/admin/acl/class_aclManagement.inc
+++ b/gosa-core/plugins/admin/acl/class_aclManagement.inc
@@ -45,7 +45,7 @@ class aclManagement extends management
 #      $filter= session::global_get(get_class($this)."_filter");
 #    } else {
       $filter = new filter(get_template_path("acl-filter.xml", true));
-#      $filter->setObjectStorage($this->storagePoints);
+      $filter->setObjectStorage($this->storagePoints);
 #    }
     $this->setFilter($filter);
 

diff --git a/gosa-core/plugins/admin/acl/class_filterACL.inc b/gosa-core/plugins/admin/acl/class_filterACL.inc
new file mode 100644 (file)
index 0000000..a12e227
--- /dev/null
+++ b/gosa-core/plugins/admin/acl/class_filterACL.inc
@@ -0,0 +1,147 @@
+<?php
+
+class filterACL {
+
+  static function query($base, $scope, $filter, $attributes, $category, $objectStorage= "")
+  {
+    $config= session::global_get('config');
+    $ldap= $config->get_ldap_link(TRUE);
+    $flag= ($scope == "sub")?GL_SUBSEARCH:0;
+    $result= filterACL::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT, "cat");
+    $result= array_merge($result,filterACL::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT, ""));
+    return(filterACL::unifyResult($result));
+  }
+
+  static function unifyResult($result)
+  {
+    $res=array();
+    foreach($result as $entry){
+      if(!isset($res[$entry['dn']])){
+        $res[$entry['dn']]=$entry;
+      }
+    }
+    return(array_values($res)); 
+  }
+
+  static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH, $method= "")
+  {
+    $ui= session::global_get('ui');
+    $config= session::global_get('config');
+
+    // Move to arrays for category and objectStorage
+    if (!is_array($category)) {
+      $category= array($category);
+    }
+    if (!is_array($objectStorage)) {
+      $objectStorage= array($objectStorage);
+    }
+
+    if(empty($method)){
+      $method= (empty($objectStorage) && !($flags & GL_SUBSEARCH))?"ls":"search";
+    }
+
+    // Initialize search bases
+    $bases= array();
+    
+    // Get list of sub bases to search on
+    if (count($objectStorage) == 0) {
+      $bases[$base]= "";
+    } else {
+      foreach ($objectStorage as $oc) {
+        $oc= preg_replace('/,$/', '', $oc);
+        $tmp= split(',', $oc);
+        if (count($tmp) == 1) {
+          preg_match('/([^=]+)=(.*)$/', $oc, $m);
+          if ($flags & GL_SUBSEARCH) {
+            $bases[$base][]= $m[1].":dn:=".$m[2];
+          } else {
+            $bases["$oc,$base"][]= $m[1].":dn:=".$m[2];
+          }
+        } else {
+          // No, there's no \, in pre defined RDN values
+          preg_match('/^([^,]+),(.*)$/', $oc, $matches);
+          preg_match('/([^=]+)=(.*)$/', $matches[1], $m);
+          if ($flags & GL_SUBSEARCH) {
+            $bases[$base][]= $m[1].":dn:=".$m[2];
+          } else {
+            $bases[$matches[2].",$base"][]= $m[1].":dn:=".$m[2];
+          }
+        }
+      }
+    }
+
+    // Get LDAP link
+    $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
+
+    // Do search for every base
+    $result= array();
+    $limit_exceeded = FALSE;
+    foreach($bases as $base => $dnFilters) {
+
+      // Break if the size limit is exceeded
+      if($limit_exceeded){
+        return($result);
+      }
+
+      // Switch to new base and search
+      if (is_array($dnFilters)){
+        $dnFilter= "(|";
+        foreach ($dnFilters as $df) {
+          $dnFilter.= "($df)";
+        }
+        $dnFilter.= ")";
+      } else {
+        $dnFilter= "";
+      }
+      $ldap->cd($base);
+      if ($method == "ls") {
+        $ldap->ls("(&$filter$dnFilter)", $base, $attributes);
+      } elseif($method == "cat") {
+        $ldap->cat($base, $attributes);
+      } else {
+        $ldap->search("(&$filter$dnFilter)", $attributes);
+      }
+
+      // Check for size limit exceeded messages for GUI feedback
+      if (preg_match("/size limit/i", $ldap->get_error())){
+        session::set('limit_exceeded', TRUE);
+        $limit_exceeded = TRUE;
+      } 
+
+      /* Crawl through result entries and perform the migration to the
+         result array */
+      while($attrs = $ldap->fetch()) {
+        $dn= $ldap->getDN();
+
+        /* Convert dn into a printable format */
+        if ($flags & GL_CONVERT){
+          $attrs["dn"]= convert_department_dn($dn);
+        } else {
+          $attrs["dn"]= $dn;
+        }
+
+        /* Skip ACL checks if we are forced to skip those checks */
+        if($flags & GL_NO_ACL_CHECK){
+          $result[]= $attrs;
+        }else{
+
+          /* Sort in every value that fits the permissions */
+          foreach ($category as $o){
+            if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
+                (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
+              $result[]= $attrs;
+              break;
+            }
+          }
+        }
+      }
+
+    }
+
+    return $result;
+  }
+
+
+}
+
+?>