![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 63eda77)
raw | patch | inline | side by side (parent: 63eda77)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Tue, 8 Apr 2008 06:30:28 +0000 (06:30 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Tue, 8 Apr 2008 06:30:28 +0000 (06:30 +0000) |
-Added ACL handling
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10261 594d385d-05f5-0310-b6e9-bd551577e9d8
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10261 594d385d-05f5-0310-b6e9-bd551577e9d8
diff --git a/gosa-plugins/sudo/admin/sudo/class_divListSudo.inc b/gosa-plugins/sudo/admin/sudo/class_divListSudo.inc
index 8e90e6b5681ef96d9dc2707290e29ae3deeff56d..a02d5a24c6b1ed9a0729ceee82142742b2b90b39 100644 (file)
/* Subsearch checkbox */
var $SubSearch = FALSE;
-
var $parent ;
var $ui ;
diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
index a2ba757bfa4b0cf03d8945e7b80733783445dccd..a7697f1bb08eb766918476d5bd80f423c85eaa6f 100644 (file)
var $sudoUser = array("ALL");
var $sudoCommand= array();
var $sudoHost = array("ALL");
- var $sudoRunas = array("ALL");
+ var $sudoRunAs = array("ALL");
var $accessTo = array();
var $trustModel = "";
var $show_ws_dialog = FALSE;
var $objectclasses = array("top","sudoRole");
- var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunas","accessTo","trustModel");
+ var $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunAs","accessTo","trustModel");
var $is_account = TRUE;
plugin::plugin ($config, $dn);
if($this->initially_was_account){
- foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
+ foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunAs") as $attr){
$this->$attr = array();
if(isset($this->attrs[$attr])){
$tmp = array();
plugin::execute();
/*********************
- Access control list
+ Access control list / trust mode
*********************/
- /* Add user workstation? */
+ /* Add user workstation? */
if (isset($_POST["add_ws"])){
$this->show_ws_dialog= TRUE;
$this->dialog= TRUE;
$this->dialog= FALSE;
}
- /* Show ws dialog */
+ /* Show ws dialog */
if ($this->show_ws_dialog){
-
- $smarty = get_smarty();
-
-
- /* Save data */
- $sysfilter= session::get("sysfilter");
- foreach( array("depselect", "regex") as $type){
- if (isset($_POST[$type])){
- $sysfilter[$type]= $_POST[$type];
- }
- }
- if (isset($_GET['search'])){
- $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
- if ($s == "**"){
- $s= "*";
- }
- $sysfilter['regex']= $s;
- }
- session::set("sysfilter", $sysfilter);
-
- /* Get workstation list */
- $exclude= "";
- foreach($this->accessTo as $ws){
- $exclude.= "(cn=$ws)";
- }
- if ($exclude != ""){
- $exclude= "(!(|$exclude))";
- }
- $regex= $sysfilter['regex'];
- $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
-
- $deps_a = array(get_ou("serverou"),
- get_ou("terminalou"),
- get_ou("workstationou"));
-
- $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a, get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
- $wslist= array();
- foreach ($res as $attrs){
- $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
- }
- asort($wslist);
- $smarty->assign("search_image", get_template_path('images/search.png'));
- $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
- $smarty->assign("tree_image", get_template_path('images/tree.png'));
- $smarty->assign("deplist", $this->config->idepartments);
- $smarty->assign("alphabet", generate_alphabet());
- foreach( array("depselect", "regex") as $type){
- $smarty->assign("$type", $sysfilter[$type]);
- }
- $smarty->assign("hint", print_sizelimit_warning());
- $smarty->assign("wslist", $wslist);
- $smarty->assign("apply", apply_filter());
- $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
- return ($display);
+ $this->display_trust_add_dialog();
}
Add users
*********************/
- if(isset($_POST['list_sudoUser']) && !is_object($this->dialog)){
+ if(isset($_POST['list_sudoUser']) && !is_object($this->dialog) && $this->acl_is_writeable("sudoUser")){
$used = array();
foreach($this->sudoUser as $name){
$used[] = preg_replace("/^!/","",$name);
/* Add selected hosts to the sudoUser list */
if(isset($_POST['SaveMultiSelectWindow']) && $this->dialog instanceof target_list_users){
- foreach($this->dialog->save() as $entry){
- $cn = trim($entry['uid'][0]);
- if(!in_array($cn,$this->sudoUser) && !in_array("!".$cn,$this->sudoUser)){
- $this->sudoUser[] = $cn;
- }
- }
+ if($this->acl_is_writeable("sudoUser")){
+ foreach($this->dialog->save() as $entry){
+ $cn = trim($entry['uid'][0]);
+ if(!in_array($cn,$this->sudoUser) && !in_array("!".$cn,$this->sudoUser)){
+ $this->sudoUser[] = $cn;
+ }
+ }
+ }
unset($this->dialog);
$this->dialog = NULL;
}
Add systems
*********************/
- if(isset($_POST['list_sudoHost']) && !is_object($this->dialog)){
+ if(isset($_POST['list_sudoHost']) && !is_object($this->dialog) && $this->acl_is_writeable("sudoHost")){
$used = array();
foreach($this->sudoHost as $name){
$used[] = preg_replace("/^!/","",$name);
/* Add selected hosts to the sudoHost list */
if(isset($_POST['SaveMultiSelectWindow']) && $this->dialog instanceof target_list_systems){
- foreach($this->dialog->save() as $entry){
- $cn = trim($entry['cn'][0]);
- if(!in_array($cn,$this->sudoHost) && !in_array("!".$cn,$this->sudoHost)){
- $this->sudoHost[] = $cn;
- }
+ if($this->acl_is_writeable("sudoHost")){
+ foreach($this->dialog->save() as $entry){
+ $cn = trim($entry['cn'][0]);
+ if(!in_array($cn,$this->sudoHost) && !in_array("!".$cn,$this->sudoHost)){
+ $this->sudoHost[] = $cn;
+ }
+ }
}
unset($this->dialog);
$this->dialog = NULL;
if(preg_match("/^neg_/",$name)){
$attr = preg_replace("/^neg_([^_]*)_.*$/","\\1",$name);
$value= preg_replace("/^neg_[^_]*_([0-9]*)_.*$/","\\1",$name);
-
- $attrs = $this->$attr;
- if(isset( $attrs[$value])){
- $v = $attrs[$value];
- if(preg_match("/^!/",$v)){
- $attrs[$value] = preg_replace("/^!/","",$v);
- }else{
- $attrs[$value] = "!".$v;
+
+ if($this->acl_is_writeable($attr)){
+ $attrs = $this->$attr;
+ if(isset( $attrs[$value])){
+ $v = $attrs[$value];
+ if(preg_match("/^!/",$v)){
+ $attrs[$value] = preg_replace("/^!/","",$v);
+ }else{
+ $attrs[$value] = "!".$v;
+ }
+ $this->$attr = $attrs;
}
- $this->$attr = $attrs;
}
break; // Do it once, image inputs will be posted twice
}
if(preg_match("/^del_/",$name)){
$attr = preg_replace("/^del_([^_]*)_.*$/","\\1",$name);
$value= preg_replace("/^del_[^_]*_([0-9]*)_.*$/","\\1",$name);
- $attrs = $this->$attr;
- if(isset( $attrs[$value])){
- unset($attrs[$value]);
- $this->$attr = $attrs;
+ if($this->acl_is_writeable($attr)){
+ $attrs = $this->$attr;
+ if(isset( $attrs[$value])){
+ unset($attrs[$value]);
+ $this->$attr = $attrs;
+ }
}
break; // Do it once, image inputs will be posted twice
}
/*********************
ADD values
- *********************/
- foreach(array("sudoUser","sudoHost","sudoRunas") as $attr){
- if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr]) && !empty($_POST['new_'.$attr])){
+ *********************/
+
+ /* User / Host / Runas */
+ foreach(array("sudoUser","sudoHost","sudoRunAs") as $attr){
+ if($this->acl_is_writeable($attr) &&
+ isset($_POST["add_".$attr]) &&
+ isset($_POST['new_'.$attr]) &&
+ !empty($_POST['new_'.$attr])){
if(preg_match("/^[a-z\.0-9]*$/i",$_POST['new_'.$attr])){
$attrs = $this->$attr;
$attrs[] = trim($_POST['new_'.$attr]);
}
}
+ /* Command */
foreach(array("sudoCommand") as $attr){
- if(isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
+ if($this->acl_is_writeable($attr) && isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
$attrs = $this->$attr;
$attrs[] = trim($_POST['new_'.$attr]);
$this->$attr = $attrs;
}
}
+
+ /*********************
+ SMARTY assignments
+ *********************/
$smarty = get_smarty();
foreach($this->attributes as $attr){
$smarty->assign($attr,$this->$attr);
+ $smarty->assign($attr."ACL",$this->getacl($attr));
}
-
-/* Work on trust modes */
+ /* Work on trust modes */
$smarty->assign("trusthide", " disabled ");
- $smarty->assign("trustmodeACL", $this->getacl("trustModel"));
if ($this->trustModel == "fullaccess"){
$trustmode= 1;
- // pervent double disable tag in html code, this will disturb our clean w3c html
- $smarty->assign("trustmode", $this->getacl("trustModel"));
-
} elseif ($this->trustModel == "byhost"){
$trustmode= 2;
$smarty->assign("trusthide", "");
} else {
- // pervent double disable tag in html code, this will disturb our clean w3c html
- $smarty->assign("trustmode", $this->getacl("trustModel"));
$trustmode= 0;
}
$smarty->assign("trustmode", $trustmode);
- $smarty->assign("trustmodes", array( 0 => _("disabled"), 1 => _("full access"),
+ $smarty->assign("trustmodes", array(
+ 0 => _("disabled"),
+ 1 => _("full access"),
2 => _("allow access to these hosts")));
- if((count($this->accessTo))==0)
+ if((count($this->accessTo))==0){
$smarty->assign("emptyArrAccess",true);
- else
+ }else{
$smarty->assign("emptyArrAccess",false);
-
-
+ }
$smarty->assign("workstations", $this->accessTo);
-
-
+ /* Create lists
+ */
$divlist_sudoUser = new divSelectBox("divlist_sudoUser");
$divlist_sudoUser->SetHeight("90");
$divlist_sudoHost = new divSelectBox("divlist_sudoHost");
$divlist_sudoHost->Setheight("90");
- $divlist_sudoRunas = new divSelectBox("divlist_sudoRunas");
- $divlist_sudoRunas->Setheight("90");
+ $divlist_sudoRunAs = new divSelectBox("divlist_sudoRunAs");
+ $divlist_sudoRunAs->Setheight("90");
$divlist_sudoCommand = new divSelectBox("divlist_sudoCommand");
$divlist_sudoCommand->Setheight("90");
+ /* Fill divlists
+ */
$neg_img= "<img src='images/negate.png' alt='!' class='center'>";
$option = "<input type='image' src='images/negate.png' name='neg_%ATTR%_%KEY%' class='center'>";
$option.= "<input type='image' src='images/edittrash.png' name='del_%ATTR%_%KEY%' class='center'>";
- foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunas") as $attr){
- foreach($this->$attr as $key => $entry){
- $entry = preg_replace("/^!/",$neg_img,$entry);
- $list_name = "divlist_".$attr;
- $$list_name->AddEntry(
- array(
- array("string" => $entry),
- array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
- "attach" => "style='width:40px; border-right: 0px;'")));
+ foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunAs") as $attr){
+ if($this->acl_is_readable($attr)){
+ foreach($this->$attr as $key => $entry){
+ $entry = preg_replace("/^!/",$neg_img,$entry);
+ $list_name = "divlist_".$attr;
+ $$list_name->AddEntry(
+ array(
+ array("string" => $entry),
+ array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
+ "attach" => "style='width:40px; border-right: 0px;'")));
+ }
}
}
- $smarty->assign("divlist_sudoUser",$divlist_sudoUser->DrawList());
- $smarty->assign("divlist_sudoHost",$divlist_sudoHost->DrawList());
- $smarty->assign("divlist_sudoRunas",$divlist_sudoRunas->DrawList());
+ /* Tell smarty about our divlists
+ */
+ $smarty->assign("divlist_sudoUser", $divlist_sudoUser->DrawList());
+ $smarty->assign("divlist_sudoHost", $divlist_sudoHost->DrawList());
+ $smarty->assign("divlist_sudoRunAs", $divlist_sudoRunAs->DrawList());
$smarty->assign("divlist_sudoCommand",$divlist_sudoCommand->DrawList());
-
return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
}
$this->dialog->save_object();
}
- /* Trust mode - special handling */
- if($this->acl_is_writeable("trustModel")){
- if (isset($_POST['trustmode'])){
- $saved= $this->trustModel;
- if ($_POST['trustmode'] == "1"){
- $this->trustModel= "fullaccess";
- } elseif ($_POST['trustmode'] == "2"){
- $this->trustModel= "byhost";
- } else {
- $this->trustModel= "";
- }
- if ($this->trustModel != $saved){
- $this->is_modified= TRUE;
- }
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
}
}
-
-
+ }
}
$objectclasses[]= $this->attrs['objectClass'][$key];
}
- $this->attrs['objectClass']= $objectclasses;
+ $this->attrs['objectClass']= $objectclasses;
if ($this->trustModel != ""){
$this->attrs['objectClass'][]= "trustAccount";
$this->attrs['trustModel']= $this->trustModel;
}
}
-
+
/* Ensure a correct array index
*/
$this->attrs['sudoHost'] = array_values($this->attrs['sudoHost']);
- $this->attrs['sudoRunas'] = array_values($this->attrs['sudoRunas']);
+ $this->attrs['sudoRunAs'] = array_values($this->attrs['sudoRunAs']);
$this->attrs['sudoUser'] = array_values($this->attrs['sudoUser']);
$this->attrs['sudoCommand'] = array_values($this->attrs['sudoCommand']);
+ print_a($this->attrs);
$this->cleanup();
+ print_a($this->attrs);
+
$ldap = $this->config->get_ldap_link();
$ldap->cd($this->config->current['BASE']);
if($this->is_new){
}
+ /*! \brief Display the System Trust Add Workstation dialog
+ @return String HTML dialog to add a system to the trust list.
+
+ */
+ private function display_trust_add_dialog()
+ {
+ $smarty = get_smarty();
+
+ /* Save data */
+ $sysfilter= session::get("sysfilter");
+ foreach( array("depselect", "regex") as $type){
+ if (isset($_POST[$type])){
+ $sysfilter[$type]= $_POST[$type];
+ }
+ }
+ if (isset($_GET['search'])){
+ $s= mb_substr($_GET['search'], 0, 1, "UTF8")."*";
+ if ($s == "**"){
+ $s= "*";
+ }
+ $sysfilter['regex']= $s;
+ }
+ session::set("sysfilter", $sysfilter);
+
+ /* Get workstation list */
+ $exclude= "";
+ foreach($this->accessTo as $ws){
+ $exclude.= "(cn=$ws)";
+ }
+ if ($exclude != ""){
+ $exclude= "(!(|$exclude))";
+ }
+ $regex= $sysfilter['regex'];
+ $filter= "(&(|(objectClass=goServer)(objectClass=gotoWorkstation)(objectClass=gotoTerminal))$exclude(cn=*)(cn=$regex))";
+
+ $deps_a = array(get_ou("serverou"),
+ get_ou("terminalou"),
+ get_ou("workstationou"));
+
+ $res= get_sub_list($filter, array("terminal","server","workstation"), $deps_a,
+ get_ou("systemsou").$sysfilter['depselect'], array("cn"), GL_SUBSEARCH | GL_SIZELIMIT);
+ $wslist= array();
+ foreach ($res as $attrs){
+ $wslist[]= preg_replace('/\$/', '', $attrs['cn'][0]);
+ }
+ asort($wslist);
+ foreach( array("depselect","regex") as $type){
+ $smarty->assign("$type", $sysfilter[$type]);
+ }
+ $smarty->assign("search_image", get_template_path('images/search.png'));
+ $smarty->assign("launchimage", get_template_path('images/small_filter.png'));
+ $smarty->assign("tree_image", get_template_path('images/tree.png'));
+ $smarty->assign("deplist", $this->config->idepartments);
+ $smarty->assign("alphabet", generate_alphabet());
+ $smarty->assign("hint", print_sizelimit_warning());
+ $smarty->assign("wslist", $wslist);
+ $smarty->assign("apply", apply_filter());
+ $display= $smarty->fetch (get_template_path('trust_machines.tpl', TRUE, dirname(__FILE__)));
+ return ($display);
+ }
+
+
/*! \brief Add ACL object
@return Returns the ACL object.
*/
"sudoUser" => _("Users"),
"sudoHost" => _("Host"),
"sudoCommand" => _("Command"),
- "sudoRunas" => _("Run as user"))
+ "sudoRunAs" => _("Run as user"))
));
}
}
index 765bd271d730a7788100eca8987e2ee5b2296ba9..08450eefa75899376ac628f2d492878f62c7b9a0 100644 (file)
{t}Name{/t}
</td>
<td>
+ {render acl=$cnACL}
<input type="text" name="cn" value="{$cn}">
+ {/render}
</td>
</tr>
<tr>
{t}Description{/t}
</td>
<td>
+ {render acl=$descriptionACL}
<input type="text" name="description" value="{$description}">
+ {/render}
</td>
</tr>
</table>
</td>
<td style="padding-left:5px;border-left: solid 1px #AAAAAA;">
- <h2><img alt="" class="center" align="middle" src="images/closedlock.png" /> {t}System trust{/t}</h2>
- {t}Trust mode{/t}
- {render acl=$trustmodeACL}
+ <h2><img alt="" class="center" align="middle" src="images/closedlock.png" /> {t}System trust{/t}</h2>
+ {t}Trust mode{/t}
+ {render acl=$trustModelACL}
<select name="trustmode" id="trustmode" size=1
onChange="changeSelectState('trustmode', 'wslist');
changeSelectState('trustmode', 'add_ws');
changeSelectState('trustmode', 'del_ws');">
{html_options options=$trustmodes selected=$trustmode}
</select>
+ <br>
{/render}
- {render acl=$trustmodeACL}
+ {render acl=$trustModelACL}
<select style="width:100%" id="wslist" name="workstation_list[]" size=5 multiple {$trusthide}>
{html_options values=$workstations output=$workstations}
{if $emptyArrAccess}
</select>
{/render}
<br>
- {render acl=$trustmodeACL}
+ {render acl=$trustModelACL}
<input type="submit" id="add_ws" value="{msgPool type=addButton}" name="add_ws" {$trusthide}>
{/render}
- {render acl=$trustmodeACL}
+ {render acl=$trustModelACL}
<input type="submit" id="del_ws" value="{msgPool type=delButton}" name="delete_ws" {$trusthide}>
{/render}
<tr>
<td style="width:50%;padding-right:5px;">
<h2><img src="images/select_user.png" alt="" class="center"> User / Groups</h2>
+ {render acl=$sudoUserACL}
{$divlist_sudoUser}
- <input type='text' value='' name='new_sudoUser'><input type='submit' name='add_sudoUser' value='{msgPool type=addButton}'>
+ {/render}
+ {render acl=$sudoUserACL}
+ <input type='text' value='' name='new_sudoUser'>
+ {/render}
+ {render acl=$sudoUserACL}
+ <input type='submit' name='add_sudoUser' value='{msgPool type=addButton}'>
+ {/render}
+ {render acl=$sudoUserACL}
<input type='submit' name='list_sudoUser' value='{t}Add from list{/t}'>
+ {/render}
</td>
- <td style="padding-left:5px;border-left: solid 1px #AAAAAA;"><h2><img src="images/select_workstation.png" alt="" class="center"> Hosts</h2>
+ <td style="padding-left:5px;border-left: solid 1px #AAAAAA;">
+ <h2><img src="images/select_workstation.png" alt="" class="center"> Hosts</h2>
+ {render acl=$sudoHostACL}
{$divlist_sudoHost}
- <input type='text' value='' name='new_sudoHost'><input type='submit' name='add_sudoHost' value='{msgPool type=addButton}'>
+ {/render}
+ {render acl=$sudoHostACL}
+ <input type='text' value='' name='new_sudoHost'>
+ {/render}
+ {render acl=$sudoHostACL}
+ <input type='submit' name='add_sudoHost' value='{msgPool type=addButton}'>
+ {/render}
+ {render acl=$sudoHostACL}
<input type='submit' name='list_sudoHost' value='{t}Add from list{/t}'>
+ {/render}
</td>
</tr>
<tr><td style="width:100%;"colspan="2"><p class="seperator"> </p></td></tr>
<tr>
- <td style="padding-right:5px;"><h2><img src="images/rocket.png" alt="" class="center">Commands</h2>
+ <td style="padding-right:5px;">
+ <h2><img src="images/rocket.png" alt="" class="center"> Commands</h2>
+ {render acl=$sudoCommandACL}
{$divlist_sudoCommand}
- <input type='text' value='' name='new_sudoCommand'><input type='submit' name='add_sudoCommand' value='{msgPool type=addButton}'>
+ {/render}
+ {render acl=$sudoCommandACL}
+ <input type='text' value='' name='new_sudoCommand'>
+ {/render}
+ {render acl=$sudoCommandACL}
+ <input type='submit' name='add_sudoCommand' value='{msgPool type=addButton}'>
+ {/render}
</td>
- <td style="padding-left:5px;border-left: solid 1px #AAAAAA;"><h2><img src="images/select_user.png" alt="" class="center"> Run as</h2>
- {$divlist_sudoRunas}
- <input type='text' value='' name='new_sudoRunas'><input type='submit' name='add_sudoRunas' value='{msgPool type=addButton}'>
+ <td style="padding-left:5px;border-left: solid 1px #AAAAAA;">
+ <h2><img src="images/select_user.png" alt="" class="center"> Run as</h2>
+ {render acl=$sudoRunAsACL}
+ {$divlist_sudoRunAs}
+ {/render}
+ {render acl=$sudoRunAsACL}
+ <input type='text' value='' name='new_sudoRunAs'>
+ {/render}
+ {render acl=$sudoRunAsACL}
+ <input type='submit' name='add_sudoRunAs' value='{msgPool type=addButton}'>
+ {/render}
</td>
</tr>
</table>