![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f8cf317)
raw | patch | inline | side by side (parent: f8cf317)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Tue, 6 Apr 2010 13:30:10 +0000 (13:30 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Tue, 6 Apr 2010 13:30:10 +0000 (13:30 +0000) |
-We now use the sortable listing
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@17484 594d385d-05f5-0310-b6e9-bd551577e9d8
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@17484 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc | patch | blob | history |
diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
index 8ed4f033d96c4f65e5d384f56fe725af641ed898..726c747c10edf7cb59cc215af570eb10280ddba7 100644 (file)
/*! \brief Sudo generic class. Allow setting User/Host/Command/Runas
- for a sudo role object.
+ for a sudo role object.
*/
class sudo extends plugin
{
- protected $cn= "";
- protected $description= "";
+ protected $cn= "";
+ protected $description= "";
- protected $sudoUser = array("ALL");
- protected $sudoCommand= array();
- protected $sudoHost = array("ALL");
- protected $sudoRunAs = array("ALL");
- protected $accessTo = array();
- protected $trustModel = "";
+ protected $sudoUser = array("ALL");
+ protected $sudoCommand= array();
+ protected $sudoHost = array("ALL");
+ protected $sudoRunAs = array("ALL");
+ protected $accessTo = array();
+ protected $trustModel = "";
- private $is_default = FALSE;
- private $was_trust_account= FALSE;
+ private $is_default = FALSE;
+ private $was_trust_account= FALSE;
- public $objectclasses = array("top","sudoRole");
- public $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunAs","accessTo","trustModel");
+ public $objectclasses = array("top","sudoRole");
+ public $attributes = array("cn","description","sudoUser","sudoCommand","sudoHost","sudoRunAs","accessTo","trustModel");
- public $ignore_account = TRUE;
+ public $ignore_account = TRUE;
- public $orig_dn;
+ public $orig_dn;
- protected $trustSelect;
+ protected $trustSelect;
- /*! \brief Returns to the base department for sudo roles.
- This department is then used to store new roles.
+ /*! \brief Returns to the base department for sudo roles.
+ This department is then used to store new roles.
@param Object GOsa configuration object.
@return String sudo store department
- */
- public static function get_sudoers_ou($config)
- {
- return(get_ou("sudoRDN").$config->current['BASE']);
- }
+ */
+ public static function get_sudoers_ou($config)
+ {
+ return(get_ou("sudoRDN").$config->current['BASE']);
+ }
- /*! \brief Initializes this sudo class, with all required attributes.
+ /*! \brief Initializes this sudo class, with all required attributes.
@param Object $config GOsa configuration object.
@param String $db "new" or the sudo role dn.
@return .
- */
- function sudo(&$config, $dn= NULL)
- {
- plugin::plugin ($config, $dn);
-
- if($this->initially_was_account){
- foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunAs") as $attr){
- $this->$attr = array();
- if(isset($this->attrs[$attr])){
- $tmp = array();
- for($i = 0 ; $i < $this->attrs[$attr]['count']; $i++){
- $tmp[] = $this->attrs[$attr][$i];
- }
- $this->$attr = $tmp;
- }
- }
-
- /* Is this account a trustAccount? */
- if (isset($this->attrs['trustModel'])){
- $this->trustModel= $this->attrs['trustModel'][0];
- $this->was_trust_account= TRUE;
- } else {
- $this->was_trust_account= FALSE;
- $this->trustModel= "";
- }
-
- $this->accessTo = array();
- if (isset($this->attrs['accessTo'])){
- for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
- $tmp= $this->attrs['accessTo'][$i];
- $this->accessTo[$tmp]= $tmp;
- }
- }
+ */
+ function sudo(&$config, $dn= NULL)
+ {
+ plugin::plugin ($config, $dn);
+
+ if($this->initially_was_account){
+ foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunAs") as $attr){
+ $this->$attr = array();
+ if(isset($this->attrs[$attr])){
+ $tmp = array();
+ for($i = 0 ; $i < $this->attrs[$attr]['count']; $i++){
+ $tmp[] = $this->attrs[$attr][$i];
+ }
+ $this->$attr = $tmp;
+ }
+ }
- }
+ /* Is this account a trustAccount? */
+ if (isset($this->attrs['trustModel'])){
+ $this->trustModel= $this->attrs['trustModel'][0];
+ $this->was_trust_account= TRUE;
+ } else {
+ $this->was_trust_account= FALSE;
+ $this->trustModel= "";
+ }
- if(preg_match("/^defaults$/i",$this->cn)){
- $this->is_default = TRUE;
- }
+ $this->accessTo = array();
+ if (isset($this->attrs['accessTo'])){
+ for ($i= 0; $i<$this->attrs['accessTo']['count']; $i++){
+ $tmp= $this->attrs['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
- /* Get global filter config */
- if (!session::is_set("sysfilter")){
- $ui= get_userinfo();
- $base= get_base_from_people($ui->dn);
- $sysfilter= array( "depselect" => $base,
- "regex" => "*");
- session::set("sysfilter", $sysfilter);
- }
+ }
- $this->orig_dn = $this->dn;
- }
+ if(preg_match("/^defaults$/i",$this->cn)){
+ $this->is_default = TRUE;
+ }
+ /* Get global filter config */
+ if (!session::is_set("sysfilter")){
+ $ui= get_userinfo();
+ $base= get_base_from_people($ui->dn);
+ $sysfilter= array( "depselect" => $base,
+ "regex" => "*");
+ session::set("sysfilter", $sysfilter);
+ }
- /*! \brief Creates the sudo generic ui.
- @return String The generated HTML content for this plugin.
- */
- function execute()
- {
- /* Call parent execute */
- plugin::execute();
-
- /*********************
- Access control list / trust mode
- *********************/
-
- /* Add user workstation? */
- if (isset($_POST["add_ws"])){
- $this->trustSelect= new trustSelect($this->config,get_userinfo());
- $this->dialog= TRUE;
+ $this->orig_dn = $this->dn;
+
+ // Build sortable lists
+ foreach(array('sudoUser','sudoCommand','sudoHost','sudoRunAs') as $l){
+ $ll = $l."List";
+ $this->$ll = new sortableListing($this->$l);
+ $this->$ll->setDeleteable(false);
+ $this->$ll->setEditable(false);
+ $this->$ll->setWidth("100%");
+ $this->$ll->setHeight("100px");
+ $this->$ll->setAcl($this->getacl($l));
+ }
+ $this->sudoUserList->setHeader(array("!",_("Type"),_("Member"),_("Option")));
+ $this->sudoUserList->setColspecs(array('24px','24px','*','46px'));
+ $this->sudoHostList->setHeader(array("!",_("System"),_("Option")));
+ $this->sudoHostList->setColspecs(array('24px','*','46px'));
+ $this->sudoCommandList->setHeader(array("!",_("Command"),_("Option")));
+ $this->sudoCommandList->setColspecs(array('24px','*','46px'));
+ $this->sudoRunAsList->setHeader(array("!",_("User"),_("Option")));
+ $this->sudoRunAsList->setColspecs(array('24px','*','46px'));
}
- // Add selected machines to trusted ones.
- if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
- $trusts = $this->trustSelect->detectPostActions();
- if(isset($trusts['targets'])){
-
- $headpage = $this->trustSelect->getHeadpage();
- foreach($trusts['targets'] as $id){
- $attrs = $headpage->getEntry($id);
- $this->accessTo[$attrs['cn'][0]]= $attrs['cn'][0];
- }
- ksort($this->accessTo);
- $this->is_modified= TRUE;
- }
- $this->trustSelect= NULL;
- $this->dialog= FALSE;
- }
+ /*! \brief Creates the sudo generic ui.
+ @return String The generated HTML content for this plugin.
+ */
+ function execute()
+ {
+ /* Call parent execute */
+ plugin::execute();
+
+ /*********************
+ Access control list / trust mode
+ *********************/
+
+ /* Add user workstation? */
+ if (isset($_POST["add_ws"])){
+ $this->trustSelect= new trustSelect($this->config,get_userinfo());
+ $this->dialog= TRUE;
+ }
- /* Remove user workstations? */
- if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
- foreach($_POST['workstation_list'] as $name){
- unset ($this->accessTo[$name]);
- }
- $this->is_modified= TRUE;
- }
+ // Add selected machines to trusted ones.
+ if (isset($_POST["add_ws_finish"]) && $this->trustSelect){
+ $trusts = $this->trustSelect->detectPostActions();
+ if(isset($trusts['targets'])){
+
+ $headpage = $this->trustSelect->getHeadpage();
+ foreach($trusts['targets'] as $id){
+ $attrs = $headpage->getEntry($id);
+ $this->accessTo[$attrs['cn'][0]]= $attrs['cn'][0];
+ }
+ ksort($this->accessTo);
+ $this->is_modified= TRUE;
+ }
+ $this->trustSelect= NULL;
+ $this->dialog= FALSE;
+ }
- /* Add user workstation finished? */
- if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
- $this->trustSelect= NULL;
- $this->dialog= FALSE;
- }
- /* Show ws dialog */
- if ($this->trustSelect){
+ /* Remove user workstations? */
+ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){
+ foreach($_POST['workstation_list'] as $name){
+ unset ($this->accessTo[$name]);
+ }
+ $this->is_modified= TRUE;
+ }
- // Build up blocklist
- session::set('filterBlacklist', array('cn' => array_values($this->accessTo)));
- return($this->trustSelect->execute());
- }
+ /* Add user workstation finished? */
+ if (isset($_POST["add_ws_finish"]) || isset($_POST["add_ws_cancel"])){
+ $this->trustSelect= NULL;
+ $this->dialog= FALSE;
+ }
+ /* Show ws dialog */
+ if ($this->trustSelect){
- /*********************
- Add users
- *********************/
-
- if(isset($_POST['list_sudoUser']) && !is_object($this->dialog) && $this->acl_is_writeable("sudoUser")){
- $this->dialog =new userGroupSelect($this->config,get_userinfo());
- }
-
- /* Add selected hosts to the sudoUser list */
- if(isset($_POST['userGroupSelect_save']) && $this->dialog instanceof userGroupSelect){
- if($this->acl_is_writeable("sudoUser")){
- foreach($this->dialog->save() as $entry){
- if(in_array("posixGroup",$entry['objectClass'])){
- $name = trim("%".$entry['cn'][0]);
- }elseif(isset($entry['uid'][0])){
- $name = trim($entry['uid'][0]);
- }
- if(!in_array($name,$this->sudoUser) && !in_array("!".$name,$this->sudoUser)){
- $this->sudoUser[] = $name;
- }
- }
- }
- unset($this->dialog);
- $this->dialog = NULL;
- }
-
- if(isset($_POST['userGroupSelect_cancel']) && $this->dialog instanceOf userGroupSelect){
- unset($this->dialog);
- $this->dialog = NULL;
- }
-
- if($this->dialog instanceOf userGroupSelect){
- $used = array();
- foreach($this->sudoUser as $name){
- $str = preg_replace("/^!/","",$name);
- if(preg_match("/^%/", $str)){
- $used['cn'][] = preg_replace("/^%/","",$str);
- }else{
- $used['uid'][] = $str;
+ // Build up blocklist
+ session::set('filterBlacklist', array('cn' => array_values($this->accessTo)));
+ return($this->trustSelect->execute());
}
- }
- // Build up blocklist
- session::set('filterBlacklist', $used);
- return($this->dialog->execute());
- }
-
+ /*********************
+ Add users
+ *********************/
- /*********************
- Add systems
- *********************/
-
- if(isset($_POST['list_sudoHost']) && !is_object($this->dialog) && $this->acl_is_writeable("sudoHost")){
- $this->dialog =new systemSelect($this->config,get_userinfo());
- }
-
- /* Add selected hosts to the sudoHost list */
- if(isset($_POST['systemSelect_save']) && $this->dialog instanceof systemSelect){
- if($this->acl_is_writeable("sudoHost")){
- foreach($this->dialog->save() as $entry){
- $cn = trim($entry['cn'][0]);
- if(!in_array($cn,$this->sudoHost) && !in_array("!".$cn,$this->sudoHost)){
- $this->sudoHost[] = $cn;
- }
- }
- }
- unset($this->dialog);
- $this->dialog = NULL;
- }
-
- if(isset($_POST['systemSelect_cancel']) && $this->dialog instanceOf systemSelect){
- unset($this->dialog);
- $this->dialog = NULL;
- }
-
- if($this->dialog instanceOf systemSelect){
- $used = array();
- foreach($this->sudoHost as $name){
- $used['cn'][] = preg_replace("/^!/","",$name);
- }
-
- // Build up blocklist
- session::set('filterBlacklist', $used);
- return($this->dialog->execute());
- }
-
- /*********************
- Dialog handling / display / close
- *********************/
-
- if(is_object($this->dialog)){
- return($this->dialog->execute());
- }
+ if(isset($_POST['list_sudoUser']) && !is_object($this->dialog) && $this->acl_is_writeable("sudoUser")){
+ $this->dialog =new userGroupSelect($this->config,get_userinfo());
+ }
-
- /*********************
- NEGATE values
- *********************/
- foreach($_POST as $name => $value){
- if(preg_match("/^neg_/",$name)){
- $attr = preg_replace("/^neg_([^_]*)_.*$/","\\1",$name);
- $value= preg_replace("/^neg_[^_]*_([0-9]*)$/","\\1",$name);
-
- if($this->acl_is_writeable($attr)){
- $attrs = $this->$attr;
- if(isset( $attrs[$value])){
- $v = $attrs[$value];
- if(preg_match("/^!/",$v)){
- $attrs[$value] = preg_replace("/^!/","",$v);
- }else{
- $attrs[$value] = "!".$v;
+ /* Add selected hosts to the sudoUser list */
+ if(isset($_POST['userGroupSelect_save']) && $this->dialog instanceof userGroupSelect){
+ if($this->acl_is_writeable("sudoUser")){
+ foreach($this->dialog->save() as $entry){
+ if(in_array("posixGroup",$entry['objectClass'])){
+ $name = trim("%".$entry['cn'][0]);
+ }elseif(isset($entry['uid'][0])){
+ $name = trim($entry['uid'][0]);
+ }
+ if(!in_array($name,$this->sudoUser) && !in_array("!".$name,$this->sudoUser)){
+ $this->sudoUser[] = $name;
+ }
+ }
+ }
+ unset($this->dialog);
+ $this->dialog = NULL;
+ }
+
+ if(isset($_POST['userGroupSelect_cancel']) && $this->dialog instanceOf userGroupSelect){
+ unset($this->dialog);
+ $this->dialog = NULL;
+ }
+
+ if($this->dialog instanceOf userGroupSelect){
+ $used = array();
+ foreach($this->sudoUser as $name){
+ $str = preg_replace("/^!/","",$name);
+ if(preg_match("/^%/", $str)){
+ $used['cn'][] = preg_replace("/^%/","",$str);
+ }else{
+ $used['uid'][] = $str;
+ }
}
- $this->$attr = $attrs;
- }
+
+ // Build up blocklist
+ session::set('filterBlacklist', $used);
+ return($this->dialog->execute());
}
- break; // Do it once, image inputs will be posted twice
- }
- }
-
- /*********************
- Delete values
- *********************/
- foreach($_POST as $name => $value){
- if(preg_match("/^del_/",$name)){
- $attr = preg_replace("/^del_([^_]*).*$/","\\1",$name);
- $value= preg_replace("/^del_[^_]*_([0-9]*)$/","\\1",$name);
- if($this->acl_is_writeable($attr)){
- $attrs = $this->$attr;
- if(isset( $attrs[$value])){
- unset($attrs[$value]);
- $this->$attr = $attrs;
- }
- }
- break; // Do it once, image inputs will be posted twice
- }
- }
- /*********************
- ADD values
- *********************/
-
- /* User / Host / Runas */
- foreach(array("sudoUser","sudoHost","sudoRunAs") as $attr){
- if($this->acl_is_writeable($attr) &&
- isset($_POST["add_".$attr]) &&
- isset($_POST['new_'.$attr]) &&
- !empty($_POST['new_'.$attr])){
- if(preg_match("/^[a-z\.0-9]*$/i",$_POST['new_'.$attr])){
- $attrs = $this->$attr;
- $attrs[] = trim($_POST['new_'.$attr]);
- $this->$attr = $attrs;
- }else{
- msg_dialog::display(_("Error"),msgPool::invalid($attr,$_POST['new_'.$attr],"/[a-z0-9]/"));
+
+ /*********************
+ Add systems
+ *********************/
+
+ if(isset($_POST['list_sudoHost']) && !is_object($this->dialog) && $this->acl_is_writeable("sudoHost")){
+ $this->dialog =new systemSelect($this->config,get_userinfo());
}
- }
- }
- /* Command */
- foreach(array("sudoCommand") as $attr){
- if($this->acl_is_writeable($attr) && isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
- $attrs = $this->$attr;
- $attrs[] = trim($_POST['new_'.$attr]);
- $this->$attr = $attrs;
- }
- }
+ /* Add selected hosts to the sudoHost list */
+ if(isset($_POST['systemSelect_save']) && $this->dialog instanceof systemSelect){
+ if($this->acl_is_writeable("sudoHost")){
+ foreach($this->dialog->save() as $entry){
+ $cn = trim($entry['cn'][0]);
+ if(!in_array($cn,$this->sudoHost) && !in_array("!".$cn,$this->sudoHost)){
+ $this->sudoHost[] = $cn;
+ }
+ }
+ }
+ unset($this->dialog);
+ $this->dialog = NULL;
+ }
+
+ if(isset($_POST['systemSelect_cancel']) && $this->dialog instanceOf systemSelect){
+ unset($this->dialog);
+ $this->dialog = NULL;
+ }
+
+ if($this->dialog instanceOf systemSelect){
+ $used = array();
+ foreach($this->sudoHost as $name){
+ $used['cn'][] = preg_replace("/^!/","",$name);
+ }
-
- /*********************
- SMARTY assignments
- *********************/
-
- $smarty = get_smarty();
- $smarty->assign("is_default",$this->is_default);
- foreach($this->attributes as $attr){
- if(is_string($this->$attr)){
- $smarty->assign($attr,htmlentities($this->$attr));
- }else{
- $smarty->assign($attr,$this->$attr);
- }
- $smarty->assign($attr."ACL",$this->getacl($attr));
- }
+ // Build up blocklist
+ session::set('filterBlacklist', $used);
+ return($this->dialog->execute());
+ }
- /* Work on trust modes */
- $smarty->assign("trusthide", " disabled ");
- if ($this->trustModel == "fullaccess"){
- $trustmode= 1;
- } elseif ($this->trustModel == "byhost"){
- $trustmode= 2;
- $smarty->assign("trusthide", "");
- } else {
- $trustmode= 0;
- }
- $smarty->assign("trustmode", $trustmode);
- $smarty->assign("trustmodes", array(
- 0 => _("disabled"),
- 1 => _("full access"),
- 2 => _("allow access to these hosts")));
-
- if((count($this->accessTo))==0){
- $smarty->assign("emptyArrAccess",true);
- }else{
- $smarty->assign("emptyArrAccess",false);
- }
- $smarty->assign("workstations", $this->accessTo);
-
- /* Create lists
- */
- $divlist_sudoUser = new divSelectBox("divlist_sudoUser");
- $divlist_sudoUser->SetHeight("90");
- $divlist_sudoHost = new divSelectBox("divlist_sudoHost");
- $divlist_sudoHost->Setheight("90");
- $divlist_sudoRunAs = new divSelectBox("divlist_sudoRunAs");
- $divlist_sudoRunAs->Setheight("90");
- $divlist_sudoCommand = new divSelectBox("divlist_sudoCommand");
- $divlist_sudoCommand->Setheight("90");
-
- /* Fill divlists
- */
- $neg_img= image('plugins/sudo/images/negate.png','','!');
- $option = image('plugins/sudo/images/negate.png','neg_%ATTR%_%KEY%');
- $option.= image('images/lists/trash.png', 'del_%ATTR%_%KEY%');
- foreach(array("sudoCommand","sudoHost","sudoRunAs") as $attr){
- if($this->acl_is_readable($attr)){
- foreach($this->$attr as $key => $entry){
- $neg = "";
- if(preg_match("/^!/",$entry)){
- $neg = $neg_img;
- }
- $entry = preg_replace("/^!/","",$entry);
- $list_name = "divlist_".$attr;
- $$list_name->AddEntry(
- array(
- array("string" => $neg,"attach" => "style='width:18px;'"),
- array("string" => $entry),
- array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
- "attach" => "style='width:40px; border-right: 0px;'")));
- }
- }
- }
+ /*********************
+ Dialog handling / display / close
+ *********************/
- foreach(array("sudoUser") as $attr){
- $img1 = image('plugins/users/images/select_user.png','',_("User"));
- $img2 = image('plugins/groups/images/select_group.png','',_("Group"));
- if($this->acl_is_readable($attr)){
- foreach($this->$attr as $key => $entry){
- $neg = "";
- if(preg_match("/^!/",$entry)){
- $neg = $neg_img;
- }
- $entry = preg_replace("/^!/","",$entry);
-
- $img = $img1;
- if(preg_match("/^%/",$entry)){
- $img = $img2;
- }
- $entry = preg_replace("/^%/","",$entry);
-
- $list_name = "divlist_".$attr;
- $$list_name->AddEntry(
- array(
- array("string" => $neg,"attach" => "style='width:18px;'"),
- array("string" => $img,"attach" => "style='width:18px;'"),
- array("string" => $entry),
- array("string" => preg_replace(array("/%KEY%/","/%ATTR%/"),array($key,$attr),$option),
- "attach" => "style='width:40px; border-right: 0px;'")));
- }
- }
- }
+ if(is_object($this->dialog)){
+ return($this->dialog->execute());
+ }
+ /*********************
+ NEGATE values
+ *********************/
+ foreach($_POST as $name => $value){
+ if(preg_match("/^neg_/",$name)){
+ $attr = preg_replace("/^neg_([^_]*)_.*$/","\\1",$name);
+ $value= preg_replace("/^neg_[^_]*_([0-9]*)$/","\\1",$name);
+
+ if($this->acl_is_writeable($attr)){
+ $attrs = $this->$attr;
+ if(isset( $attrs[$value])){
+ $v = $attrs[$value];
+ if(preg_match("/^!/",$v)){
+ $attrs[$value] = preg_replace("/^!/","",$v);
+ }else{
+ $attrs[$value] = "!".$v;
+ }
+ $this->$attr = $attrs;
+ }
+ }
+ break; // Do it once, image inputs will be posted twice
+ }
+ }
+ /*********************
+ Delete values
+ *********************/
+ foreach($_POST as $name => $value){
+ if(preg_match("/^del_/",$name)){
+ $attr = preg_replace("/^del_([^_]*).*$/","\\1",$name);
+ $value= preg_replace("/^del_[^_]*_([0-9]*)$/","\\1",$name);
+ if($this->acl_is_writeable($attr)){
+ $attrs = $this->$attr;
+ if(isset( $attrs[$value])){
+ unset($attrs[$value]);
+ $this->$attr = $attrs;
+ }
+ }
+ break; // Do it once, image inputs will be posted twice
+ }
+ }
- /* Tell smarty about our divlists
- */
- $smarty->assign("divlist_sudoUser", $divlist_sudoUser->DrawList());
- $smarty->assign("divlist_sudoHost", $divlist_sudoHost->DrawList());
- $smarty->assign("divlist_sudoRunAs", $divlist_sudoRunAs->DrawList());
- $smarty->assign("divlist_sudoCommand",$divlist_sudoCommand->DrawList());
- return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
- }
-
-
- /*! \brief Remove this sudo role from the ldap server
- */
- function remove_from_parent()
- {
- plugin::remove_from_parent();
-
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->dn);
- $ldap->rmdir($this->dn);
-
- /* Send signal to the world that we've done */
- $this->handle_post_events("remove");
- }
-
-
- /*! \brief Save all relevant HTML posts.
- */
- function save_object()
- {
- plugin::save_object();
-
- if($this->is_default){
- $this->cn = "defaults";
- }
-
- /* Trust mode - special handling */
- if($this->acl_is_writeable("trustModel")){
- if (isset($_POST['trustmode'])){
- $saved= $this->trustModel;
- if ($_POST['trustmode'] == "1"){
- $this->trustModel= "fullaccess";
- } elseif ($_POST['trustmode'] == "2"){
- $this->trustModel= "byhost";
+
+ /*********************
+ ADD values
+ *********************/
+
+ /* User / Host / Runas */
+ foreach(array("sudoUser","sudoHost","sudoRunAs") as $attr){
+ if($this->acl_is_writeable($attr) &&
+ isset($_POST["add_".$attr]) &&
+ isset($_POST['new_'.$attr]) &&
+ !empty($_POST['new_'.$attr])){
+ if(preg_match("/^[a-z\.0-9]*$/i",$_POST['new_'.$attr])){
+ $attrs = $this->$attr;
+ $attrs[] = trim($_POST['new_'.$attr]);
+ $this->$attr = $attrs;
+ }else{
+ msg_dialog::display(_("Error"),msgPool::invalid($attr,$_POST['new_'.$attr],"/[a-z0-9]/"));
+ }
+ }
+ }
+
+ /* Command */
+ foreach(array("sudoCommand") as $attr){
+ if($this->acl_is_writeable($attr) && isset($_POST["add_".$attr]) && isset($_POST['new_'.$attr])){
+ $attrs = $this->$attr;
+ $attrs[] = trim($_POST['new_'.$attr]);
+ $this->$attr = $attrs;
+ }
+ }
+
+
+ /*********************
+ SMARTY assignments
+ *********************/
+
+ $smarty = get_smarty();
+ $smarty->assign("is_default",$this->is_default);
+ foreach($this->attributes as $attr){
+ if(is_string($this->$attr)){
+ $smarty->assign($attr,htmlentities($this->$attr));
+ }else{
+ $smarty->assign($attr,$this->$attr);
+ }
+ $smarty->assign($attr."ACL",$this->getacl($attr));
+ }
+
+ /* Work on trust modes */
+ $smarty->assign("trusthide", " disabled ");
+ if ($this->trustModel == "fullaccess"){
+ $trustmode= 1;
+ } elseif ($this->trustModel == "byhost"){
+ $trustmode= 2;
+ $smarty->assign("trusthide", "");
} else {
- $this->trustModel= "";
+ $trustmode= 0;
+ }
+ $smarty->assign("trustmode", $trustmode);
+ $smarty->assign("trustmodes", array(
+ 0 => _("disabled"),
+ 1 => _("full access"),
+ 2 => _("allow access to these hosts")));
+
+ if((count($this->accessTo))==0){
+ $smarty->assign("emptyArrAccess",true);
+ }else{
+ $smarty->assign("emptyArrAccess",false);
+ }
+ $smarty->assign("workstations", $this->accessTo);
+
+
+ /* Fill divlists
+ */
+ $neg_img= image('plugins/sudo/images/negate.png','','!');
+ $option = image('plugins/sudo/images/negate.png','neg_%ATTR%_%KEY%');
+ $option.= image('images/lists/trash.png', 'del_%ATTR%_%KEY%');
+ foreach(array('sudoUser','sudoCommand','sudoHost','sudoRunAs') as $l){
+ $l.="Data";
+ $$l = array();
+ }
+
+ foreach(array("sudoCommand","sudoHost","sudoRunAs") as $attr){
+ if($this->acl_is_readable($attr)){
+ $tmp =array();
+ $list = $attr."List";
+ $data = $attr."Data";
+ foreach($this->$attr as $id => $entry){
+ $neg = "";
+ if(preg_match("/^!/",$entry)){
+ $neg = $neg_img;
+ }
+ $entry = preg_replace("/^!/","",$entry);
+
+ $action =preg_replace(array("/%KEY%/","/%ATTR%/"),array($id,$attr),$option);
+ $tmp[$id] = array('data'=>array($neg,$entry,$action)) ;
+ }
+ $this->$list->setListData($this->$attr, $tmp);
+ $this->$list->update();
+ $smarty->assign("divlist_{$attr}", $this->$list->render());
+ }
}
- if ($this->trustModel != $saved){
- $this->is_modified= TRUE;
+
+
+ if($this->acl_is_readable($attr)){
+ $img1 = image('plugins/users/images/select_user.png','',_("User"));
+ $img2 = image('plugins/groups/images/select_group.png','',_("Group"));
+ $sudoUserData = array();
+ foreach($this->sudoUser as $id => $entry){
+ $neg = "";
+ if(preg_match("/^!/",$entry)){
+ $neg = $neg_img;
+ }
+ $entry = preg_replace("/^!/","",$entry);
+
+ $img = $img1;
+ if(preg_match("/^%/",$entry)){
+ $img = $img2;
+ }
+ $entry = preg_replace("/^%/","",$entry);
+ $action =preg_replace(array("/%KEY%/","/%ATTR%/"),array($id,'sudoUser'),$option);
+ $sudoUserData[$id] = array('data'=>array($neg,$img,$entry,$action)) ;
+ }
+ $this->sudoUserList->setListData($this->sudoUser,$sudoUserData);
+ $this->sudoUserList->update();
+ $smarty->assign("divlist_sudoUser", $this->sudoUserList->render());
}
- }
+ return($smarty->fetch(get_template_path('generic.tpl', TRUE)));
}
- }
-
-
- /*! \brief Save changes into the ldap database.
- */
- function save()
- {
- plugin::save();
- /* Trust accounts */
- $objectclasses= array();
- foreach ($this->attrs['objectClass'] as $key => $class){
- if (preg_match('/trustAccount/i', $class)){
- continue;
- }
- $objectclasses[]= $this->attrs['objectClass'][$key];
+
+
+ /*! \brief Remove this sudo role from the ldap server
+ */
+ function remove_from_parent()
+ {
+ plugin::remove_from_parent();
+
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->dn);
+ $ldap->rmdir($this->dn);
+
+ /* Send signal to the world that we've done */
+ $this->handle_post_events("remove");
}
- $this->attrs['objectClass']= $objectclasses;
- if ($this->trustModel != ""){
- $this->attrs['objectClass'][]= "trustAccount";
- $this->attrs['trustModel']= $this->trustModel;
- $this->attrs['accessTo']= array();
- if ($this->trustModel == "byhost"){
- foreach ($this->accessTo as $host){
- $this->attrs['accessTo'][]= $host;
- }
- }
- } else {
- if ($this->was_trust_account){
- $this->attrs['accessTo']= array();
- $this->attrs['trustModel']= array();
- }
+
+ /*! \brief Save all relevant HTML posts.
+ */
+ function save_object()
+ {
+ plugin::save_object();
+
+ if($this->is_default){
+ $this->cn = "defaults";
+ }
+
+ /* Trust mode - special handling */
+ if($this->acl_is_writeable("trustModel")){
+ if (isset($_POST['trustmode'])){
+ $saved= $this->trustModel;
+ if ($_POST['trustmode'] == "1"){
+ $this->trustModel= "fullaccess";
+ } elseif ($_POST['trustmode'] == "2"){
+ $this->trustModel= "byhost";
+ } else {
+ $this->trustModel= "";
+ }
+ if ($this->trustModel != $saved){
+ $this->is_modified= TRUE;
+ }
+ }
+ }
}
- /* Ensure a correct array index
- */
- $this->attrs['sudoHost'] = array_values($this->attrs['sudoHost']);
- $this->attrs['sudoRunAs'] = array_values($this->attrs['sudoRunAs']);
- $this->attrs['sudoUser'] = array_values($this->attrs['sudoUser']);
- $this->attrs['sudoCommand'] = array_values($this->attrs['sudoCommand']);
+ /*! \brief Save changes into the ldap database.
+ */
+ function save()
+ {
+ plugin::save();
+ /* Trust accounts */
+ $objectclasses= array();
+ foreach ($this->attrs['objectClass'] as $key => $class){
+ if (preg_match('/trustAccount/i', $class)){
+ continue;
+ }
+ $objectclasses[]= $this->attrs['objectClass'][$key];
+ }
- $this->cleanup();
+ $this->attrs['objectClass']= $objectclasses;
+ if ($this->trustModel != ""){
+ $this->attrs['objectClass'][]= "trustAccount";
+ $this->attrs['trustModel']= $this->trustModel;
+ $this->attrs['accessTo']= array();
+ if ($this->trustModel == "byhost"){
+ foreach ($this->accessTo as $host){
+ $this->attrs['accessTo'][]= $host;
+ }
+ }
+ } else {
+ if ($this->was_trust_account){
+ $this->attrs['accessTo']= array();
+ $this->attrs['trustModel']= array();
+ }
+ }
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
- if($this->is_new){
- $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
- $ldap->cd($this->dn);
- $ldap->add($this->attrs);
+ /* Ensure a correct array index
+ */
+ $this->attrs['sudoHost'] = array_values($this->attrs['sudoHost']);
+ $this->attrs['sudoRunAs'] = array_values($this->attrs['sudoRunAs']);
+ $this->attrs['sudoUser'] = array_values($this->attrs['sudoUser']);
+ $this->attrs['sudoCommand'] = array_values($this->attrs['sudoCommand']);
- /* Send signal to the world that we've done */
- $this->handle_post_events("create");
- }else{
- $ldap->cd($this->dn);
- $ldap->modify($this->attrs);;
+ $this->cleanup();
- /* Send signal to the world that we've done */
- $this->handle_post_events("modify");
- }
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+
+ if($this->is_new){
+ $ldap->create_missing_trees(preg_replace('/^[^,]+,/', '', $this->dn));
+ $ldap->cd($this->dn);
+ $ldap->add($this->attrs);
+
+ /* Send signal to the world that we've done */
+ $this->handle_post_events("create");
+ }else{
+ $ldap->cd($this->dn);
+ $ldap->modify($this->attrs);;
+
+ /* Send signal to the world that we've done */
+ $this->handle_post_events("modify");
+ }
- if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_DEL, get_class()));
+ }
}
- }
- /*! \brief Check the given input.
+ /*! \brief Check the given input.
@return Array All error messages in an array();
- */
- function check()
- {
- $message = plugin::check();
-
- /* Is a name given? */
- if($this->cn == ""){
- $message[] = msgPool::required(_("Name"));
- }
+ */
+ function check()
+ {
+ $message = plugin::check();
- /* Check if name is reserved */
- if(!$this->is_default && preg_match("/^defaults$/i",$this->cn)){
- $message[] = msgPool::reserved(_("Name"));
- }
+ /* Is a name given? */
+ if($this->cn == ""){
+ $message[] = msgPool::required(_("Name"));
+ }
- /* Check name */
- if(!preg_match("/^[0-9a-z\@]*$/i",$this->cn)){
- $message[] = msgPool::invalid(_("Name"),$this->cn,"/[0-9a-z\@]/i");
- }
+ /* Check if name is reserved */
+ if(!$this->is_default && preg_match("/^defaults$/i",$this->cn)){
+ $message[] = msgPool::reserved(_("Name"));
+ }
- /* Check if this entry will cause duplicated ldap entries */
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->get_sudoers_ou($this->config));
- $ldap->search("(&(objectClass=sudoRole)(cn=".$this->cn."))");
- while($attrs = $ldap->fetch()){
- if($attrs['dn'] != $this->dn){
- $message[] = msgPool::duplicated(_("Name"));
- }
- }
+ /* Check name */
+ if(!preg_match("/^[0-9a-z\@]*$/i",$this->cn)){
+ $message[] = msgPool::invalid(_("Name"),$this->cn,"/[0-9a-z\@]/i");
+ }
- /* Check if we are allowed to create or move this object
- */
- if($this->orig_dn == "new" && !$this->acl_is_createable($this->get_sudoers_ou($this->config))){
- $message[] = msgPool::permCreate();
- }
+ /* Check if this entry will cause duplicated ldap entries */
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->get_sudoers_ou($this->config));
+ $ldap->search("(&(objectClass=sudoRole)(cn=".$this->cn."))");
+ while($attrs = $ldap->fetch()){
+ if($attrs['dn'] != $this->dn){
+ $message[] = msgPool::duplicated(_("Name"));
+ }
+ }
+
+ /* Check if we are allowed to create or move this object
+ */
+ if($this->orig_dn == "new" && !$this->acl_is_createable($this->get_sudoers_ou($this->config))){
+ $message[] = msgPool::permCreate();
+ }
- return ($message);
- }
+ return ($message);
+ }
- /*! \brief Force this entry to be handled and saved as 'default'
+ /*! \brief Force this entry to be handled and saved as 'default'
@param BOOL TRUE -force defaults FALSE -normal
- */
- public function set_default($state)
- {
- $this->is_default = TRUE;
- $this->cn = "defaults";
- }
+ */
+ public function set_default($state)
+ {
+ $this->is_default = TRUE;
+ $this->cn = "defaults";
+ }
- /*! \brief Add ACL object
+ /*! \brief Add ACL object
@return Returns the ACL object.
- */
- static function plInfo()
- {
- return (array(
- "plShortName" => _("Sudo"),
- "plDescription" => _("Sudo role"),
- "plSelfModify" => FALSE,
- "plDepends" => array(),
- "plPriority" => 0,
- "plSection" => array("administration"),
- "plCategory" => array("sudo" => array("objectClass" => "sudoRole", "description" => _("Sudo role"))),
-
- "plProvidedAcls" => array(
- "accessTo" => _("System trust"),
- "cn" => _("Name"),
- "description" => _("Description"),
- "sudoUser" => _("Users"),
- "sudoHost" => _("Host"),
- "sudoCommand" => _("Command"),
- "sudoRunAs" => _("Run as user"),
- "trustModel" => _("Access control list"))
- ));
- }
-
-
- /*! \brief This function will be called if an object gets copied.
- This function adapts attributes from the source object.
+ */
+ static function plInfo()
+ {
+ return (array(
+ "plShortName" => _("Sudo"),
+ "plDescription" => _("Sudo role"),
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("administration"),
+ "plCategory" => array("sudo" => array("objectClass" => "sudoRole", "description" => _("Sudo role"))),
+
+ "plProvidedAcls" => array(
+ "accessTo" => _("System trust"),
+ "cn" => _("Name"),
+ "description" => _("Description"),
+ "sudoUser" => _("Users"),
+ "sudoHost" => _("Host"),
+ "sudoCommand" => _("Command"),
+ "sudoRunAs" => _("Run as user"),
+ "trustModel" => _("Access control list"))
+ ));
+ }
+
+
+ /*! \brief This function will be called if an object gets copied.
+ This function adapts attributes from the source object.
@param Array The source object.
- */
- function PrepareForCopyPaste($source)
- {
- plugin::PrepareForCopyPaste($source);
- foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunAs") as $attr){
- $this->$attr = array();
- if(isset($source[$attr])){
- $tmp = array();
- for($i = 0 ; $i < $source[$attr]['count']; $i++){
- $tmp[] = $source[$attr][$i];
- }
- $this->$attr = $tmp;
- }
+ */
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
+ foreach(array("sudoUser","sudoCommand","sudoHost","sudoRunAs") as $attr){
+ $this->$attr = array();
+ if(isset($source[$attr])){
+ $tmp = array();
+ for($i = 0 ; $i < $source[$attr]['count']; $i++){
+ $tmp[] = $source[$attr][$i];
+ }
+ $this->$attr = $tmp;
+ }
+ }
+
+ /* Is this account a trustAccount? */
+ if (isset($source['trustModel'])){
+ $this->trustModel= $source['trustModel'][0];
+ $this->was_trust_account= TRUE;
+ } else {
+ $this->was_trust_account= FALSE;
+ $this->trustModel= "";
+ }
+
+ $this->accessTo = array();
+ if (isset($source['accessTo'])){
+ for ($i= 0; $i<$source['accessTo']['count']; $i++){
+ $tmp= $source['accessTo'][$i];
+ $this->accessTo[$tmp]= $tmp;
+ }
+ }
}
- /* Is this account a trustAccount? */
- if (isset($source['trustModel'])){
- $this->trustModel= $source['trustModel'][0];
- $this->was_trust_account= TRUE;
- } else {
- $this->was_trust_account= FALSE;
- $this->trustModel= "";
+
+ /*! \brief Used for copy & paste.
+ Returns a HTML input mask, which allows to change the cn of this entry.
+ @param Array Array containing current status && a HTML template.
+ */
+ function getCopyDialog()
+ {
+ $vars = array("cn");
+ $smarty = get_smarty();
+ $smarty->assign("cn", htmlentities($this->cn));
+ $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
+ $ret = array();
+ $ret['string'] = $str;
+ $ret['status'] = "";
+ return($ret);
}
- $this->accessTo = array();
- if (isset($source['accessTo'])){
- for ($i= 0; $i<$source['accessTo']['count']; $i++){
- $tmp= $source['accessTo'][$i];
- $this->accessTo[$tmp]= $tmp;
- }
+
+ public function get_cn()
+ {
+ return($this->cn);
}
- }
- /*! \brief Used for copy & paste.
- Returns a HTML input mask, which allows to change the cn of this entry.
- @param Array Array containing current status && a HTML template.
- */
- function getCopyDialog()
- {
- $vars = array("cn");
- $smarty = get_smarty();
- $smarty->assign("cn", htmlentities($this->cn));
- $str = $smarty->fetch(get_template_path("paste_generic.tpl",TRUE));
- $ret = array();
- $ret['string'] = $str;
- $ret['status'] = "";
- return($ret);
- }
-
-
- public function get_cn()
- {
- return($this->cn);
- }
-
-
- /*! \brief Used for copy & paste.
- Some entries must be renamed to avaoid duplicate entries.
- */
- function saveCopyDialog()
- {
- if(isset($_POST['cn'])){
- $this->cn = get_post('cn');
+ /*! \brief Used for copy & paste.
+ Some entries must be renamed to avaoid duplicate entries.
+ */
+ function saveCopyDialog()
+ {
+ if(isset($_POST['cn'])){
+ $this->cn = get_post('cn');
+ }
}
- }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>