![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 279398e)
raw | patch | inline | side by side (parent: 279398e)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Thu, 29 Jul 2010 13:19:37 +0000 (13:19 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Thu, 29 Jul 2010 13:19:37 +0000 (13:19 +0000) |
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@19240 594d385d-05f5-0310-b6e9-bd551577e9d8
| gosa-core/include/class_acl.inc | patch | blob | history |
index 82cbdff1827918929fcf711281282e1d8af26c33..49f9853e4e9727a5b7cd2518b4f1dd890b90c713 100644 (file)
/*! \brief ACL management plugin */
class acl extends plugin
{
- /* Definitions */
- var $plHeadline= "Access control";
- var $plDescription= "Manage access control lists";
-
- /* attribute list for save action */
- var $attributes= array('gosaAclEntry');
- var $objectclasses= array('gosaAcl');
-
- /* Helpers */
- var $dialogState= "head";
- var $gosaAclEntry= array();
- var $aclType= "";
- var $aclObject= "";
- var $aclContents= array();
- var $target= "group";
- var $aclTypes= array();
- var $aclObjects= array();
- var $aclFilter= "";
- var $aclMyObjects= array();
- var $users= array();
- var $roles= array();
- var $groups= array();
- var $recipients= array();
- var $isContainer= FALSE;
- var $currentIndex= 0;
- var $wasNewEntry= FALSE;
- var $ocMapping= array();
- var $savedAclContents= array();
- var $myAclObjects = array();
- var $acl_category = "acl/";
-
- var $list =NULL;
-
- var $sectionList = NULL;
- var $roleList = NULL;
-
- function acl (&$config, $parent, $dn= NULL)
- {
- /* Include config object */
- plugin::plugin($config, $dn);
-
- /* Load ACL's */
- $this->gosaAclEntry= array();
- if (isset($this->attrs['gosaAclEntry'])){
- for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
- $acl= $this->attrs['gosaAclEntry'][$i];
- $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
- }
- }
- ksort($this->gosaAclEntry);
+ /* Definitions */
+ var $plHeadline= "Access control";
+ var $plDescription= "Manage access control lists";
+
+ /* attribute list for save action */
+ var $attributes= array('gosaAclEntry');
+ var $objectclasses= array('gosaAcl');
+
+ /* Helpers */
+ var $dialogState= "head";
+ var $gosaAclEntry= array();
+ var $aclType= "";
+ var $aclObject= "";
+ var $aclContents= array();
+ var $target= "group";
+ var $aclTypes= array();
+ var $aclObjects= array();
+ var $aclFilter= "";
+ var $aclMyObjects= array();
+ var $users= array();
+ var $roles= array();
+ var $groups= array();
+ var $recipients= array();
+ var $isContainer= FALSE;
+ var $currentIndex= 0;
+ var $wasNewEntry= FALSE;
+ var $ocMapping= array();
+ var $savedAclContents= array();
+ var $myAclObjects = array();
+ var $acl_category = "acl/";
+
+ var $list =NULL;
+
+ var $sectionList = NULL;
+ var $roleList = NULL;
+
+ function acl (&$config, $parent, $dn= NULL)
+ {
+ /* Include config object */
+ plugin::plugin($config, $dn);
+
+ /* Load ACL's */
+ $this->gosaAclEntry= array();
+ if (isset($this->attrs['gosaAclEntry'])){
+ for ($i= 0; $i<$this->attrs['gosaAclEntry']['count']; $i++){
+ $acl= $this->attrs['gosaAclEntry'][$i];
+ $this->gosaAclEntry= array_merge($this->gosaAclEntry, acl::explodeACL($acl));
+ }
+ }
+ ksort($this->gosaAclEntry);
- /* Save parent - we've to know more about it than other plugins... */
- $this->parent= &$parent;
+ /* Save parent - we've to know more about it than other plugins... */
+ $this->parent= &$parent;
- /* Container? */
- if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
- $this->isContainer= TRUE;
- }
-
- /* Users */
- $ui= get_userinfo();
- $tag= $ui->gosaUnitTag;
- $ldap= $config->get_ldap_link();
- $ldap->cd($config->current['BASE']);
- if ($tag == ""){
- $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
- } else {
- $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
- }
- while ($attrs= $ldap->fetch()){
+ /* Container? */
+ if (preg_match('/^(o|ou|c|l|dc)=/i', $dn)){
+ $this->isContainer= TRUE;
+ }
- // Allow objects without cn to be listed without causing an error.
- if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
- $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
- }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
- $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
- }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
- $this->users['U:'.$attrs['dn']]= $attrs['dn'];
- }else{
- $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
- }
+ /* Users */
+ $ui= get_userinfo();
+ $tag= $ui->gosaUnitTag;
+ $ldap= $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
+ if ($tag == ""){
+ $ldap->search('(objectClass=gosaAccount)', array('uid', 'cn'));
+ } else {
+ $ldap->search('(&(objectClass=gosaAccount)(gosaUnitTag='.$tag.'))', array('uid', 'cn'));
+ }
+ while ($attrs= $ldap->fetch()){
+
+ // Allow objects without cn to be listed without causing an error.
+ if(!isset($attrs['cn'][0]) && isset($attrs['uid'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['uid'][0];
+ }elseif(!isset($attrs['uid'][0]) && isset($attrs['cn'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['cn'][0];
+ }elseif(!isset($attrs['uid'][0]) && !isset($attrs['cn'][0])){
+ $this->users['U:'.$attrs['dn']]= $attrs['dn'];
+ }else{
+ $this->users['U:'.$attrs['dn']]= $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+ }
- }
- ksort($this->users);
+ }
+ ksort($this->users);
- /* Groups */
- $ldap->cd($config->current['BASE']);
+ /* Groups */
+ $ldap->cd($config->current['BASE']);
# if ($tag == ""){
- $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
+ $ldap->search('(objectClass=posixGroup)', array('cn', 'description'));
# } else {
# $ldap->search('(&(objectClass=posixGroup)(gosaUnitTag='.$tag.'))', array('cn', 'description'));
# }
while ($attrs= $ldap->fetch()){
- $dsc= "";
- if (isset($attrs['description'][0])){
- $dsc= $attrs['description'][0];
- }
- $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
+ $dsc= "";
+ if (isset($attrs['description'][0])){
+ $dsc= $attrs['description'][0];
+ }
+ $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
}
$this->groups['G:*']= _("All users");
ksort($this->groups);
/* Roles */
$ldap->cd($config->current['BASE']);
# if ($tag == ""){
- $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
+ $ldap->search('(objectClass=gosaRole)', array('cn', 'description','gosaAclTemplate','dn'));
# } else {
# $ldap->search('(&(objectClass=gosaRole)(gosaUnitTag='.$tag.'))', array('cn', 'description','gosaAclTemplate','dn'));
# }
while ($attrs= $ldap->fetch()){
- $dsc= "";
- if (isset($attrs['description'][0])){
- $dsc= $attrs['description'][0];
- }
-
- $role_id = $attrs['dn'];
-
- $this->roles[$role_id]['acls'] =array();
- for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
- $acl= $attrs['gosaAclTemplate'][$i];
- $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
- }
- $this->roles[$role_id]['description'] = $dsc;
- $this->roles[$role_id]['cn'] = $attrs['cn'][0];
+ $dsc= "";
+ if (isset($attrs['description'][0])){
+ $dsc= $attrs['description'][0];
+ }
+
+ $role_id = $attrs['dn'];
+
+ $this->roles[$role_id]['acls'] =array();
+ for ($i= 0; $i < $attrs['gosaAclTemplate']['count']; $i++){
+ $acl= $attrs['gosaAclTemplate'][$i];
+ $this->roles[$role_id]['acls'] = array_merge($this->roles[$role_id]['acls'],acl::explodeACL($acl));
+ }
+ $this->roles[$role_id]['description'] = $dsc;
+ $this->roles[$role_id]['cn'] = $attrs['cn'][0];
}
/* Objects */
$plist= $tmp->info;
$cats = array();
if (isset($this->parent) && $this->parent !== NULL){
- $oc= array();
- foreach ($this->parent->by_object as $key => $obj){
- $oc= array_merge($oc, $obj->objectclasses);
- if(isset($obj->acl_category)){
- $tmp= str_replace("/","",$obj->acl_category);
- $cats[$tmp] = $tmp;
+ $oc= array();
+ foreach ($this->parent->by_object as $key => $obj){
+ $oc= array_merge($oc, $obj->objectclasses);
+ if(isset($obj->acl_category)){
+ $tmp= str_replace("/","",$obj->acl_category);
+ $cats[$tmp] = $tmp;
+ }
+ }
+ if (in_array_ics('organizationalUnit', $oc)){
+ $this->isContainer= TRUE;
}
- }
- if (in_array_ics('organizationalUnit', $oc)){
- $this->isContainer= TRUE;
- }
} else {
- $oc= $this->attrs['objectClass'];
+ $oc= $this->attrs['objectClass'];
}
/* Extract available categories from plugin info list */
foreach ($plist as $class => $acls){
- /* Only feed categories */
- if (isset($acls['plCategory'])){
+ /* Only feed categories */
+ if (isset($acls['plCategory'])){
- /* Walk through supplied list and feed only translated categories */
- foreach($acls['plCategory'] as $idx => $data){
+ /* Walk through supplied list and feed only translated categories */
+ foreach($acls['plCategory'] as $idx => $data){
- /* Non numeric index means -> base object containing more informations */
- if (preg_match('/^[0-9]+$/', $idx)){
+ /* Non numeric index means -> base object containing more informations */
+ if (preg_match('/^[0-9]+$/', $idx)){
- if (!isset($this->ocMapping[$data])){
- $this->ocMapping[$data]= array();
- $this->ocMapping[$data][]= '0';
- }
+ if (!isset($this->ocMapping[$data])){
+ $this->ocMapping[$data]= array();
+ $this->ocMapping[$data][]= '0';
+ }
- if(isset($cats[$data])){
- $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
- }
- $this->ocMapping[$data][]= $class;
- } else {
- if (!isset($this->ocMapping[$idx])){
- $this->ocMapping[$idx]= array();
- $this->ocMapping[$idx][]= '0';
- }
- $this->ocMapping[$idx][]= $class;
- $this->aclObjects[$idx]= $data['description'];
-
- /* Additionally filter the classes we're interested in in "self edit" mode */
- if(!isset($data['objectClass'])) continue;
- if (is_array($data['objectClass'])){
- foreach($data['objectClass'] as $objectClass){
- if (in_array_ics($objectClass, $oc)){
- $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
- break;
+ if(isset($cats[$data])){
+ $this->myAclObjects[$data.'/'.$class]= $acls['plDescription'];
+ }
+ $this->ocMapping[$data][]= $class;
+ } else {
+ if (!isset($this->ocMapping[$idx])){
+ $this->ocMapping[$idx]= array();
+ $this->ocMapping[$idx][]= '0';
+ }
+ $this->ocMapping[$idx][]= $class;
+ $this->aclObjects[$idx]= $data['description'];
+
+ /* Additionally filter the classes we're interested in in "self edit" mode */
+ if(!isset($data['objectClass'])) continue;
+ if (is_array($data['objectClass'])){
+ foreach($data['objectClass'] as $objectClass){
+ if (in_array_ics($objectClass, $oc)){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ break;
+ }
+ }
+ } else {
+ if (in_array_ics($data['objectClass'], $oc)){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ }
+ }
}
- }
- } else {
- if (in_array_ics($data['objectClass'], $oc)){
- $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
- }
- }
- }
+ }
}
- }
}
/* Sort categories */
/* Fill acl types */
if ($this->isContainer){
- $this->aclTypes= array("reset" => _("Reset ACLs"),
- "one" => _("One level"),
- "base" => _("Current object"),
- "sub" => _("Complete subtree"),
- "psub" => _("Complete subtree (permanent)"),
- "role" => _("Use ACL defined in role"));
+ $this->aclTypes= array("reset" => _("Reset ACLs"),
+ "one" => _("One level"),
+ "base" => _("Current object"),
+ "sub" => _("Complete subtree"),
+ "psub" => _("Complete subtree (permanent)"),
+ "role" => _("Use ACL defined in role"));
} else {
- $this->aclTypes= array("base" => _("Current object"),
- "role" => _("Use ACL defined in role"));
+ $this->aclTypes= array("base" => _("Current object"),
+ "role" => _("Use ACL defined in role"));
}
asort($this->aclTypes);
$this->targets= array("user" => _("Users"), "group" => _("Groups"));
$this->roleList->setHeader(array(_("Used"),_("Name"),_("Description")));
$this->roleList->setDefaultSortColumn(1);
$this->roleList->setAcl('rwcdm'); // All ACLs, we filter on our own here.
- }
-
-
- function updateList()
- {
- if(!$this->list){
- $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
- $this->list->setDeleteable(true);
- $this->list->setEditable(true);
- $this->list->setColspecs(array('*'));
- $this->list->setWidth("100%");
- $this->list->setHeight("400px");
- $this->list->setAcl("rwcdm");
- $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
- }
-
-
- // Add ACL entries to the listing
- $lData = array();
- foreach($this->gosaAclEntry as $id => $entry){
- $lData[] = $this->convertForListing($entry);
- }
- $this->list->setListData($this->gosaAclEntry, $lData);
- }
-
-
- function convertForListing($entry)
- {
- $member = implode($entry['members'],", ");
- if(isset($entry['acl']) && is_array($entry['acl'])){
- $acl = implode(array_keys($entry['acl']),", ");
- }else{
- $acl="";
}
- return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
- }
-
- function execute()
- {
- /* Call parent execute */
- plugin::execute();
+ function updateList()
+ {
+ if(!$this->list){
+ $this->list = new sortableListing($this->gosaAclEntry,array(),TRUE);
+ $this->list->setDeleteable(true);
+ $this->list->setEditable(true);
+ $this->list->setColspecs(array('*'));
+ $this->list->setWidth("100%");
+ $this->list->setHeight("400px");
+ $this->list->setAcl("rwcdm");
+ $this->list->setHeader(array(_("Member"),_("Permissions"),_("Type")));
+ }
- $tmp= session::global_get('plist');
- $plist= $tmp->info;
- /* Handle posts */
- if (isset($_POST['new_acl'])){
- $this->dialogState= 'create';
- $this->dialog= TRUE;
- $this->currentIndex= count($this->gosaAclEntry);
- $this->loadAclEntry(TRUE);
+ // Add ACL entries to the listing
+ $lData = array();
+ foreach($this->gosaAclEntry as $id => $entry){
+ $lData[] = $this->convertForListing($entry);
+ }
+ $this->list->setListData($this->gosaAclEntry, $lData);
}
- $new_acl= array();
- $aclDialog= FALSE;
- $firstedit= FALSE;
-
- // Get listing actions. Delete or Edit.
- $this->list->save_object();
- $lAction = $this->list->getAction();
- $this->gosaAclEntry = array_values($this->list->getMaintainedData());
-
- /* Act on HTML post and gets here.
- */
- if($lAction['action'] == "edit"){
- $this->currentIndex = $this->list->getKey($lAction['targets'][0]);
- $this->dialogState= 'create';
- $firstedit= TRUE;
- $this->dialog= TRUE;
- $this->loadAclEntry();
+
+ function convertForListing($entry)
+ {
+ $member = implode($entry['members'],", ");
+ if(isset($entry['acl']) && is_array($entry['acl'])){
+ $acl = implode(array_keys($entry['acl']),", ");
+ }else{
+ $acl="";
+ }
+ return(array('data' => array($member, $acl, $this->aclTypes[$entry['type']])));
}
- foreach($_POST as $name => $post){
-
- /* Actions... */
- if (preg_match('/^acl_edit_[0-9]*$/', $name)){
- $this->dialogState= 'create';
- $firstedit= TRUE;
- $this->dialog= TRUE;
- $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
- $this->loadAclEntry();
- continue;
- }
-
- if (preg_match('/^cat_edit_.*$/', $name)){
- $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
- $this->dialogState= 'edit';
- foreach ($this->ocMapping[$this->aclObject] as $oc){
- if (isset($this->aclContents[$oc])){
- $this->savedAclContents[$oc]= $this->aclContents[$oc];
- }
+
+
+ function execute()
+ {
+ /* Call parent execute */
+ plugin::execute();
+
+ $tmp= session::global_get('plist');
+ $plist= $tmp->info;
+
+ /* Handle posts */
+ if (isset($_POST['new_acl'])){
+ $this->dialogState= 'create';
+ $this->dialog= TRUE;
+ $this->currentIndex= count($this->gosaAclEntry);
+ $this->loadAclEntry(TRUE);
}
- continue;
- }
-
- /* Only handle posts, if we allowed to modify ACLs */
- if(!$this->acl_is_writeable("")){
- continue;
- }
-
- if (preg_match('/^acl_del_[0-9]*$/', $name)){
- unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
- continue;
- }
-
- if (preg_match('/^cat_del_.*$/', $name)){
- $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
- foreach ($this->ocMapping[$idx] as $key){
- if(isset($this->aclContents[$idx]))
- unset($this->aclContents[$idx]);
- if(isset($this->aclContents["$idx/$key"]))
- unset($this->aclContents["$idx/$key"]);
+
+ $new_acl= array();
+ $aclDialog= FALSE;
+ $firstedit= FALSE;
+
+ // Get listing actions. Delete or Edit.
+ $this->list->save_object();
+ $lAction = $this->list->getAction();
+ $this->gosaAclEntry = array_values($this->list->getMaintainedData());
+
+ /* Act on HTML post and gets here.
+ */
+ if($lAction['action'] == "edit"){
+ $this->currentIndex = $this->list->getKey($lAction['targets'][0]);
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->loadAclEntry();
}
- continue;
- }
- /* ACL saving... */
- if (preg_match('/^acl_.*_[^xy]$/', $name)){
- list($dummy, $object, $attribute, $value)= explode('_', $name);
+ foreach($_POST as $name => $post){
- /* Skip for detection entry */
- if ($object == 'dummy') {
- continue;
- }
+ $post =get_post($name);
- /* Ordinary ACLs */
- if (!isset($new_acl[$object])){
- $new_acl[$object]= array();
+ /* Actions... */
+ if (preg_match('/^acl_edit_[0-9]*$/', $name)){
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
+ $this->loadAclEntry();
+ continue;
+ }
+
+ if (preg_match('/^cat_edit_.*$/', $name)){
+ $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
+ $this->dialogState= 'edit';
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ if (isset($this->aclContents[$oc])){
+ $this->savedAclContents[$oc]= $this->aclContents[$oc];
+ }
+ }
+ continue;
+ }
+
+ /* Only handle posts, if we allowed to modify ACLs */
+ if(!$this->acl_is_writeable("")){
+ continue;
+ }
+
+ if (preg_match('/^acl_del_[0-9]*$/', $name)){
+ unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
+ continue;
+ }
+
+ if (preg_match('/^cat_del_.*$/', $name)){
+ $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
+ foreach ($this->ocMapping[$idx] as $key){
+ if(isset($this->aclContents[$idx]))
+ unset($this->aclContents[$idx]);
+ if(isset($this->aclContents["$idx/$key"]))
+ unset($this->aclContents["$idx/$key"]);
+ }
+ continue;
+ }
+
+ /* ACL saving... */
+ if (preg_match('/^acl_.*_[^xy]$/', $name)){
+ list($dummy, $object, $attribute, $value)= explode('_', $name);
+
+ /* Skip for detection entry */
+ if ($object == 'dummy') {
+ continue;
+ }
+
+ /* Ordinary ACLs */
+ if (!isset($new_acl[$object])){
+ $new_acl[$object]= array();
+ }
+ if (isset($new_acl[$object][$attribute])){
+ $new_acl[$object][$attribute].= $value;
+ } else {
+ $new_acl[$object][$attribute]= $value;
+ }
+ }
+
+ // Remember the selected ACL role.
+ if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
+ $this->aclContents = "";
+ $this->aclContents = base64_decode(get_post('selected_role'));
+ }else{
+ if(is_string($this->aclContents))
+ $this->aclContents = array();
+ }
}
- if (isset($new_acl[$object][$attribute])){
- $new_acl[$object][$attribute].= $value;
- } else {
- $new_acl[$object][$attribute]= $value;
+
+ if(isset($_POST['acl_dummy_0_0_0'])){
+ $aclDialog= TRUE;
}
- }
-
- // Remember the selected ACL role.
- if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
- $this->aclContents = "";
- $this->aclContents = base64_decode($_POST['selected_role']);
- }else{
- if(is_string($this->aclContents))
- $this->aclContents = array();
- }
- }
- if(isset($_POST['acl_dummy_0_0_0'])){
- $aclDialog= TRUE;
- }
+ if($this->acl_is_writeable("")){
- if($this->acl_is_writeable("")){
-
- /* Only be interested in new acl's, if we're in the right _POST place */
- if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
+ /* Only be interested in new acl's, if we're in the right _POST place */
+ if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
- foreach ($this->ocMapping[$this->aclObject] as $oc){
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
- if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
- unset($this->aclContents[$oc]);
- }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
- unset($this->aclContents[$this->aclObject.'/'.$oc]);
- }else{
+ if(isset($this->aclContents[$oc]) && is_array($this->aclContents)){
+ unset($this->aclContents[$oc]);
+ }elseif(isset($this->aclContents[$this->aclObject.'/'.$oc]) && is_array($this->aclContents)){
+ unset($this->aclContents[$this->aclObject.'/'.$oc]);
+ }else{
# trigger_error("Huhm?");
- }
- if (isset($new_acl[$oc]) && is_array($new_acl)){
- $this->aclContents[$oc]= $new_acl[$oc];
- }
- if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
- $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
- }
- }
- }
+ }
+ if (isset($new_acl[$oc]) && is_array($new_acl)){
+ $this->aclContents[$oc]= $new_acl[$oc];
+ }
+ if (isset($new_acl[$this->aclObject.'/'.$oc]) && is_array($new_acl)){
+ $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+ }
+ }
+ }
- /* Save new acl in case of base edit mode */
- if ($this->aclType == 'base' && !$firstedit){
- $this->aclContents= $new_acl;
- }
- }
+ /* Save new acl in case of base edit mode */
+ if ($this->aclType == 'base' && !$firstedit){
+ $this->aclContents= $new_acl;
+ }
+ }
- /* Cancel new acl? */
- if (isset($_POST['cancel_new_acl'])){
- $this->dialogState= 'head';
- $this->dialog= FALSE;
- if ($this->wasNewEntry){
- unset ($this->gosaAclEntry[$this->currentIndex]);
- }
- }
+ /* Cancel new acl? */
+ if (isset($_POST['cancel_new_acl'])){
+ $this->dialogState= 'head';
+ $this->dialog= FALSE;
+ if ($this->wasNewEntry){
+ unset ($this->gosaAclEntry[$this->currentIndex]);
+ }
+ }
- /* Save common values */
- if($this->acl_is_writeable("")){
- foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
- if (isset($_POST[$key])){
- $this->$key= validate($_POST[$key]);
+ /* Save common values */
+ if($this->acl_is_writeable("")){
+ foreach (array("aclType","aclFilter", "aclObject", "target") as $key){
+ if (isset($_POST[$key])){
+ $this->$key= get_post($key);
+ }
+ }
}
- }
- }
- /* Store ACL in main object? */
- if (isset($_POST['submit_new_acl'])){
- $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
- $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
- $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
- $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
- $this->dialogState= 'head';
- $this->dialog= FALSE;
- }
+ /* Store ACL in main object? */
+ if (isset($_POST['submit_new_acl'])){
+ $this->gosaAclEntry[$this->currentIndex]['type']= $this->aclType;
+ $this->gosaAclEntry[$this->currentIndex]['members']= $this->recipients;
+ $this->gosaAclEntry[$this->currentIndex]['acl']= $this->aclContents;
+ $this->gosaAclEntry[$this->currentIndex]['filter']= $this->aclFilter;
+ $this->dialogState= 'head';
+ $this->dialog= FALSE;
+ }
- /* Cancel edit acl? */
- if (isset($_POST['cancel_edit_acl'])){
- $this->dialogState= 'create';
- foreach ($this->ocMapping[$this->aclObject] as $oc){
- if (isset($this->savedAclContents[$oc])){
- $this->aclContents[$oc]= $this->savedAclContents[$oc];
+ /* Cancel edit acl? */
+ if (isset($_POST['cancel_edit_acl'])){
+ $this->dialogState= 'create';
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ if (isset($this->savedAclContents[$oc])){
+ $this->aclContents[$oc]= $this->savedAclContents[$oc];
+ }
+ }
}
- }
- }
- /* Save edit acl? */
- if (isset($_POST['submit_edit_acl'])){
- $this->dialogState= 'create';
- }
+ /* Save edit acl? */
+ if (isset($_POST['submit_edit_acl'])){
+ $this->dialogState= 'create';
+ }
- /* Add acl? */
- if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
- $this->dialogState= 'edit';
- $this->savedAclContents= array();
- foreach ($this->ocMapping[$this->aclObject] as $oc){
- if (isset($this->aclContents[$oc])){
- $this->savedAclContents[$oc]= $this->aclContents[$oc];
+ /* Add acl? */
+ if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
+ $this->dialogState= 'edit';
+ $this->savedAclContents= array();
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ if (isset($this->aclContents[$oc])){
+ $this->savedAclContents[$oc]= $this->aclContents[$oc];
+ }
+ }
}
- }
- }
- /* Add to list? */
- if (isset($_POST['add']) && isset($_POST['source'])){
- foreach ($_POST['source'] as $key){
- if ($this->target == 'user'){
- $this->recipients[$key]= $this->users[$key];
+ /* Add to list? */
+ if (isset($_POST['add']) && isset($_POST['source'])){
+ foreach ($_POST['source'] as $key){
+ if ($this->target == 'user'){
+ $this->recipients[$key]= $this->users[$key];
+ }
+ if ($this->target == 'group'){
+ $this->recipients[$key]= $this->groups[$key];
+ }
+ }
+ ksort($this->recipients);
}
- if ($this->target == 'group'){
- $this->recipients[$key]= $this->groups[$key];
+
+ /* Remove from list? */
+ if (isset($_POST['del']) && isset($_POST['recipient'])){
+ foreach ($_POST['recipient'] as $key){
+ unset($this->recipients[$key]);
+ }
}
- }
- ksort($this->recipients);
- }
- /* Remove from list? */
- if (isset($_POST['del']) && isset($_POST['recipient'])){
- foreach ($_POST['recipient'] as $key){
- unset($this->recipients[$key]);
- }
- }
+ /* Create templating instance */
+ $smarty= get_smarty();
- /* Create templating instance */
- $smarty= get_smarty();
+ $smarty->assign("acl_readable",$this->acl_is_readable(""));
+ if(!$this->acl_is_readable("")){
+ return ($smarty->fetch (get_template_path('acl.tpl')));
+ }
- $smarty->assign("acl_readable",$this->acl_is_readable(""));
- if(!$this->acl_is_readable("")){
- return ($smarty->fetch (get_template_path('acl.tpl')));
- }
+ if ($this->dialogState == 'head'){
+ $this->updateList();
+ $smarty->assign("aclList", $this->list->render());
+ }
- if ($this->dialogState == 'head'){
- $this->updateList();
- $smarty->assign("aclList", $this->list->render());
- }
+ if ($this->dialogState == 'create'){
+
+
+ if($this->aclType != 'role'){
+
+ // Create a map of all used sections, this allows us to simply hide the remove button
+ // if no acl is configured for the given section
+ // e.g. ';all;department/country;users/user;
+ $usedList = ";".implode(array_keys($this->aclContents),';').";";
+
+ /* Add settings for all categories to the (permanent) list */
+ $data = $lData = array();
+ foreach ($this->aclObjects as $section => $dsc){
+ $summary= "";
+ foreach($this->ocMapping[$section] as $oc){
+ if (isset($this->aclContents[$oc]) &&
+ count($this->aclContents[$oc]) &&
+ isset($this->aclContents[$oc][0]) &&
+ $this->aclContents[$oc][0] != ""){
+
+ $summary.= "$oc, ";
+ continue;
+ }
+ if (isset($this->aclContents["$section/$oc"]) &&
+ count($this->aclContents["$section/$oc"])){
+ $summary.= "$oc, ";
+ continue;
+ }
+ if (isset($this->aclContents[$oc]) &&
+ !isset($this->aclContents[$oc][0]) &&
+ count($this->aclContents[$oc])){
+ $summary.= "$oc, ";
+ }
+ }
- if ($this->dialogState == 'create'){
+ /* Set summary... */
+ if ($summary == ""){
+ $summary= '<i>'._("No ACL settings for this category!").'</i>';
+ } else {
+ $summary= trim($summary,", ");
+ $summary= " ".sprintf(_("ACLs for: %s"), $summary);
+ }
+ $actions ="";
+ if($this->acl_is_readable("")){
+ $actions.= image('images/lists/edit.png','cat_edit_'.$section,
+ msgPool::editButton(_("category ACL")));
+ }
+ if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
+ $actions.= image('images/lists/trash.png','cat_del_'.$section,
+ msgPool::delButton(_("category ACL")));
+ }
+ $data[] = $section;
+ $lData[] = array('data'=>array($dsc, $summary, $actions));
+ }
+ $this->sectionList->setListData($data,$lData);
+ $this->sectionList->update();
+ $smarty->assign("aclList", $this->sectionList->render());
+ }
- if($this->aclType != 'role'){
+ $smarty->assign("aclType", set_post($this->aclType));
+ $smarty->assign("aclFilter", set_post($this->aclFilter));
+ $smarty->assign("aclTypes", set_post($this->aclTypes));
+ $smarty->assign("target", set_post($this->target));
+ $smarty->assign("targets", set_post($this->targets));
- // Create a map of all used sections, this allows us to simply hide the remove button
- // if no acl is configured for the given section
- // e.g. ';all;department/country;users/user;
- $usedList = ";".implode(array_keys($this->aclContents),';').";";
+ /* Assign possible target types */
+ $smarty->assign("targets", $this->targets);
+ foreach ($this->attributes as $attr){
+ $smarty->assign($attr, set_post($this->$attr));
+ }
- /* Add settings for all categories to the (permanent) list */
- $data = $lData = array();
- foreach ($this->aclObjects as $section => $dsc){
- $summary= "";
- foreach($this->ocMapping[$section] as $oc){
- if (isset($this->aclContents[$oc]) &&
- count($this->aclContents[$oc]) &&
- isset($this->aclContents[$oc][0]) &&
- $this->aclContents[$oc][0] != ""){
- $summary.= "$oc, ";
- continue;
- }
- if (isset($this->aclContents["$section/$oc"]) &&
- count($this->aclContents["$section/$oc"])){
- $summary.= "$oc, ";
- continue;
- }
- if (isset($this->aclContents[$oc]) &&
- !isset($this->aclContents[$oc][0]) &&
- count($this->aclContents[$oc])){
- $summary.= "$oc, ";
+ /* Generate list */
+ $tmp= array();
+ if ($this->target == "group" && !isset($this->recipients["G:*"])){
+ $tmp["G:*"]= _("All users");
+ }
+ foreach (array("user" => "users", "group" => "groups") as $field => $arr){
+ if ($this->target == $field){
+ foreach ($this->$arr as $key => $value){
+ if (!isset($this->recipients[$key])){
+ $tmp[$key]= $value;
+ }
}
}
+ }
+ $smarty->assign('sources', set_post($tmp));
+ $smarty->assign('recipients', set_post($this->recipients));
- /* Set summary... */
- if ($summary == ""){
- $summary= '<i>'._("No ACL settings for this category!").'</i>';
- } else {
- $summary= trim($summary,", ");
- $summary= " ".sprintf(_("ACLs for: %s"), $summary);
- }
+ /* Acl selector if scope is base */
+ if ($this->aclType == 'base'){
+ $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
+ }
- $actions ="";
- if($this->acl_is_readable("")){
- $actions.= image('images/lists/edit.png','cat_edit_'.$section,
- msgPool::editButton(_("category ACL")));
- }
- if($this->acl_is_removeable() && preg_match("/;".$section."(;|\/)/", $usedList)){
- $actions.= image('images/lists/trash.png','cat_del_'.$section,
- msgPool::delButton(_("category ACL")));
- }
- $data[] = $section;
- $lData[] = array('data'=>array($dsc, $summary, $actions));
+ /* Role selector if scope is base */
+ if ($this->aclType == 'role'){
+ $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
}
- $this->sectionList->setListData($data,$lData);
- $this->sectionList->update();
- $smarty->assign("aclList", $this->sectionList->render());
}
-
- $smarty->assign("aclType", $this->aclType);
- $smarty->assign("aclFilter", $this->aclFilter);
- $smarty->assign("aclTypes", $this->aclTypes);
- $smarty->assign("target", $this->target);
- $smarty->assign("targets", $this->targets);
-
- /* Assign possible target types */
- $smarty->assign("targets", $this->targets);
- foreach ($this->attributes as $attr){
- $smarty->assign($attr, $this->$attr);
- }
-
-
- /* Generate list */
- $tmp= array();
- if ($this->target == "group" && !isset($this->recipients["G:*"])){
- $tmp["G:*"]= _("All users");
- }
- foreach (array("user" => "users", "group" => "groups") as $field => $arr){
- if ($this->target == $field){
- foreach ($this->$arr as $key => $value){
- if (!isset($this->recipients[$key])){
- $tmp[$key]= $value;
+
+ if ($this->dialogState == 'edit'){
+ $smarty->assign('headline', sprintf(_("Edit ACL for '%s' with scope '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
+
+ /* Collect objects for selected category */
+ foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
+ if ($idx == 0){
+ continue;
+ }
+ $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
+ }
+
+ /* Role selector if scope is base */
+ if ($this->aclType == 'role'){
+ $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
+ } else {
+ $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
}
- }
}
- }
- $smarty->assign('sources', $tmp);
- $smarty->assign('recipients', $this->recipients);
-
- /* Acl selector if scope is base */
- if ($this->aclType == 'base'){
- $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
- }
-
- /* Role selector if scope is base */
- if ($this->aclType == 'role'){
- $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
- }
+
+ /* Show main page */
+ $smarty->assign("dialogState", $this->dialogState);
+
+ /* Assign acls */
+ $smarty->assign("acl_createable",$this->acl_is_createable());
+ $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
+ $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
+ $smarty->assign("acl_removeable",$this->acl_is_removeable());
+
+ return ($smarty->fetch (get_template_path('acl.tpl')));
}
- if ($this->dialogState == 'edit'){
- $smarty->assign('headline', sprintf(_("Edit ACL for '%s' with scope '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
- /* Collect objects for selected category */
- foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
- if ($idx == 0){
- continue;
+ function sort_by_priority($list)
+ {
+ $tmp= session::global_get('plist');
+ $plist= $tmp->info;
+ asort($plist);
+ $newSort = array();
+
+ foreach($list as $name => $translation){
+ $na = preg_replace("/^.*\//","",$name);
+ $prio = 0;
+ if(isset($plist[$na]['plPriority'])){
+ $prio= $plist[$na]['plPriority'] ;
+ }
+
+ $newSort[$name] = $prio;
+ }
+
+ asort($newSort);
+
+ $ret = array();
+ foreach($newSort as $name => $prio){
+ $ret[$name] = $list[$name];
}
- $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
- }
-
- /* Role selector if scope is base */
- if ($this->aclType == 'role'){
- $smarty->assign('roleSelector', $this->buildRoleSelector($this->roles));
- } else {
- $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
- }
+ return($ret);
}
- /* Show main page */
- $smarty->assign("dialogState", $this->dialogState);
-
- /* Assign acls */
- $smarty->assign("acl_createable",$this->acl_is_createable());
- $smarty->assign("acl_writeable" ,$this->acl_is_writeable(""));
- $smarty->assign("acl_readable" ,$this->acl_is_readable(""));
- $smarty->assign("acl_removeable",$this->acl_is_removeable());
- return ($smarty->fetch (get_template_path('acl.tpl')));
- }
+ function buildRoleSelector($list)
+ {
+ $selected = $this->aclContents;
+ if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
+ $selected = key($list);
+ }
+ $data = $lData = array();
+ foreach($list as $dn => $values){
+ if($dn == $selected){
+ $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
+ }else{
+ $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
+ }
+ $data[] = postEncode($dn);
+ $lData[] = array('data'=>array($option, $values['cn'], $values['description']));
+ }
+ $this->roleList->setListData($data,$lData);
+ $this->roleList->update();
+ return($this->roleList->render());
+ }
+
+
+ function buildAclSelector($list)
+ {
+ $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
+ $cols= 3;
+ $tmp= session::global_get('plist');
+ $plist= $tmp->info;
+ asort($plist);
+
+ /* Add select all/none buttons */
+ $style = "style='width:100px;'";
+
+ if($this->acl_is_writeable("")){
+ $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
+ $display .= "<button type='button' ".$style." name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
+
+ $display .= "<button type='button' ".$style." name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
+ $display .= "<button type='button' ".$style." name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
+
+ $display .= "<br>";
+
+ $style = "style='width:50px;'";
+ $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
+ $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
+
+ $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
+ $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
+ $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
+ }
- function sort_by_priority($list)
- {
- $tmp= session::global_get('plist');
- $plist= $tmp->info;
- asort($plist);
- $newSort = array();
+ /* Build general objects */
+ $list =$this->sort_by_priority($list);
+ foreach ($list as $key => $name){
- foreach($list as $name => $translation){
- $na = preg_replace("/^.*\//","",$name);
- $prio = 0;
- if(isset($plist[$na]['plPriority'])){
- $prio= $plist[$na]['plPriority'] ;
- }
+ /* Create sub acl if it does not exist */
+ if (!isset($this->aclContents[$key])){
+ $this->aclContents[$key]= array();
+ }
+ if(!isset($this->aclContents[$key][0])){
+ $this->aclContents[$key][0]= '';
+ }
- $newSort[$name] = $prio;
- }
+ $currentAcl= $this->aclContents[$key];
- asort($newSort);
+ /* Get the overall plugin acls
+ */
+ $overall_acl ="";
+ if(isset($currentAcl[0])){
+ $overall_acl = $currentAcl[0];
+ }
- $ret = array();
- foreach($newSort as $name => $prio){
- $ret[$name] = $list[$name];
- }
- return($ret);
- }
+ // Detect configured plugins
+ $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
+ /* Object header */
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
- function buildRoleSelector($list)
- {
- $selected = $this->aclContents;
- if(!is_string($this->aclContents) || !isset($list[$this->aclContents])){
- $selected = key($list);
- }
+ if($expand){
+ $back_color = "#C8C8FF";
+ }else{
+ $back_color = "#C8C8C8";
+ }
- $data = $lData = array();
- foreach($list as $dn => $values){
- if($dn == $selected){
- $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."' checked>";
- }else{
- $option = "<input type='radio' name='selected_role' value='".base64_encode($dn)."'>";
- }
- $data[] = postEncode($dn);
- $lData[] = array('data'=>array($option, $values['cn'], $values['description']));
- }
- $this->roleList->setListData($data,$lData);
- $this->roleList->update();
- return($this->roleList->render());
- }
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
+ "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+ "\n </tr>";
+ } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
+ "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+ "\n </tr>";
+ } else {
+ $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
+ "\n </tr>";
+ }
+ /* Generate options */
+ $spc= " ";
+ $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
+ $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
+ $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
+ if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ $options.= $this->mkchkbx($key."_0_s", _("Restrict changes to user's own object"), preg_match('/s/', $overall_acl)).$spc;
+ }
- function buildAclSelector($list)
- {
- $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
- $cols= 3;
- $tmp= session::global_get('plist');
- $plist= $tmp->info;
- asort($plist);
-
- /* Add select all/none buttons */
- $style = "style='width:100px;'";
-
- if($this->acl_is_writeable("")){
- $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
- $display .= "<button type='button' ".$style." name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
- $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
- $display .= "<button type='button' ".$style." name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
- $display .= "<button type='button' ".$style." name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
-
- $display .= "<button type='button' ".$style." name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
- $display .= "<button type='button' ".$style." name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
-
- $display .= "<br>";
-
- $style = "style='width:50px;'";
- $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
- $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
- $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
- $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
- $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
-
- $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
- $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
- $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
+ /* Global options */
+ $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
+ $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
+
+ $display.= "\n <tr>".
+ "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
+ "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
+ "\n </tr>";
+
+ /* Walk through the list of attributes */
+ $cnt= 1;
+ $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
+ "\n <td colspan=".$cols.">".
+ "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
+ "\n <table style='width:100%;' summary='{$name}'>";
+ } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
+ "\n <td colspan=".$cols.">".
+ "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
+ "\n <table style='width:100%;' summary='{$name}'>";
+ }else{
+ }
+ }
+
+
+ foreach($splist as $attr => $dsc){
+
+ /* Skip pl* attributes, they are internal... */
+ if (preg_match('/^pl[A-Z]+.*$/', $attr)){
+ continue;
+ }
+
+ /* Open table row */
+ if ($cnt == 1){
+ $display.= "\n <tr>";
+ }
+
+ /* Close table row */
+ if ($cnt == $cols){
+ $cnt= 1;
+ $rb= "";
+ $end= "\n </tr>";
+ } else {
+ $cnt++;
+ $rb= "border-right:1px solid #A0A0A0;";
+ $end= "";
+ }
+
+ /* Collect list of attributes */
+ $state= "";
+ if (isset($currentAcl[$attr])){
+ $state= $currentAcl[$attr];
+ }
+ $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
+ "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
+ }
+
+ /* Fill missing td's if needed */
+ if (--$cnt != $cols && $cnt != 0){
+ $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
+ }
+
+ if(session::global_get('js')) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) &&
+ (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
+ (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n </table>".
+ "\n </div>".
+ "\n </td>".
+ "\n </tr>";
+ }
+ }
+
+ $display.= "\n</table><br />\n";
+ }
+
+ return ($display);
}
- /* Build general objects */
- $list =$this->sort_by_priority($list);
- foreach ($list as $key => $name){
-
- /* Create sub acl if it does not exist */
- if (!isset($this->aclContents[$key])){
- $this->aclContents[$key]= array();
- }
- if(!isset($this->aclContents[$key][0])){
- $this->aclContents[$key][0]= '';
- }
-
- $currentAcl= $this->aclContents[$key];
-
- /* Get the overall plugin acls
- */
- $overall_acl ="";
- if(isset($currentAcl[0])){
- $overall_acl = $currentAcl[0];
- }
-
- // Detect configured plugins
- $expand = count($currentAcl) > 1 || $currentAcl[0] != "";
-
- /* Object header */
- $tname= preg_replace("/[^a-z0-9]/i","_",$name);
-
- if($expand){
- $back_color = "#C8C8FF";
- }else{
- $back_color = "#C8C8C8";
- }
-
- if(isset($_SERVER['HTTP_USER_AGENT']) &&
- (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
- (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
- $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
- "\n <td align='right' style='background-color:{$back_color};height:1.8em;'>".
- "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
- "\n </tr>";
- } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
- "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
- "\n <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
- "\n </tr>";
- } else {
- $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
- "\n <tr>".
- "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
- "\n </tr>";
- }
-
- /* Generate options */
- $spc= " ";
- $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $overall_acl)).$spc;
- $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $overall_acl)).$spc;
- $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $overall_acl)).$spc;
- if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
- $options.= $this->mkchkbx($key."_0_s", _("Restrict changes to user's own object"), preg_match('/s/', $overall_acl)).$spc;
- }
-
- /* Global options */
- $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $overall_acl)).$spc;
- $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $overall_acl));
-
- $display.= "\n <tr>".
- "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
- "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
- "\n </tr>";
-
- /* Walk through the list of attributes */
- $cnt= 1;
- $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
- if(session::global_get('js')) {
- if(isset($_SERVER['HTTP_USER_AGENT']) &&
- (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
- $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
- "\n <td colspan=".$cols.">".
- "\n <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
- "\n <table style='width:100%;' summary='{$name}'>";
- } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
- $display.= "\n <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
- "\n <td colspan=".$cols.">".
- "\n <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
- "\n <table style='width:100%;' summary='{$name}'>";
+
+ function mkchkbx($name, $text, $state= FALSE)
+ {
+ $state= $state?"checked":"";
+ if($this->acl_is_writeable("")){
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
+ return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
+ "\n <label for='acl_$tname'>$text</label>";
}else{
+ return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
}
- }
+ }
-
- foreach($splist as $attr => $dsc){
- /* Skip pl* attributes, they are internal... */
- if (preg_match('/^pl[A-Z]+.*$/', $attr)){
- continue;
- }
+ function mkrwbx($name, $state= "")
+ {
+ $rstate= preg_match('/r/', $state)?'checked':'';
+ $wstate= preg_match('/w/', $state)?'checked':'';
+ $tname= preg_replace("/[^a-z0-9]/i","_",$name);
- /* Open table row */
- if ($cnt == 1){
- $display.= "\n <tr>";
+ if($this->acl_is_writeable("")){
+ return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
+ "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
+ "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
+ "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
+ }else{
+ return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
+ "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
}
+ }
- /* Close table row */
- if ($cnt == $cols){
- $cnt= 1;
- $rb= "";
- $end= "\n </tr>";
- } else {
- $cnt++;
- $rb= "border-right:1px solid #A0A0A0;";
- $end= "";
- }
- /* Collect list of attributes */
- $state= "";
- if (isset($currentAcl[$attr])){
- $state= $currentAcl[$attr];
- }
- $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
- "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
- }
-
- /* Fill missing td's if needed */
- if (--$cnt != $cols && $cnt != 0){
- $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
- }
-
- if(session::global_get('js')) {
- if(isset($_SERVER['HTTP_USER_AGENT']) &&
- (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) ||
- (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT'])) ||
- (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
- $display.= "\n </table>".
- "\n </div>".
- "\n </td>".
- "\n </tr>";
+ static function explodeACL($acl)
+ {
+
+ $list= explode(':', $acl);
+ if(count($list) == 5){
+ list($index, $type,$member,$permission,$filter)= $list;
+ $filter = base64_decode($filter);
+ }elseif(count($list) == 4){
+ $filter = "";
+ list($index, $type,$member,$permission)= $list;
+ }else{
+ $permission = "";
+ $filter = "";
+ list($index, $type,$member)= $list;
}
- }
- $display.= "\n</table><br />\n";
- }
+ $a= array( $index => array("type" => $type,
+ "filter"=> $filter,
+ "members" => acl::extractMembers($acl,$type == "role")));
- return ($display);
- }
+ /* Handle different types */
+ switch ($type){
+ case 'psub':
+ case 'sub':
+ case 'one':
+ case 'base':
+ $a[$index]['acl']= acl::extractACL($acl);
+ break;
- function mkchkbx($name, $text, $state= FALSE)
- {
- $state= $state?"checked":"";
- if($this->acl_is_writeable("")){
- $tname= preg_replace("/[^a-z0-9]/i","_",$name);
- return "\n <input id='acl_$tname' type=checkbox name='acl_$name' $state>".
- "\n <label for='acl_$tname'>$text</label>";
- }else{
- return "\n <input type='checkbox' disabled name='dummy_".microtime(1)."' $state>$text";
- }
- }
-
-
- function mkrwbx($name, $state= "")
- {
- $rstate= preg_match('/r/', $state)?'checked':'';
- $wstate= preg_match('/w/', $state)?'checked':'';
- $tname= preg_replace("/[^a-z0-9]/i","_",$name);
-
- if($this->acl_is_writeable("")){
- return ("\n <input id='acl_".$tname."_r' type=checkbox name='acl_${name}_r' $rstate>".
- "\n <label for='acl_".$tname."_r'>"._("read")."</label>".
- "\n <input id='acl_".$tname."_w' type=checkbox name='acl_${name}_w' $wstate>".
- "\n <label for='acl_".$tname."_w'>"._("write")."</label>");
- }else{
- return ("\n <input disabled type=checkbox name='dummy_".microtime(1)."' $rstate>"._("read").
- "\n <input disabled type=checkbox name='dummy_".microtime(1)."' $wstate>"._("write"));
- }
- }
-
-
- static function explodeACL($acl)
- {
-
- $list= explode(':', $acl);
- if(count($list) == 5){
- list($index, $type,$member,$permission,$filter)= $list;
- $filter = base64_decode($filter);
- }elseif(count($list) == 4){
- $filter = "";
- list($index, $type,$member,$permission)= $list;
- }else{
- $permission = "";
- $filter = "";
- list($index, $type,$member)= $list;
+ case 'role':
+ $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
+ break;
+
+ case 'reset':
+ break;
+
+ default:
+ msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
+ $a= array();
+ }
+ return ($a);
}
- $a= array( $index => array("type" => $type,
- "filter"=> $filter,
- "members" => acl::extractMembers($acl,$type == "role")));
-
- /* Handle different types */
- switch ($type){
-
- case 'psub':
- case 'sub':
- case 'one':
- case 'base':
- $a[$index]['acl']= acl::extractACL($acl);
- break;
-
- case 'role':
- $a[$index]['acl']= base64_decode(preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl));
- break;
-
- case 'reset':
- break;
-
- default:
- msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!"), $type), ERROR_DIALOG);
+
+ static function extractMembers($acl,$role = FALSE)
+ {
+ global $config;
$a= array();
- }
- return ($a);
- }
+ /* Rip acl off the string, seperate by ',' and place it in an array */
+ if($role){
+ $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ }else{
+ $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ }
+ if ($ms == $acl){
+ return $a;
+ }
+ $ma= explode(',', $ms);
+
+ /* Decode dn's, fill with informations from LDAP */
+ $ldap= $config->get_ldap_link();
+ foreach ($ma as $memberdn){
+ // Check for wildcard here
+ $dn= base64_decode($memberdn);
+ if ($dn != "*") {
+ $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+
+ /* Found entry... */
+ if ($ldap->count()){
+ $attrs= $ldap->fetch();
+ if (in_array_ics('gosaAccount', $attrs['objectClass'])){
+ $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+ } else {
+ $a['G:'.$dn]= $attrs['cn'][0];
+ if (isset($attrs['description'][0])){
+ $a['G:'.$dn].= " [".$attrs['description'][0]."]";
+ }
+ }
- static function extractMembers($acl,$role = FALSE)
- {
- global $config;
- $a= array();
+ /* ... or not */
+ } else {
+ $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
+ }
- /* Rip acl off the string, seperate by ',' and place it in an array */
- if($role){
- $ms= preg_replace('/^[^:]+:[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
- }else{
- $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
- }
- if ($ms == $acl){
- return $a;
- }
- $ma= explode(',', $ms);
-
- /* Decode dn's, fill with informations from LDAP */
- $ldap= $config->get_ldap_link();
- foreach ($ma as $memberdn){
- // Check for wildcard here
- $dn= base64_decode($memberdn);
- if ($dn != "*") {
- $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
-
- /* Found entry... */
- if ($ldap->count()){
- $attrs= $ldap->fetch();
- if (in_array_ics('gosaAccount', $attrs['objectClass'])){
- $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
- } else {
- $a['G:'.$dn]= $attrs['cn'][0];
- if (isset($attrs['description'][0])){
- $a['G:'.$dn].= " [".$attrs['description'][0]."]";
+ } else {
+ $a['G:*']= sprintf(_("All users"));
}
- }
-
- /* ... or not */
- } else {
- $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
}
- } else {
- $a['G:*']= sprintf(_("All users"));
- }
+ return ($a);
}
- return ($a);
- }
-
-
- static function extractACL($acl)
- {
- /* Rip acl off the string, seperate by ',' and place it in an array */
- $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
- $aa= explode(',', $as);
- $a= array();
-
- /* Dis-assemble single ACLs */
- foreach($aa as $sacl){
-
- /* Dis-assemble field ACLs */
- $ao= explode('#', $sacl);
- $gobject= "";
- foreach($ao as $idx => $ssacl){
-
- /* First is department with global acl */
- $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
- $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
- if ($idx == 0){
- /* Create hash for this object */
- $gobject= $object;
- $a[$gobject]= array();
-
- /* Append ACL if set */
- if ($gacl != ""){
- $a[$gobject]= array($gacl);
- }
- } else {
- /* All other entries get appended... */
- list($field, $facl)= explode(';', $ssacl);
- $a[$gobject][$field]= $facl;
+ static function extractACL($acl)
+ {
+ /* Rip acl off the string, seperate by ',' and place it in an array */
+ $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
+ $aa= explode(',', $as);
+ $a= array();
+
+ /* Dis-assemble single ACLs */
+ foreach($aa as $sacl){
+
+ /* Dis-assemble field ACLs */
+ $ao= explode('#', $sacl);
+ $gobject= "";
+ foreach($ao as $idx => $ssacl){
+
+ /* First is department with global acl */
+ $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
+ $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
+ if ($idx == 0){
+ /* Create hash for this object */
+ $gobject= $object;
+ $a[$gobject]= array();
+
+ /* Append ACL if set */
+ if ($gacl != ""){
+ $a[$gobject]= array($gacl);
+ }
+ } else {
+
+ /* All other entries get appended... */
+ list($field, $facl)= explode(';', $ssacl);
+ $a[$gobject][$field]= $facl;
+ }
+
+ }
}
- }
+ return ($a);
}
- return ($a);
- }
-
- function assembleAclSummary($entry)
- {
- $summary= "";
+ function assembleAclSummary($entry)
+ {
+ $summary= "";
- /* Summarize ACL */
- if (isset($entry['acl'])){
- $acl= "";
+ /* Summarize ACL */
+ if (isset($entry['acl'])){
+ $acl= "";
- if($entry['type'] == "role"){
+ if($entry['type'] == "role"){
- if(isset($this->roles[$entry['acl']])){
- $summary.= sprintf(_("ACL role: %s"), $this->roles[$entry['acl']]['cn']);
- }else{
- $summary.= sprintf(_("ACL role: %s"), "<i>"._("unknown ACL role")."</i>");
+ if(isset($this->roles[$entry['acl']])){
+ $summary.= sprintf(_("ACL role: %s"), $this->roles[$entry['acl']]['cn']);
+ }else{
+ $summary.= sprintf(_("ACL role: %s"), "<i>"._("unknown ACL role")."</i>");
+ }
+ }else{
+ foreach ($entry['acl'] as $name => $object){
+ if (count($object)){
+ $acl.= "$name, ";
+ }
+ }
+ $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
+ }
}
- }else{
- foreach ($entry['acl'] as $name => $object){
- if (count($object)){
- $acl.= "$name, ";
- }
+
+
+ /* Summarize members */
+ if(!($this instanceOf aclrole)){
+ if ($summary != ""){
+ $summary.= ", ";
+ }
+ if (count($entry['members'])){
+ $summary.= _("Members").": ";
+ foreach ($entry['members'] as $cn){
+ $cn= preg_replace('/ \[.*$/', '', $cn);
+ $summary.= $cn.", ";
+ }
+ } else {
+ $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
+ }
}
- $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
- }
+ return (preg_replace('/, $/', '', $summary));
}
- /* Summarize members */
- if(!($this instanceOf aclrole)){
- if ($summary != ""){
- $summary.= ", ";
- }
- if (count($entry['members'])){
- $summary.= _("Members").": ";
- foreach ($entry['members'] as $cn){
- $cn= preg_replace('/ \[.*$/', '', $cn);
- $summary.= $cn.", ";
+ function loadAclEntry($new= FALSE)
+ {
+ /* New entry gets presets... */
+ if ($new){
+ $this->aclType= 'base';
+ $this->aclFilter= "";
+ $this->recipients= array();
+ $this->aclContents= array();
+ } else {
+ $acl= $this->gosaAclEntry[$this->currentIndex];
+ $this->aclType= $acl['type'];
+ $this->recipients= $acl['members'];
+ $this->aclContents= (isset($acl['acl'])) ? $acl['acl'] :"";
+ $this->aclFilter= $acl['filter'];
}
- } else {
- $summary.= "<font color='red'><i>"._("inactive")." - "._("No members")."</i></font>";
- }
+
+ $this->wasNewEntry= $new;
}
- return (preg_replace('/, $/', '', $summary));
- }
-
-
- function loadAclEntry($new= FALSE)
- {
- /* New entry gets presets... */
- if ($new){
- $this->aclType= 'base';
- $this->aclFilter= "";
- $this->recipients= array();
- $this->aclContents= array();
- } else {
- $acl= $this->gosaAclEntry[$this->currentIndex];
- $this->aclType= $acl['type'];
- $this->recipients= $acl['members'];
- $this->aclContents= (isset($acl['acl'])) ? $acl['acl'] :"";
- $this->aclFilter= $acl['filter'];
+
+
+ function aclPostHandler()
+ {
+ if (isset($_POST['save_acl'])){
+ $this->save();
+ return TRUE;
+ }
+
+ return FALSE;
}
- $this->wasNewEntry= $new;
- }
+ function PrepareForCopyPaste($source)
+ {
+ plugin::PrepareForCopyPaste($source);
- function aclPostHandler()
- {
- if (isset($_POST['save_acl'])){
- $this->save();
- return TRUE;
+ $dn = $source['dn'];
+ $acl_c = new acl($this->config, $this->parent,$dn);
+ $this->gosaAclEntry = $acl_c->gosaAclEntry;
}
- return FALSE;
- }
-
-
- function PrepareForCopyPaste($source)
- {
- plugin::PrepareForCopyPaste($source);
-
- $dn = $source['dn'];
- $acl_c = new acl($this->config, $this->parent,$dn);
- $this->gosaAclEntry = $acl_c->gosaAclEntry;
- }
-
-
- function save()
- {
- /* Assemble ACL's */
- $tmp_acl= array();
-
- foreach ($this->gosaAclEntry as $prio => $entry){
- $final= "";
- $members= "";
- if (isset($entry['members'])){
- foreach ($entry['members'] as $key => $dummy){
- $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
- }
- }
-
- if($entry['type'] != "role"){
- $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
- }else{
- $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
- }
-
- /* ACL's if needed */
- $final.= ":";
- if ($entry['type'] != "reset" && $entry['type'] != "role"){
- $acl = "";
- if (isset($entry['acl'])){
- foreach ($entry['acl'] as $object => $contents){
- /* Only save, if we've some contents in there... */
- if (count($contents)){
- $acl.= $object.";";
+ function save()
+ {
+ /* Assemble ACL's */
+ $tmp_acl= array();
- foreach($contents as $attr => $permission){
+ foreach ($this->gosaAclEntry as $prio => $entry){
+ $final= "";
+ $members= "";
+ if (isset($entry['members'])){
+ foreach ($entry['members'] as $key => $dummy){
+ $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
+ }
+ }
- /* First entry? Its the one for global settings... */
- if ($attr == '0'){
- $acl.= $permission;
- } else {
- $acl.= '#'.$attr.';'.$permission;
+ if($entry['type'] != "role"){
+ $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
+ }else{
+ $final= $prio.":".$entry['type'].":".base64_encode($entry['acl']).":".preg_replace('/,$/', '', $members);
+ }
+
+ /* ACL's if needed */
+ $final.= ":";
+ if ($entry['type'] != "reset" && $entry['type'] != "role"){
+ $acl = "";
+ if (isset($entry['acl'])){
+ foreach ($entry['acl'] as $object => $contents){
+
+ /* Only save, if we've some contents in there... */
+ if (count($contents)){
+ $acl.= $object.";";
+
+ foreach($contents as $attr => $permission){
+
+ /* First entry? Its the one for global settings... */
+ if ($attr == '0'){
+ $acl.= $permission;
+ } else {
+ $acl.= '#'.$attr.';'.$permission;
+ }
+
+ }
+ $acl.= ',';
+ }
+
+ }
}
+ $final.= preg_replace('/,$/', '', $acl);
+ }
- }
- $acl.= ',';
+ /* Append additional filter options
+ */
+ if(!empty($entry['filter'])){
+ $final .= ":".base64_encode($entry['filter']);
}
-
- }
+
+ $tmp_acl[]= $final;
}
- $final.= preg_replace('/,$/', '', $acl);
- }
- /* Append additional filter options
- */
- if(!empty($entry['filter'])){
- $final .= ":".base64_encode($entry['filter']);
- }
+ /* Call main method */
+ plugin::save();
- $tmp_acl[]= $final;
- }
+ /* Finally (re-)assign it... */
+ $this->attrs['gosaAclEntry']= $tmp_acl;
+
+ /* Remove acl from this entry if it is empty... */
+ if (!count($tmp_acl)){
+ /* Remove attribute */
+ if ($this->initially_was_account){
+ $this->attrs['gosaAclEntry']= array();
+ } else {
+ if (isset($this->attrs['gosaAclEntry'])){
+ unset($this->attrs['gosaAclEntry']);
+ }
+ }
- /* Call main method */
- plugin::save();
+ /* Remove object class */
+ $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
+ }
- /* Finally (re-)assign it... */
- $this->attrs['gosaAclEntry']= $tmp_acl;
+ /* Do LDAP modifications */
+ $ldap= $this->config->get_ldap_link();
+ $ldap->cd($this->dn);
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
- /* Remove acl from this entry if it is empty... */
- if (!count($tmp_acl)){
- /* Remove attribute */
- if ($this->initially_was_account){
- $this->attrs['gosaAclEntry']= array();
- } else {
- if (isset($this->attrs['gosaAclEntry'])){
- unset($this->attrs['gosaAclEntry']);
+ if(count($this->attrs)){
+ new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
}
- }
- /* Remove object class */
- $this->attrs['objectClass']= array_remove_entries(array('gosaAcl'), $this->attrs['objectClass']);
- }
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
+ }
+
+ /* Refresh users ACLs */
+ $ui= get_userinfo();
+ $ui->loadACL();
+ session::global_set('ui',$ui);
+ }
+
+
+ function remove_from_parent()
+ {
+ plugin::remove_from_parent();
+
+ /* include global link_info */
+ $ldap= $this->config->get_ldap_link();
+
+ $ldap->cd($this->dn);
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
- /* Do LDAP modifications */
- $ldap= $this->config->get_ldap_link();
- $ldap->cd($this->dn);
- $this->cleanup();
- $ldap->modify ($this->attrs);
+ new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
- if(count($this->attrs)){
- new log("modify","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
+ /* Optionally execute a command after we're done */
+ $this->handle_post_events("remove",array("uid" => $this->uid));
}
- if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, LDAP_MOD, get_class()), ERROR_DIALOG);
+
+ /* Return plugin informations for acl handling */
+ static function plInfo()
+ {
+ return (array(
+ "plShortName" => _("ACL"),
+ "plDescription" => _("ACL")." ("._("Access control list").")",
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("administration"),
+ "plRequirements"=> array('ldapSchema' => array('gosaAcl' => '>=2.7')),
+ "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
+ "objectClass" => array("gosaAcl","gosaRole"))),
+ "plProvidedAcls"=> array(
+ "gosaAclEntry" => _("ACL Entries")
+ )
+
+ ));
}
- /* Refresh users ACLs */
- $ui= get_userinfo();
- $ui->loadACL();
- session::global_set('ui',$ui);
- }
-
-
- function remove_from_parent()
- {
- plugin::remove_from_parent();
-
- /* include global link_info */
- $ldap= $this->config->get_ldap_link();
-
- $ldap->cd($this->dn);
- $this->cleanup();
- $ldap->modify ($this->attrs);
-
- new log("remove","acls/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
-
- /* Optionally execute a command after we're done */
- $this->handle_post_events("remove",array("uid" => $this->uid));
- }
-
-
- /* Return plugin informations for acl handling */
- static function plInfo()
- {
- return (array(
- "plShortName" => _("ACL"),
- "plDescription" => _("ACL")." ("._("Access control list").")",
- "plSelfModify" => FALSE,
- "plDepends" => array(),
- "plPriority" => 0,
- "plSection" => array("administration"),
- "plRequirements"=> array('ldapSchema' => array('gosaAcl' => '>=2.7')),
- "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
- "objectClass" => array("gosaAcl","gosaRole"))),
- "plProvidedAcls"=> array(
- "gosaAclEntry" => _("ACL Entries")
- )
-
- ));
- }
-
-
- /* Remove acls defined for $src */
- function remove_acl()
- {
- acl::remove_acl_for($this->dn);
- }
-
-
- /* Remove acls defined for $src */
- static function remove_acl_for($dn)
- {
- global $config;
-
- $ldap = $config->get_ldap_link();
- $ldap->cd($config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
- $new_entries= array();
- while($attrs = $ldap->fetch()){
- if (!isset($attrs['gosaAclEntry'])) {
- continue;
- }
- unset($attrs['gosaAclEntry']['count']);
-
- // Remove entry directly
- foreach($attrs['gosaAclEntry'] as $id => $entry){
- $parts= explode(':',$entry);
- $members= explode(',',$parts[2]);
- $new_members= array();
- foreach($members as $member) {
- if (base64_decode($member) != $dn) {
- $new_members[]= $member;
- } else {
- gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
- }
- }
-
- /* We can completely remove the entry if there are no members anymore */
- if (count($new_members)) {
- $parts[2]= implode(",", $new_members);
- $new_entries[]= implode(":", $parts);
- }
- }
-
- // There should be a modification, so write it back
- $ldap->cd($attrs['dn']);
- $new_attrs= array("gosaAclEntry" => $new_entries);
- $ldap->modify($new_attrs);
- if (!$ldap->success()){
- msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
- }
+
+ /* Remove acls defined for $src */
+ function remove_acl()
+ {
+ acl::remove_acl_for($this->dn);
}
- }
-
-
- function update_acl_membership($src,$dst)
- {
- $ldap = $this->config->get_ldap_link();
- $ldap->cd($this->config->current['BASE']);
- $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
- while($attrs = $ldap->fetch()){
- $acl = new acl($this->config,$this->parent,$attrs['dn']);
- foreach($acl->gosaAclEntry as $id => $entry){
- foreach($entry['members'] as $m_id => $member){
- if($m_id == "U:".$src){
- unset($acl->gosaAclEntry[$id]['members'][$m_id]);
- $new = "U:".$dst;
- $acl->gosaAclEntry[$id]['members'][$new] = $new;
- gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
- }
- if($m_id == "G:".$src){
- unset($acl->gosaAclEntry[$id]['members'][$m_id]);
- $new = "G:".$dst;
- $acl->gosaAclEntry[$id]['members'][$new] = $new;
- gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
- }
+
+
+ /* Remove acls defined for $src */
+ static function remove_acl_for($dn)
+ {
+ global $config;
+
+ $ldap = $config->get_ldap_link();
+ $ldap->cd($config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
+ $new_entries= array();
+ while($attrs = $ldap->fetch()){
+ if (!isset($attrs['gosaAclEntry'])) {
+ continue;
+ }
+ unset($attrs['gosaAclEntry']['count']);
+
+ // Remove entry directly
+ foreach($attrs['gosaAclEntry'] as $id => $entry){
+ $parts= explode(':',$entry);
+ $members= explode(',',$parts[2]);
+ $new_members= array();
+ foreach($members as $member) {
+ if (base64_decode($member) != $dn) {
+ $new_members[]= $member;
+ } else {
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
+ }
+ }
+
+ /* We can completely remove the entry if there are no members anymore */
+ if (count($new_members)) {
+ $parts[2]= implode(",", $new_members);
+ $new_entries[]= implode(":", $parts);
+ }
+ }
+
+ // There should be a modification, so write it back
+ $ldap->cd($attrs['dn']);
+ $new_attrs= array("gosaAclEntry" => $new_entries);
+ $ldap->modify($new_attrs);
+ if (!$ldap->success()){
+ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
+ }
}
- }
- $acl -> save();
}
- }
-
-
- // We are only interessted in our own acls ...
- function set_acl_category($category)
- {
- plugin::set_acl_category("acl");
- }
+
+
+ function update_acl_membership($src,$dst)
+ {
+ $ldap = $this->config->get_ldap_link();
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+ while($attrs = $ldap->fetch()){
+ $acl = new acl($this->config,$this->parent,$attrs['dn']);
+ foreach($acl->gosaAclEntry as $id => $entry){
+ foreach($entry['members'] as $m_id => $member){
+ if($m_id == "U:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "U:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
+ }
+ if($m_id == "G:".$src){
+ unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+ $new = "G:".$dst;
+ $acl->gosaAclEntry[$id]['members'][$new] = $new;
+ gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
+ }
+ }
+ }
+ $acl -> save();
+ }
+ }
+
+
+ // We are only interessted in our own acls ...
+ function set_acl_category($category)
+ {
+ plugin::set_acl_category("acl");
+ }
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: