![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b97327c)
raw | patch | inline | side by side (parent: b97327c)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 7 Jan 2008 10:26:45 +0000 (10:26 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Mon, 7 Jan 2008 10:26:45 +0000 (10:26 +0000) |
-Fixed read & write of ldap acls.
-Not tested yet
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8232 594d385d-05f5-0310-b6e9-bd551577e9d8
-Not tested yet
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8232 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-core/plugins/admin/groups/class_groupMail.inc | patch | blob | history |
diff --git a/gosa-core/plugins/admin/groups/class_groupMail.inc b/gosa-core/plugins/admin/groups/class_groupMail.inc
index 43baee578b017526dc5c95d05e2c79bd39154a0f..cf8bb77da54914f51dae28397642e764953e0f1c 100644 (file)
}
}
- /* If this ins't new mailgroup, read all required data from ldap
+ /* If this isn't a new mailgroup, read all required data from ldap
*/
if (($dn != "new")&&($dn !== NULL)){
/* Create new instance of our defined mailclass
*/
$method= new $this->method($this->config);
-
if ($method->connect($this->attrs["gosaMailServer"][0])){
-
- /* Maybe the entry is not saved in new style, get
- permissions from IMAP and convert them to acl attributes */
- if (!isset($this->attrs['acl'])){
+ /* If we do NOT use kolab or equal methods,
+ read imap the acls from the mail method class.
+ They will be merged later with the ldap specified acls.
+ */
+ if(!preg_match("/olab/i",$this->mmethod)){
$this->imapacl= $method->getSharedFolderPermissions($this->uid);
/* Need to filter what a member acl could be... */
$peek= $vote[$acl];
}
}
-
}
-
/* Highest count wins as %members%, remove all members
with the same acl */
if(!empty($leader)){
unset($this->imapacl[$user]);
}
}
+ }
- } // ENDE ! isset ($this->attrs['acl'])
-
/* Adapt attributes if needed */
$method->fixAttributesOnLoad($this);
-
+
/* get Quota */
$quota= $method->getQuota($this->uid);
}else{
$this->quotaUsage = "";
$this->gosaMailQuota = "";
-// print_red(sprintf(_("Can't get quota information for '%s'."),$this->uid));
}
$method->disconnect();
} // ENDE $method->connect($this->attrs["gosaMailServer"][0])){
-
} // ENDE gosaMailServer
-
} // ENDE dn != "new"
/* Load permissions */
$tmp = array();
- if(preg_match("/olab/i",$this->mmethod)){
- $ldap = $this->config->get_ldap_link();
+ $ldap = $this->config->get_ldap_link();
- if (isset($this->attrs['acl'])){
+ /* Read acls from ldap and merge them with
+ * acls read from mail method.
+ */
+ if (isset($this->attrs['acl'])){
- for ($i= 0; $i<$this->attrs['acl']['count']; $i++){
- list($user, $permission)= split(' ', $this->attrs['acl'][$i]);
+ for ($i= 0; $i<$this->attrs['acl']['count']; $i++){
+ list($user, $permission)= split(' ', $this->attrs['acl'][$i]);
- /* Add to list */
- $this->imapacl[$user]= $permission;
+ /* Add to list */
+ $this->imapacl[$user]= $permission;
- /* Get all user permissions sorted by acl, to detect the most used acl
- This acl is then used for %members%
- */
- if ($user != "anyone" && $user != "%members%"){
- $tmp[$permission][] = $user;
- }
+ /* Get all user permissions sorted by acl, to detect the most used acl
+ This acl is then used for %members%
+ */
+ if ($user != "anyone" && $user != "%members%"){
+ $tmp[$permission][] = $user;
+ }
- /* There is an entry in $this->imapacl like this this ...
- $this->attrs['imapacl']['anyone'] = "p";
- $this->attrs['imapacl']['%members%'] = "lprs";
- $this->attrs['imapacl'][''] = ""; <------ This is used to diplay an empty
- Field for special acls in our template.
- If there is at least one special acl in out imapacl,
- we don't need this entry anymore, because it is already displayed.
- */
- if ($user != "anyone" && $user != "%members%"){
- unset($this->imapacl['']);
- }
+ /* There is an entry in $this->imapacl like this this ...
+ $this->attrs['imapacl']['anyone'] = "p";
+ $this->attrs['imapacl']['%members%'] = "lprs";
+ $this->attrs['imapacl'][''] = ""; <------ This is used to diplay an empty
+ Field for special acls in our template.
+ If there is at least one special acl in out imapacl,
+ we don't need this entry anymore, because it is already displayed.
+ */
+ if ($user != "anyone" && $user != "%members%"){
+ unset($this->imapacl['']);
}
}
+ }
- /* In this section we dectect which acl is tho most used
- This will be used as %members% acl
- */
- $tmp2 = array();
- foreach($tmp as $acl => $user){
- $tmp2[count($tmp[$acl])]=$acl;
- }
- /* Most used at last
- */
- ksort($tmp2);
-
- /* Assign last (most used acl) to %members% acl
- */
- $str = array_pop($tmp2);
- if(!empty($str)) {
- $this->imapacl['%members%']=$str;
- }
+ /**
+ * Detect group members which use the same acl
+ * as used for %members% and remove them.
+ **/
- /* Open ldap connection
- */
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
-
- /* Remove those users, that use %members% acl && are member of this group. */
- foreach($this->imapacl as $mail => $permission){
- $ldap->search("(&(objectClass=person)(mail=".$mail."))",array("uid"));
- $atr = $ldap->fetch();
- if((isset($this->attrs['memberUid'])) && (is_array($this->attrs['memberUid']))){
- if((isset($atr['uid'][0]))&&(in_array($atr['uid'][0],$this->attrs['memberUid']))&&($permission == $this->imapacl['%members%'])){
- unset($this->imapacl[$mail]);
- }
- }
- }
- /* Append an empty entry, for special acl handling */
- if(count($this->imapacl)==2){
- $this->imapacl[''] ="";
- }
-
- }else{ // Not kolab
- /* Load permissions */
- if (isset($this->attrs['acl'])){
- for ($i= 0; $i<$this->attrs['acl']['count']; $i++){
- list($user, $permission)= split(' ', $this->attrs['acl'][$i]);
- $this->imapacl[$user]= $permission;
- if ($user != "anyone" && $user != "%members%"){
- unset($this->imapacl['']);
- }
+ /* In this section we detect which acl is the most used.
+ This will be used as %members% acl.
+ */
+ $tmp2 = array();
+ foreach($tmp as $acl => $user){
+ $tmp2[count($tmp[$acl])]=$acl;
+ }
+ /* Most used at last
+ */
+ ksort($tmp2);
+
+ /* Assign last (most used acl) to %members% acl
+ */
+ $str = array_pop($tmp2);
+ if(!empty($str)) {
+ $this->imapacl['%members%']=$str;
+ }
+ if(!isset($this->imapacl['%members%'])){
+ $this->imapacl['%members%'] = "lrspw";
+ }
+
+
+ /* Open ldap connection
+ */
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+
+ /* Remove those users, that use %members% acl && are member of this group. */
+ foreach($this->imapacl as $mail => $permission){
+ $ldap->search("(&(objectClass=person)(|(mail=".$mail.")(uid=".$mail.")))",array("uid"));
+ $atr = $ldap->fetch();
+ if((isset($this->attrs['memberUid'])) && (is_array($this->attrs['memberUid']))){
+ if((isset($atr['uid'][0]))&&(in_array($atr['uid'][0],$this->attrs['memberUid']))&&($permission == $this->imapacl['%members%'])){
+ unset($this->imapacl[$mail]);
}
}
}
- /* Load Mailserver
+ /**
+ * ENDE: Detect group member with same acl and replace them with %members%
+ **/
+ $this->indexed_user = array("%members%","anyone");
+
+ /* Append an empty entry, for special acl handling */
+ if(count($this->imapacl)==2){
+ $this->imapacl[''] ="lrsw";
+ $this->indexed_user[] = '';
+ }
+
+ /* Load Mailserver
*/
if(isset($this->attrs['gosaMailServer'][0])){
$this->gosaMailServer = $this->attrs['gosaMailServer'][0];
}
/* Fill translations */
$this->perms["lrsw"]= _("read");
- $this->perms["lrspw"]= _("post");
+ $this->perms["lrswp"]= _("post");
$this->perms["p"]= _("external post");
- $this->perms["lrsipw"]= _("append");
+ $this->perms["lrswip"]= _("append");
$this->perms["lrswipcd"]= _("write");
$this->perms["lrswipcda"]= _("admin");
$this->perms[""]= _("none");
}
+
+
function execute()
{
/* Call parent execute */
}
-
/* Save data to LDAP, depending on is_account we save or delete */
function save()
{
$this->attrs['gosaMailAlternateAddress'] = $this->gosaMailAlternateAddress;
$this->attrs['gosaMailForwardingAddress'] = $this->gosaMailForwardingAddress;
$this->attrs['gosaSharedFolderTarget'] = "share+".$this->uid;
+ $this->attrs['acl']= array();
- /* Only do IMAP actions if we are not a template */
+ /* Prepare Mail server attribute */
if(preg_match("/olab/i",$this->mmethod)){
if (empty($this->gosaMailServer)||is_array($this->gosaMailServer)){
if(isset($this->attrs['gosaMailServer'][0])){
}
}
}
-
- /* Exchange '%member%' pseudo entry */
+ /* Exchange '%member%' pseudo entry */
$memberacl= $this->imapacl['%members%'];
-
foreach ($this->members as $user){
if (!isset($this->imapacl[$user])){
$this->imapacl[$user]= $memberacl;
}
}
-
- if(preg_match("/olab/i",$this->mmethod)){
- /* Save acl's */
- $this->attrs['acl']= array();
- foreach ($this->imapacl as $user => $acl){
- if ($user == "" || preg_match("/%members%/",$user)){
- continue;
- }
- $ldap->search("(&(objectClass=person)(|(uid=".$user.")(mail=".$user.")))",array("mail"));
- $mail = $ldap->fetch();
- if(isset($mail['mail'][0])){
- $sacl = $mail['mail'][0]." ".$acl;
- }else{
- $sacl= "$user $acl";
- }
- if(!in_array($sacl,$this->attrs['acl'])){
- $this->attrs['acl'][]= $sacl;
- }
- }
-
- if(!empty($this->kolabFolderType_Type)){
+ /* Prepare kolab attributes to be written */
+ if(preg_match("/olab/i",$this->mmethod)){
+ if(!empty($this->kolabFolderType_Type)){
$this->attrs['kolabFolderType'] = $this->kolabFolderType_Type.".".$this->kolabFolderType_SubType;
}else{
$this->attrs['kolabFolderType'] = array();
}
- }else{
+ }
- /* Save acl's */
- $this->attrs['acl']= array();
- foreach ($this->imapacl as $user => $acl){
- if ($user == "" || preg_match("/%members%/",$user)){
- continue;
+ /* Get naming attribute for mail accounts */
+ $tmp = new $this->method($this->config);
+ $uattrib = $tmp->uattrib;
+
+ /* Create ACL array
+ What is done here.
+
+ 1. Do not write acl entries for empty entries.
+ 2. Check if given user is a valid GOsa user.
+ - If he is one, check if he has a valid mail extension
+ -If this is true, add the user to the ACL entry.
+ -If this is NOT true, skip ACL entries for this user.
+ - He is not a GOsa Account, so write the ACL. (Manually entered ACL)
+ 3. In case of "olab" mail method, remove the entry from the $this->imapacl array
+ because the kolab deamon will set the acls for us.
+
+ */
+ foreach ($this->imapacl as $user => $acl){
+
+ /* Skip empty entries */
+ if (empty($user) || $user == ""){
+ unset($this->imapacl[$user]);
+ }
+
+ /* Skip placeholder */
+ if (empty($user) || $user == "" || preg_match("/%members%/",$user)){
+ continue;
+ }
+
+ /* Check if your is a real GOsa user
+ * If user is a real GOsa user but do not have an email address - SKIP adding acls
+ * If user is a real GOsa user with an email address - add acls
+ */
+ $ldap->search("(&(objectClass=person)(|(uid=".$user.")(mail=".$user.")))",array("mail","uid"));
+ if($ldap->count()){
+
+ /* Has the user a valid mail account? */
+ $attrs = $ldap->fetch();
+ if(isset($attrs['mail'][0])){
+
+ $name = $attrs[$uattrib][0];
+ $this->attrs['acl'][]= $name." ".$acl;
+
+ /* Do not write imap acl directly i nkolab mode, let the kolab deamon do this. */
+ unset($this->imapacl[$user]);
+ if(!preg_match("/olab/i",$this->mmethod)){
+ $this->imapacl[$name] = $acl;
+ }
+
+ }else{
+
+ /* User is a valid GOsa account, but he has no mail extension. Skip ACLs */
+ unset($this->imapacl[$user]);
+ }
+ }else{
+
+ /* Seems to be a manually a added acl
+ * Write this acl.
+ */
+ $this->attrs['acl'][]= $user." ".$acl;
+
+ /* In case of kolab methods, let the deamon add the imap acls */
+ if(preg_match("/olab/i",$this->mmethod)){
+ unset($this->imapacl[$user]);
}
- $this->attrs['acl'][]= "$user $acl";
}
}
+ /* Handle mail method actions, set acls, quota ...*/
if ((!$this->is_template)&&(!empty($this->gosaMailServer))){
$method= new $this->method($this->config);
$method->fixAttributesOnStore($this);
if (($method->connect($this->gosaMailServer))){
$method->updateMailbox($this->uid);
$method->setQuota($this->uid, $this->gosaMailQuota);
- $method->setSharedFolderPermissions($this->uid, $this->imapacl);
+
+ /* Only write imap acls directly if we are not
+ * using a kolab like mail method.
+ */
+ if(!preg_match("/olab/i",$this->mmethod)){
+ $method->setSharedFolderPermissions($this->uid, $this->imapacl);
+ }
$method->disconnect();
}
}
}
}
+
+
/* Check formular input */
function check()
{