![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a04db48)
raw | patch | inline | side by side (parent: a04db48)
| author | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 12 Jul 2006 12:08:37 +0000 (12:08 +0000) | ||
| committer | cajus <cajus@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Wed, 12 Jul 2006 12:08:37 +0000 (12:08 +0000) |
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4128 594d385d-05f5-0310-b6e9-bd551577e9d8
| html/main.php | patch | blob | history | |
| include/class_acl.inc | patch | blob | history | |
| include/class_userinfo.inc | patch | blob | history | |
| include/functions.inc | patch | blob | history |
diff --git a/html/main.php b/html/main.php
index b2c94f405e5e3f4630af50500281447a7db3cc08..365763c9c3f639bdf34df1a41fc8ac4bdc443879 100644 (file)
--- a/html/main.php
+++ b/html/main.php
$_SESSION['plist']= $plist;
$_SESSION['config']= $config;
-
/* Echo compilation time * /
$r = split(" ",$start);
$ms = $r[0];
diff --git a/include/class_acl.inc b/include/class_acl.inc
index 15aa1f8f6bca5ee8c673dd5e77252f1845aedda1..e5b604bc438f1a608e66ed7872c2ea5f941d808e 100644 (file)
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
"one" => _("One level"),
"base" => _("Current object"),
"sub" => _("Complete subtree"),
- "psub" => _("Complete subtree (permanent)"),
- "role" => _("Use ACL defined in role"));
+ "psub" => _("Complete subtree (permanent)"));
+ //"role" => _("Use ACL defined in role"));
} else {
$this->aclTypes= array("base" => _("Current object"),
"role" => _("Use ACL defined in role"));
index f110833ca2c6c88a171f70514399cc91d7ccb078..d7c1fec4b15d5f28ee4f59662e7094d5f40ec070 100644 (file)
function loadACL()
{
+
+#--------------------------------------------------------------------------OLD-BUT-ACTIVE-----------------------------
$ldap= $this->config->get_ldap_link();
/* Load ACL's from all groups we're in */
$this->subtreeACL[$base][]= $attrs["gosaSubtreeACL"][$i];
}
}
-
#echo "NEW ACL LOADING --------------------------------------------------------------------------------------------<br>";
+
$this->ACL= array();
$this->groups= array();
$ldap= $this->config->get_ldap_link();
}
- function get_permissions($dn, $object= "", $attribute= "")
+ function get_permissions($dn, $object, $attribute)
+ {
+ $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "");
+
+ /* Build dn array */
+ $path= split(',', $dn);
+ $path= array_reverse($path);
+
+ /* Walk along the path to evaluate the acl */
+ $cpath= "";
+ foreach ($path as $element){
+
+ /* Clean potential ACLs for each level */
+ $acl= $this->cleanACL($acl);
+
+ if ($cpath == ""){
+ $cpath= $element;
+ } else {
+ $cpath= $element.','.$cpath;
+ }
+ if (isset($this->ACL[$cpath])){
+
+ /* Inspect this ACL, place the result into ACL */
+ foreach ($this->ACL[$cpath] as $subacl){
+
+ /* Reset? Just clean the ACL and turn over to the next one... */
+ if ($subacl['type'] == 'reset'){
+ $acl= $this->cleanACL($acl, TRUE);
+ continue;
+ }
+
+ /* Per attribute ACL? */
+ if (isset($subacl['acl'][$object][$attribute])){
+ $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attribute]);
+ continue;
+ }
+
+ /* Per object ACL? */
+ if (isset($subacl['acl'][$object][0])){
+ $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][0]));
+ continue;
+ }
+
+ /* Global ACL? */
+ if (isset($subacl['acl'][0])){
+ $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0]));
+ continue;
+ }
+
+ }
+
+ }
+ }
+
+ /* Assemble string */
+ $ret= "";
+ foreach ($acl as $key => $value){
+ if ($value != ""){
+ $ret.= $key;
+ }
+ }
+
+ return ($ret);
+ }
+
+
+ function get_module_departments($module)
+ {
+ global $plist;
+
+ $objects= array();
+ $deps= array();
+
+ /* Extract all relevant objects for this module from plist */
+ foreach ($plist->info as $object => $info){
+ if (isset($info['plDepends']['objectClass']) && $info['plDepends']['objectClass'] == $module){
+ $objects[$object]= $object;
+ }
+ }
+
+ /* Get all gosaDepartments */
+ $ldap= $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search('objectClass=gosaDepartment', array('dn'));
+ while ($attrs= $ldap->fetch()){
+ $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "");
+
+ /* Build dn array */
+ $path= split(',', $attrs['dn']);
+ $path= array_reverse($path);
+
+ /* Walk along the path to evaluate the acl */
+ $cpath= "";
+ foreach ($path as $element){
+
+ /* Clean potential ACLs for each level */
+ $acl= $this->cleanACL($acl);
+
+ if ($cpath == ""){
+ $cpath= $element;
+ } else {
+ $cpath= $element.','.$cpath;
+ }
+ if (isset($this->ACL[$cpath])){
+
+ /* Inspect this ACL, place the result into ACL */
+ foreach ($this->ACL[$cpath] as $subacl){
+
+ /* Reset? Just clean the ACL and turn over to the next one... */
+ if ($subacl['type'] == 'reset'){
+ $acl= $this->cleanACL($acl, TRUE);
+ continue;
+ }
+
+ /* Per object ACL? */
+ foreach ($objects as $object){
+ if (isset($subacl['acl'][$object])){
+ foreach($subacl['acl'][$object] as $attribute => $dcl){
+ if (isset($subacl['acl'][$object][$attribute])){
+ $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][$object][$attribute]));
+ }
+ }
+ }
+ }
+
+ /* Global ACL? */
+ if (isset($subacl['acl'][0])){
+ $acl= $this->mergeACL($acl, $subacl['type'], preg_replace('/[cdm]/', '', $subacl['acl'][0]));
+ continue;
+ }
+ }
+ }
+ }
+
+ /* Add department, if we have (some) permissions for the requred module */
+ foreach ($acl as $val){
+ if ($val != ""){
+ $deps[]= $attrs['dn'];
+ break;
+ }
+ }
+ }
+
+ return ($deps);
+ }
+
+
+ function mergeACL($acl, $type, $newACL)
{
- echo "Evaluating permissions for $dn, object $object/$attribute<br>";
+ foreach(str_split($newACL) as $char){
+
+ /* Ignore invalid characters */
+ if (!preg_match('/[rwcdm]/', $char)){
+ continue;
+ }
+
+ /* Skip permanent and subtree entries */
+ if (preg_match('/[sp]/', $acl[$char])){
+ continue;
+ }
+
+ switch ($type){
+ case 'psub':
+ $acl[$char]= 'p';
+ break;
+
+ case 'sub':
+ $acl[$char]= 's';
+ break;
+
+ case 'one':
+ $acl[$char]= 1;
+ break;
+
+ case 'base':
+ if ($acl[$char] != 1){
+ $acl[$char]= 0;
+ }
+ break;
+ }
+ }
+
+ return ($acl);
+ }
+
+
+ function cleanACL($acl, $reset= FALSE)
+ {
+ foreach ($acl as $key => $value){
+
+ /* Reset removes everything but 'p' */
+ if ($reset && $value != 'p'){
+ $acl[$key]= "";
+ continue;
+ }
+
+ /* Decrease tree level */
+ if (preg_match('/^[0-9]+$/', $value)){
+ if ($value > 0){
+ $acl[$key]= $value - 1;
+ } else {
+ $acl[$key]= "";
+ }
+ }
+ }
+
+ return ($acl);
}
}
diff --git a/include/functions.inc b/include/functions.inc
index a4e7b952b0236107faaf1b1f6dd187285e0eefa5..899aadb8dbe0c19d33313e32b7c524ceb99cd48b 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
require_once ("class_config.inc");
require_once ("class_plugin.inc");
require_once ("class_acl.inc");
-require_once ("class_userinfo.inc");
require_once ("class_pluglist.inc");
+require_once ("class_userinfo.inc");
require_once ("class_tabs.inc");
require_once ("class_mail-methods.inc");
require_once ("class_password-methods.inc");