Upated ACL handling.

-Moved plinfo from divlist to class_acl
-If an user is removed, all its acls will be removed too.
-If an user is moved, all its acls will be moved too.

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7307 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/include/class_acl.inc b/include/class_acl.inc
index 4fbdbe962f21d6e956a880730bf62765e58446a0..4998df217490d08afd875cb7cb8d8e5687963b6b 100644 (file)
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
@@ -1079,6 +1079,87 @@ class acl extends plugin
     $this->handle_post_events("remove",array("uid" => $this->uid));
   }
 
+  
+  /* Return plugin informations for acl handling */
+  function plInfo()
+  {
+    return (array(
+          "plShortName"   => _("ACL"),
+          "plDescription" => _("ACL")._("Access control list").")",
+          "plSelfModify"  => FALSE,
+          "plDepends"     => array(),
+          "plPriority"    => 0,
+          "plSection"     => array("administration"),
+          "plCategory"    => array("acl" => array("description"  => _("ACL")." & "._("ACL roles"),
+                                                          "objectClass"  => array("gosaAcl","gosaRole"))),
+          "plProvidedAcls"=> array(
+            "cn"          => _("Role name"),
+            "description" => _("Role description"))
+
+          ));
+  }
+
+
+  /* Remove acls defined for $src */
+  function remove_acl()
+  {
+    $this->remove_acl_for_dn($this->dn);
+  }
+
+
+  /* Remove acls defined for $src */
+  function remove_acl_for_dn($src = "")
+  {
+    if($src == ""){
+      $src = $this->dn;
+    }
+    $ldap = $this->config->get_ldap_link();
+    $ldap->cd($this->config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+    while($attrs = $ldap->fetch()){
+      $acl = new acl($this->config,$this->parent,$attrs['dn']);
+      foreach($acl->gosaAclEntry as $id => $entry){
+        foreach($entry['members'] as $m_id => $member){
+          if($m_id == "U:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
+          }
+          if($m_id == "G:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
+          }
+        }
+      }
+      $acl -> save();
+    }
+  }
+
+  function update_acl_membership($src,$dst)
+  {
+    $ldap = $this->config->get_ldap_link();
+    $ldap->cd($this->config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+    while($attrs = $ldap->fetch()){
+      $acl = new acl($this->config,$this->parent,$attrs['dn']);
+      foreach($acl->gosaAclEntry as $id => $entry){
+        foreach($entry['members'] as $m_id => $member){
+          if($m_id == "U:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            $new = "U:".$dst;
+            $acl->gosaAclEntry[$id]['members'][$new] = $new;
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
+          }
+          if($m_id == "G:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            $new = "G:".$dst;
+            $acl->gosaAclEntry[$id]['members'][$new] = $new;
+            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
+          }
+        }
+      }
+      $acl -> save();
+    }
+  }
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:

diff --git a/include/class_plugin.inc b/include/class_plugin.inc
index 462be0b6c6c61a82f151c4162707a860abdee671..bb7d7354c19c2d5d4cb24ff415cccf6e5060ae12 100644 (file)
--- a/include/class_plugin.inc
+++ b/include/class_plugin.inc
@@ -766,7 +766,7 @@ class plugin
       $ei=ldap_first_entry($ds, $sr);
       if ($ei) {
         foreach($attrs as $attr => $val){
-          if ($info = ldap_get_values_len($ds, $ei, $attr)){
+          if ($info = @ldap_get_values_len($ds, $ei, $attr)){
             for ($i= 0; $i<$info['count']; $i++){
               if ($info['count'] == 1){
                 $new[$attr]= $info[$i];

diff --git a/plugins/admin/acl/class_divListACL.inc b/plugins/admin/acl/class_divListACL.inc
index 65e130f796d78d95f6a5c99fa353a94d0332fcd4..0d76a7af7d8a94db63cda6cd143dc4fae3721266 100644 (file)
--- a/plugins/admin/acl/class_divListACL.inc
+++ b/plugins/admin/acl/class_divListACL.inc
@@ -286,26 +286,6 @@ class divListACL extends MultiSelectWindow
     return(array("gosaAccount","gosaDepartment"));
   }
 
-  
-  /* Return plugin informations for acl handling */
-  function plInfo()
-  {
-    return (array(
-          "plShortName"   => _("ACL"),
-          "plDescription" => _("ACL")._("Access control list").")",
-          "plSelfModify"  => FALSE,
-          "plDepends"     => array(),
-          "plPriority"    => 0,
-          "plSection"     => array("administration"),
-          "plCategory"    => array("acl" => array("description"  => _("ACL")." & "._("ACL roles"),
-                                                          "objectClass"  => array("gosaAcl","gosaRole"))),
-          "plProvidedAcls"=> array(
-            "cn"          => _("Role name"),
-            "description" => _("Role description"))
-
-          ));
-  }
-
 
 
 }

diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 057c87fee1b473dc50a53dabfe17676ae14e2e14..27d617d8c674d9a829a8d2dd9b5144f534514f1e 100644 (file)
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -78,6 +78,7 @@ class user extends plugin
   var $role= "";
   var $publicVisible= "";
 
+  var $orig_dn;
   var $dialog;
 
   /* variables to trigger password changes */
@@ -118,6 +119,8 @@ class user extends plugin
     /* Load base attributes */
     plugin::plugin ($config, $dn);
 
+    $this->orig_dn = $this->dn;
+
     if ($this->config->current['GOVERNMENTMODE']){
       /* Fix public visible attribute if unset */
       if (!isset($this->attrs['publicVisible'])){
@@ -651,21 +654,8 @@ class user extends plugin
 
     /* Remove ACL dependencies too, 
      */
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
-    while($attrs = $ldap->fetch()){
-      $acl = new acl($this->config,$this->parent,$attrs['dn']);
-      foreach($acl->gosaAclEntry as $id => $entry){
-        foreach($entry['members'] as $m_id => $member){
-          if($m_id == "U:".$this->dn){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]); 
-            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn'])); 
-          }
-        }
-      }  
-      $acl -> save();
-    }
+    $tmp = new acl($this->config,$this->parent,$this->dn);
+    $tmp->remove_acl();
 
     /* Optionally execute a command after we're done */
     $this->handle_post_events("remove",array("uid" => $this->uid));
@@ -969,6 +959,12 @@ class user extends plugin
       return (1);
     }
 
+
+    /* Remove ACL dependencies too, 
+     */
+    $tmp = new acl($this->config,$this->parent,$this->dn);
+    $tmp->update_acl_membership($this->orig_dn,$this->dn);
+
     if($mode == "modify"){
       new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
     }else{