Code

Updated ACL checks for FAI management
authorhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Wed, 5 Nov 2008 08:10:39 +0000 (08:10 +0000)
committerhickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Wed, 5 Nov 2008 08:10:39 +0000 (08:10 +0000)
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@12912 594d385d-05f5-0310-b6e9-bd551577e9d8

gosa-plugins/fai/admin/fai/class_divListFai.inc
gosa-plugins/fai/admin/fai/class_faiManagement.inc
gosa-plugins/fai/admin/fai/main.inc

index 2fba9796636b57a0d0940d6abbbd79eb84b15d32..ebb49b04b7798c7118cf1d8416360feed296a601 100644 (file)
@@ -129,7 +129,7 @@ class divListFai extends MultiSelectWindow
     $add_sep = false;
 
     /* Get complete fai acls, to be able to check if we must show or hide the snapshot abilities */ 
-    $acl_all = $ui->has_complete_category_acls($this->config->current['BASE'],$this->module);
+    $acl_all = $ui->has_complete_category_acls($this->parent->acl_base,$this->module);
 
     /* Add default header */
     $listhead = MultiSelectWindow::get_default_header(false);
@@ -143,7 +143,7 @@ class divListFai extends MultiSelectWindow
     $s .= "..|<img src='images/lists/new.png' alt='' border='0' class='center'>".
       "&nbsp;"._("Create")."|\n";
 
-    $acl = $ui->get_permissions($this->config->current['BASE'],"fai/faiProfile");
+    $acl = $ui->get_permissions($this->parent->acl_base,"fai/faiProfile");
     if($this->parent->lock_type == "freeze" && !$this->parent->allow_freeze_object_attach){
       $s.= "...|<input class='center' type='image' src='plugins/fai/images/freeze.png' alt=''>".
         "&nbsp;"._("Freezed")."|\n";
@@ -169,7 +169,7 @@ class divListFai extends MultiSelectWindow
             "Create_package"   , _("PK") , "faiPackage"));
 
       foreach($arr as $ar){
-        $acl = $ui->get_permissions($this->config->current['BASE'],"fai/".$ar[4]);
+        $acl = $ui->get_permissions($this->parent->acl_base,"fai/".$ar[4]);
         if(preg_match("/c/",$acl)){
           $s.= "...|<input class='center' type='image' src='".$ar[0]."' alt=''>".
             "&nbsp;".$ar[1]."|".$ar[2]."|\n";
@@ -269,7 +269,7 @@ class divListFai extends MultiSelectWindow
        /* Add copy & cut icons */
        $ui = get_userinfo();
        $action ="";
-       $acl_all = $ui->has_complete_category_acls($this->config->current['BASE'],$this->module);
+       $acl_all = $ui->has_complete_category_acls($this->parent->acl_base,$this->module);
 
        if(preg_match("/^opsi_/",$type)){
          $editlink ="<a href='?plug=".$_GET['plug']."&amp;edit_opsi_entry=%KEY%' title='%TITLE%'>%NAME%</a>";
index 35d5cb0600f576a3211637452705e787c4e1d787..71ab93b09c7566613136e5e842dcb708ef840902 100644 (file)
@@ -51,6 +51,7 @@ class faiManagement extends plugin
   var $allow_freeze_object_attach = TRUE;
 
   var $no_save;
+  var $acl_base     ="";
   var $fai_base     ="";
   var $fai_release  ="";
 
@@ -82,9 +83,8 @@ class faiManagement extends plugin
     }
 
     /* Set default release 
-       !! If you change the base here you have to update the base in 
-           class_divListFai.inc too, all ACL checks use ($this->config->current['BASE']).
      */
+    $this->acl_base = $this->config->current['BASE'];
     $this->fai_base = get_ou("faiBaseRDN").$this->config->current['BASE'];
 
     if(!session::is_set("fai_filter")){
@@ -451,7 +451,7 @@ class faiManagement extends plugin
       Delete confirmed 
      ****************/
 
-               /* Deltetion was confirmed, so delete this entry
+               /* Deletion was confirmed, so delete this entry
      */
     if (isset($_POST['delete_terminal_confirm'])){
 
@@ -541,7 +541,7 @@ class faiManagement extends plugin
       if("" != $this->config->search("faiManagement", "POSTREMOVE",array('menu','tabs'))){
         /* Load permissions for selected 'dn' and check if
            we're allowed to remove this 'dn' */
-        if($this->acl_is_removeable()){
+        if(preg_match("/d/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
           $smarty->assign("release_hidden",base64_encode($this->fai_release));
           $smarty->assign("info", msgPool::deleteInfo(LDAP::fix($this->fai_release),_("FAI branch/freeze")));
           return($smarty->fetch(get_template_path('remove_branch.tpl',TRUE)));
@@ -574,7 +574,7 @@ class faiManagement extends plugin
 
           $br = $this->getBranches();
 
-          if(isset($br[$bb]) && $this->acl_is_removeable()){
+          if(isset($br[$bb]) && preg_match("/d/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
             $name = $br[$bb];
 
             $ldap->cd($bb);
@@ -692,7 +692,7 @@ class faiManagement extends plugin
 
     if(isset($_GET['PerformBranch'])){
     
-      if(!$this->acl_is_createable()){
+      if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
         msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
       }else{
 
@@ -853,8 +853,12 @@ class faiManagement extends plugin
      */
     if("" != $this->config->search("faiManagement", "POSTCREATE",array('menu','tabs'))){
       if(($s_action == "branch_branch")||($this->dispNewBranch)){
-        if(!$this->acl_is_createable()){
-        msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
+
+        echo $this->acl_base;
+        echo "->".$this->ui->get_permissions($this->acl_base,"fai/faiManagement");  
+
+        if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
+          msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
         }else{
           $this->dispNewBranch=true;
           $smarty->assign("iframe",false);
@@ -874,7 +878,7 @@ class faiManagement extends plugin
      */
     if("" != $this->config->search("faiManagement", "POSTCREATE",array('menu','tabs'))){
       if(($s_action == "freeze_branch")||($this->dispNewFreeze)){
-        if(!$this->acl_is_createable()){
+        if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
           msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
         }else{
           $this->dispNewFreeze = true;
@@ -1133,7 +1137,7 @@ class faiManagement extends plugin
       }
     }
     $this->base = $base;
-    $this->set_acl_base($this->base);
+    $this->set_acl_base($this->acl_base);
 
     $this->lock_type = FAI::get_release_tag(FAI::get_release_dn($base));
 
index 650515abc4cda8d7670ed26b13365ce2af223080..d2543758ce55da5a0a555a35cbfcf7a4295a42dd 100644 (file)
@@ -30,7 +30,6 @@ if ($remove_lock){
        if (!session::is_set('FAI') || (isset($_GET['reset']) && $_GET['reset'] == 1)){
                $FAI= new faiManagement($config, $ui);
                $FAI->set_acl_category("fai");
-               $FAI->set_acl_base(session::get('CurrentMainBase'));
                session::set('FAI',$FAI);
        }
        $FAI = session::get('FAI');