![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b20788b)
raw | patch | inline | side by side (parent: b20788b)
| author | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Thu, 25 Jan 2007 11:28:57 +0000 (11:28 +0000) | ||
| committer | hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8> | |
| Thu, 25 Jan 2007 11:28:57 +0000 (11:28 +0000) |
- Acl roles implemented.
- Acls will now we openened as tab when editing from acl management.
- Roles are not completed yet.
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5623 594d385d-05f5-0310-b6e9-bd551577e9d8
- Acls will now we openened as tab when editing from acl management.
- Roles are not completed yet.
git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5623 594d385d-05f5-0310-b6e9-bd551577e9d8
| include/class_acl.inc | patch | blob | history | |
| plugins/admin/acl/acl_role.tpl | [new file with mode: 0644] | patch | blob |
| plugins/admin/acl/class_aclManagement.inc | patch | blob | history | |
| plugins/admin/acl/class_acl_role.inc | [new file with mode: 0644] | patch | blob |
| plugins/admin/acl/class_divListACL.inc | patch | blob | history | |
| plugins/admin/acl/tabs_acl.inc | [new file with mode: 0644] | patch | blob |
| plugins/admin/acl/tabs_acl_role.inc | [new file with mode: 0644] | patch | blob |
| plugins/admin/groups/class_groupGeneric.inc | patch | blob | history | |
| plugins/admin/groups/class_groupMail.inc | patch | blob | history |
diff --git a/include/class_acl.inc b/include/class_acl.inc
index 0f6f39f8825cb876d541a905782ceffe1826676c..2d9e72501b28b2e872d42c82deb8037d9d12a181 100644 (file)
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
foreach($list as $name => $translation){
$na = preg_replace("/^.*\//","",$name);
- $prio= $plist[$na]['plPriority'] ;
+ $prio = 0;
+ if(isset($plist[$na]['plPriority'])){
+ $prio= $plist[$na]['plPriority'] ;
+ }
$newSort[$name] = $prio;
}
diff --git a/plugins/admin/acl/acl_role.tpl b/plugins/admin/acl/acl_role.tpl
--- /dev/null
@@ -0,0 +1,78 @@
+{if $dialogState eq 'head'}
+
+<h1>{t}Assigned ACLs for current entry{/t}</h1>
+<table>
+<tr>
+ <td>
+ {t}Name{/t}
+ </td>
+ <td>
+{render acl=$cnACL}
+ <input type="text" name='cn' value="{$cn}" style='width:200px;'>
+{/render}
+ </td>
+</tr>
+<tr>
+ <td>
+ {t}Description{/t}
+ </td>
+ <td>
+{render acl=$descriptionACL}
+ <input type="text" name='description' value="{$description}" style='width:200px;'>
+{/render}
+ </td>
+</tr>
+<tr>
+ <td>
+ {t}Base{/t}
+ </td>
+ <td>
+{render acl=$baseACL}
+ <select id="base" size="1" name="base" title="{t}Choose subtree to place group in{/t}">
+ {html_options options=$bases selected=$base_select}
+ </select>
+{/render}
+
+{render acl=$baseACL disable_picture='images/folder_gray.png'}
+ <input type="image" name="chooseBase" src="images/folder.png" class="center" title="{t}Select a base{/t}">
+{/render}
+
+ </td>
+</tr>
+</table>
+{$aclList}
+<input type="submit" name="new_acl" value="{t}New ACL{/t}">
+
+{/if}
+
+{if $dialogState eq 'create'}
+<h1>{t}ACL type{/t} <select size="1" name="aclType" title="{t}Select an acl type{/t}" onChange="document.mainform.submit()">{html_options options=$aclTypes selected=$aclType}<option disabled> </option></select> {if $javascript eq 'false'}<input type="submit" value="{t}Apply{/t}" name="refresh">{/if}</h1>
+
+<p class="seperator"> </p>
+
+
+<h1>{t}List of available ACL categories{/t}</h1>
+{$aclList}
+
+<p class="seperator"> </p>
+<div style='text-align:right;margin-top:5px'>
+ <input type="submit" name="submit_new_acl" value="{t}Apply{/t}">
+
+ <input type="submit" name="cancel_new_acl" value="{t}Cancel{/t}">
+</div>
+{/if}
+
+{if $dialogState eq 'edit'}
+
+<h1>{$headline}</h1>
+
+{$aclSelector}
+
+<p class="seperator"> </p>
+<div style='text-align:right;margin-top:5px'>
+ <input type="submit" name="submit_edit_acl" value="{t}Apply{/t}">
+
+ <input type="submit" name="cancel_edit_acl" value="{t}Cancel{/t}">
+</div>
+{/if}
+<input type='hidden' name='acl_role_posted' value='1'>
index 9e33b9bb057b992b2a682a49ec21ca793727bcca..429cdeab40e40f7555840a97c9e66d771c880673 100644 (file)
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+require_once("tabs_acl_role.inc");
+require_once("tabs_acl.inc");
class aclManagement extends plugin
{
var $acl = "";
var $DivListACL = NULL;
+ var $CopyPasteHandler;
function aclManagement($config, $ui)
{
$this->config = $config;
$this->ui = $ui;
+ /* Copy & Paste enabled ?*/
+ if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&(preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){
+ $this->CopyPasteHandler = new CopyPasteHandler($this->config);
+ }
+
/* Creat dialog object */
$this->DivListACL = new divListACL($this->config,$this);
}
/* Call parent execute */
plugin::execute();
- $_SESSION['LOCK_VARS_TO_USE'] = array("/^list_acl_edit/","/^list_acl_del/","/list_edit_entry/","/^id_/");
+ $_SESSION['LOCK_VARS_TO_USE'] = array("/^list/","/^id_/");
$smarty = get_smarty(); // Smarty instance
$s_action = ""; // Contains the action to be taken
$s_entry= validate($_GET['id']);
}
- $types = array("del"=>"^list_acl_del","edit"=>"^list_acl_edit");
+ /* Edit entry button pressed? */
+ if( isset($_GET['act']) && $_GET['act'] == "list_edit_role" ){
+ $s_action= "edit_role";
+ $s_entry= validate($_GET['id']);
+ }
+
+ $types = array(
+ "del" =>"^list_acl_del",
+ "edit" =>"^list_acl_edit",
+ "del_role" =>"^list_acl_role_del",
+ "edit_role" =>"^list_acl_role_edit",
+ "copy" =>"^copy",
+ "cut" =>"^cut",
+ "editPaste" =>"^editPaste",
+ "addrole" =>"^new_acl_role");
/* Test relevant POST values */
foreach($_POST as $key => $val){
}else{
$s_tab= "generic";
}
+
+
+ /********************
+ Copy & Paste Handling ...
+ ********************/
+
+ /* Only perform copy&paste requests if it is enabled
+ */
+ if($this->CopyPasteHandler){
+ if($str = $this->copyPasteHandling($s_action,$s_entry)){
+ return $str;
+ }
+ }
+ /********************
+ * Add new Role entry
+ ********************/
+
+ if(($s_action == "addrole") && (!isset($this->acltabs->config))){
+
+ /* Get 'dn' from posted acl, must be unique */
+ $this->dn= "new";
+
+ /* Check permissions */
+ if(preg_match("/c/",$this->ui->get_permissions($this->DivListACL->selectedBase,"acl/acl"))){
+
+ /* Register acltabs to trigger edit dialog */
+ $this->acltabs= new aclroletab($this->config, NULL,$this->dn);
+ $this->acltabs->set_acl_base($this->DivListACL->selectedBase);
+ }else{
+ print_red(_("You are not allowed to create a new role."));
+ }
+ }
+
/********************
Edit existing entry
********************/
- if (($s_action=="edit") && (!isset($this->acltabs->config))){
+ if (($s_action=="edit" || $s_action=="edit_role") && (!isset($this->acltabs->config))){
/* Get 'dn' from posted acl, must be unique */
$this->dn= $this->list[trim($s_entry)]['dn'];
/* Check permissions */
- if(preg_match("/r/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){
+ if(preg_match("/r/",$this->ui->get_permissions($this->dn,"acl/acl"))){
/* Check locking, save current plugin in 'back_plugin', so
the dialog knows where to return. */
add_lock ($this->dn, $this->ui->dn);
/* Register acltabs to trigger edit dialog */
- $this->acltabs= new acl($this->config, NULL,$this->dn);
- $this->acltabs-> set_acl_base($this->dn);
- $this->acltabs-> set_acl_category("acl");
-
- /* Switch tab, if it was requested by user */
- $this->acltabs->current = $s_tab;
+ if($s_action=="edit_role"){
+ $this->acltabs= new aclroletab($this->config, NULL,$this->dn);
+ $this->acltabs-> set_acl_base($this->dn);
+ }else{
+ $this->acltabs= new acltab($this->config, NULL,$this->dn);
+ $this->acltabs-> set_acl_base($this->dn);
+ }
/* Set ACL and move DN to the headline */
$_SESSION['objectinfo']= $this->dn;
$this->dn= $this->list[trim($s_entry)]['dn'];
/* Check permissions */
- if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){
+ if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/acl"))){
/* Check locking, save current plugin in 'back_plugin', so
the dialog knows where to return. */
if (($acl= get_lock($this->dn)) != ""){
if (isset($_POST['delete_acl_confirmed'])){
/* Check permissions */
- if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){
+ if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/acl"))){
/* Delete request is permitted, perform LDAP action */
$this->acltabs= new acl($this->config, NULL,$this->dn);
if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->acltabs->config))){
/* Check tabs, will feed message array */
- $this->acltabs->last= $this->acltabs->current;
$this->acltabs->save_object();
$message= $this->acltabs->check();
Display subdialog
********************/
+
/* Show tab dialog if object is present */
if(isset($this->acltabs->config)){
if(isset($this->acltabs)){
/* Skip displaying save/cancel if there is a sub dialog open */
- if (!$this->acltabs->dialog){
+ if (!isset($this->acltabs->dialog) || !$this->acltabs->dialog){
$display.= "<p style=\"text-align:right\">\n";
- $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
+// $display.= "<input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
$display.= " \n";
/* Skip Apply if it is a new entry */
# $display.= " \n";
#}
- $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
+ // $display.= "<input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
$display.= "</p>";
}
}
$Regex = $this->DivListACL -> Regex;
$SubSearch = $this->DivListACL -> SubSearch;
$base = $_SESSION['CurrentMainBase'];
- $Attrs = array("ou","gosaAclEntry","objectClass");
+ $Attrs = array("ou","cn","description","gosaAclEntry","objectClass");
$res = array();
$tmp = array(); // Will contain temporary results
$ldap = $this->config->get_ldap_link();
$Filter = "(&(objectClass=gosaACL)(gosaAclEntry=*)(|(cn=".$Regex.")(ou=".$Regex.")))";
+ $FilterRoles= "(&(objectClass=gosaRole)(|(cn=".$Regex.")(ou=".$Regex.")))";
/* Fetch following structures, this will be used if !$SubSearch */
$fetch_this = array(
/* Get all object in this base */
$Flags = GL_SIZELIMIT | GL_SUBSEARCH;
$fetch_base = $base;
- $tmp = get_list($Filter, "acl", $fetch_base, $Attrs, $Flags);
+ $tmp = get_list($Filter, "acl", $fetch_base, $Attrs, $Flags);
+ $tmp2 = get_list($FilterRoles, "acl", $fetch_base, $Attrs, $Flags);
foreach($tmp as $entry){
$res[] = $entry;
}
+ foreach($tmp2 as $entry){
+ $res[] = $entry;
+ }
}else{
+ $tmp_roles = get_list($FilterRoles, "acl", "ou=aclroles,".$base, $Attrs,GL_SIZELIMIT);
+
+ foreach($tmp_roles as $entry){
+ $res[] = $entry;
+ }
+
/* Walk through all possible bases */
foreach($fetch_this as $type => $data){
}
+ /* Perform copy & paste requests
+ If copy&paste is in progress this returns a dialog to fix required attributes
+ */
+ function copyPasteHandling($s_action,$s_entry)
+ {
+ /* Paste copied/cutted object in here
+ */
+ $ui = get_userinfo();
+ if(($s_action == "editPaste") || ($this->CopyPasteHandler->stillOpen())){
+ $this->CopyPasteHandler->save_object();
+ $this->CopyPasteHandler->SetVar("base",$this->DivListGroup->selectedBase);
+ if($str = $this->CopyPasteHandler->execute()){
+ return( $str);
+ };
+ /* Ensure that the new object is shown in the list now */
+ $this->reload();
+ }
+
+
+ /* Copy current object to CopyHandler
+ */
+ if($s_action == "copy"){
+
+ $dn = $this->list[trim($s_entry)]['dn'];
+ $acl_all = $ui->has_complete_category_acls($this->DivListACL->selectedBase,"acl") ;
+ if(preg_match("/(c.*w|w.*c)/",$acl_all)){
+
+ $this->CopyPasteHandler->Clear();
+ $obj = new acl($this->config, NULL, $dn, TRUE);
+ $obj->set_acl_base($dn);
+ $objNew = new acl($this->config, NULL,"new", TRUE);
+ $objNew->set_acl_base($dn);
+
+ $this->CopyPasteHandler->Copy($obj,$objNew);
+ }else{
+ print_red("You are not allowed to copy this entry.");
+ }
+ }
+
+ /* Copy current object to CopyHandler
+ */
+ if($s_action == "cut"){
+
+ $dn = $this->list[trim($s_entry)]['dn'];
+ $acl_all = $ui->has_complete_category_acls($this->DivListACL->selectedBase,"acl") ;
+ if(preg_match("/(c.*w|w.*c)/",$acl_all)){
+
+ $this->CopyPasteHandler->Clear();
+ $obj= new acl($this->config,NULL, $dn, TRUE);
+ $obj->set_acl_base($dn);
+ $this->CopyPasteHandler->Cut($obj);
+ }else{
+ print_red("You are not allowed to cut this entry.");
+ }
+ }
+ }
+
+
function remove_lock()
{
/* Remove acl lock if a DN is marked as "currently edited" */
return(array());
}
-
- /* Return plugin informations for acl handling */
- function plInfo()
- {
- return (array(
- "plShortName" => _("ACL"),
- "plDescription" => _("ACL")." - ("._("Access control list").")",
- "plSelfModify" => FALSE,
- "plDepends" => array(),
- "plPriority" => 0,
- "plSection" => array("administration"),
- "plCategory" => array("acl" => array("description" => _("ACL")." "._("Access control list"),
- "objectClass" => "gosaACL")),
- "plProvidedAcls"=> array(
- "Dummy" => _("I don't know Jack"))
-
- ));
- }
-
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
diff --git a/plugins/admin/acl/class_acl_role.inc b/plugins/admin/acl/class_acl_role.inc
--- /dev/null
@@ -0,0 +1,947 @@
+<?php
+
+class aclrole extends plugin
+{
+ /* Definitions */
+ var $plHeadline= "Access control list templates";
+ var $plDescription= "This does something";
+
+ /* attribute list for save action */
+ var $attributes= array('gosaAclTemplate',"cn","description");
+ var $objectclasses= array('top','gosaRole');
+
+ /* Helpers */
+ var $dialogState= "head";
+ var $aclType= "";
+ var $aclObject= "";
+ var $aclContents= array();
+ var $target= "group";
+ var $aclTypes= array();
+ var $aclObjects= array();
+ var $recipients= array();
+ var $isContainer= FALSE;
+ var $currentIndex= 0;
+ var $wasNewEntry= FALSE;
+ var $ocMapping= array();
+ var $savedAclContents= array();
+ var $myAclObjects = array();
+
+ /* Role attributes */
+ var $gosaAclTemplate= "";
+ var $cn = "";
+ var $description = "";
+ var $orig_dn;
+ var $base ="";
+
+ function aclrole ($config, $dn= NULL)
+ {
+ /* Include config object */
+ plugin::plugin($config, $dn);
+
+ if($this->dn == "new"){
+ $this->base = $_SESSION['CurrentMainBase'];
+ }else{
+ $this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn);
+ }
+
+ /* Load ACL's */
+ $this->gosaAclTemplate= array();
+ if (isset($this->attrs["gosaAclTemplate"])){
+ for ($i= 0; $i<$this->attrs["gosaAclTemplate"]['count']; $i++){
+ $acl= $this->attrs["gosaAclTemplate"][$i];
+ $this->gosaAclTemplate= array_merge($this->gosaAclTemplate, $this->explodeACL($acl));
+ }
+ }
+ ksort($this->gosaAclTemplate);
+
+ /* Extract available categories from plugin info list */
+ $tmp= get_global('plist');
+ $plist= $tmp->info;
+ $oc = array();
+ foreach ($plist as $class => $acls){
+
+ /* Only feed categories */
+ if (isset($acls['plCategory'])){
+
+ /* Walk through supplied list and feed only translated categories */
+ foreach($acls['plCategory'] as $idx => $data){
+
+ /* Non numeric index means -> base object containing more informations */
+ if (preg_match('/^[0-9]+$/', $idx)){
+ if (!isset($this->ocMapping[$data])){
+ $this->ocMapping[$data]= array();
+ $this->ocMapping[$data][]= '0';
+ }
+ $this->ocMapping[$data][]= $class;
+ } else {
+ if (!isset($this->ocMapping[$idx])){
+ $this->ocMapping[$idx]= array();
+ $this->ocMapping[$idx][]= '0';
+ }
+ $this->ocMapping[$idx][]= $class;
+ $this->aclObjects[$idx]= $data['description'];
+
+ /* Additionally filter the classes we're interested in in "self edit" mode */
+ if (is_array($data['objectClass'])){
+ foreach($data['objectClass'] as $objectClass){
+ if (in_array_ics($objectClass, $oc)){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ break;
+ }
+ }
+ } else {
+ if (in_array_ics($data['objectClass'], $oc)){
+ $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription'];
+ }
+ }
+ }
+
+ }
+ }
+ }
+ $this->aclObjects['all']= '* '._("All categories");
+ $this->ocMapping['all']= array('0' => 'all');
+
+ /* Sort categories */
+ asort($this->aclObjects);
+
+ /* Fill acl types */
+ $this->aclTypes= array( "reset" => _("Reset ACLs"),
+ "one" => _("One level"),
+ "base" => _("Current object"),
+ "sub" => _("Complete subtree"),
+ "psub" => _("Complete subtree (permanent)"));
+ asort($this->aclTypes);
+
+ /* Finally - we want to get saved... */
+ $this->is_account= TRUE;
+ }
+
+
+ function execute()
+ {
+ /* Call parent execute */
+ plugin::execute();
+
+ /* Base select dialog */
+ $once = true;
+ foreach($_POST as $name => $value){
+ if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){
+ $once = false;
+ $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases());
+ $this->dialog->setCurrentBase($this->base);
+ }
+ }
+
+ /* Dialog handling */
+ if(is_object($this->dialog)){
+ /* Must be called before save_object */
+ $this->dialog->save_object();
+
+ if($this->dialog->isClosed()){
+ $this->dialog = false;
+ }elseif($this->dialog->isSelected()){
+
+ /* Check if selected base is valid */
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$this->dialog->isSelected()])){
+ $this->base = $this->dialog->isSelected();
+ }
+ $this->dialog= false;
+ }else{
+ return($this->dialog->execute());
+ }
+ }
+
+ $tmp= get_global('plist');
+ $plist= $tmp->info;
+
+ /* Handle posts */
+ if (isset($_POST['new_acl'])){
+ $this->dialogState= 'create';
+ $this->dialog= TRUE;
+ $this->currentIndex= count($this->gosaAclTemplate);
+ $this->loadAclEntry(TRUE);
+ }
+
+ $new_acl= array();
+ $aclDialog= FALSE;
+ $firstedit= FALSE;
+ foreach($_POST as $name => $post){
+
+ /* Actions... */
+ if (preg_match('/^acl_edit_.*_x/', $name)){
+ $this->dialogState= 'create';
+ $firstedit= TRUE;
+ $this->dialog= TRUE;
+ $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
+ $this->loadAclEntry();
+ continue;
+ }
+ if (preg_match('/^acl_del_.*_x/', $name)){
+ unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+ continue;
+ }
+
+ if (preg_match('/^cat_edit_.*_x/', $name)){
+ $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
+ $this->dialogState= 'edit';
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ if (isset($this->aclContents[$oc])){
+ $this->savedAclContents[$oc]= $this->aclContents[$oc];
+ }
+ }
+ continue;
+ }
+ if (preg_match('/^cat_del_.*_x/', $name)){
+ $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
+ foreach ($this->ocMapping[$idx] as $key){
+ unset($this->aclContents["$idx/$key"]);
+ }
+ continue;
+ }
+
+ /* Sorting... */
+ if (preg_match('/^sortup_.*_x/', $name)){
+ $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
+ if ($index > 0){
+ $tmp= $this->gosaAclTemplate[$index];
+ $this->gosaAclTemplate[$index]= $this->gosaAclTemplate[$index-1];
+ $this->gosaAclTemplate[$index-1]= $tmp;
+ }
+ continue;
+ }
+ if (preg_match('/^sortdown_.*_x/', $name)){
+ $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
+ if ($index < count($this->gosaAclTemplate)-1){
+ $tmp= $this->gosaAclTemplate[$index];
+ $this->gosaAclTemplate[$index]= $this->gosaAclTemplate[$index+1];
+ $this->gosaAclTemplate[$index+1]= $tmp;
+ }
+ continue;
+ }
+
+ /* ACL saving... */
+ if (preg_match('/^acl_.*_[^xy]$/', $name)){
+ $aclDialog= TRUE;
+ list($dummy, $object, $attribute, $value)= split('_', $name);
+
+ /* Skip for detection entry */
+ if ($object == 'dummy') {
+ continue;
+ }
+
+ /* Ordinary ACLs */
+ if (!isset($new_acl[$object])){
+ $new_acl[$object]= array();
+ }
+ if (isset($new_acl[$object][$attribute])){
+ $new_acl[$object][$attribute].= $value;
+ } else {
+ $new_acl[$object][$attribute]= $value;
+ }
+ }
+ }
+
+ /* Only be interested in new acl's, if we're in the right _POST place */
+ if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){
+
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ unset($this->aclContents[$oc]);
+ unset($this->aclContents[$this->aclObject.'/'.$oc]);
+ if (isset($new_acl[$oc])){
+ $this->aclContents[$oc]= $new_acl[$oc];
+ }
+ if (isset($new_acl[$this->aclObject.'/'.$oc])){
+ $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc];
+ }
+ }
+ }
+
+ /* Save new acl in case of base edit mode */
+ if ($this->aclType == 'base' && !$firstedit){
+ $this->aclContents= $new_acl;
+ }
+
+ /* Cancel new acl? */
+ if (isset($_POST['cancel_new_acl'])){
+ $this->dialogState= 'head';
+ $this->dialog= FALSE;
+ if ($this->wasNewEntry){
+ unset ($this->gosaAclTemplate[$this->currentIndex]);
+ }
+ }
+
+ /* Store ACL in main object? */
+ if (isset($_POST['submit_new_acl'])){
+ $this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType;
+ $this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients;
+ $this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents;
+ $this->dialogState= 'head';
+ $this->dialog= FALSE;
+ }
+
+ /* Cancel edit acl? */
+ if (isset($_POST['cancel_edit_acl'])){
+ $this->dialogState= 'create';
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ if (isset($this->savedAclContents[$oc])){
+ $this->aclContents[$oc]= $this->savedAclContents[$oc];
+ }
+ }
+ }
+
+ /* Save edit acl? */
+ if (isset($_POST['submit_edit_acl'])){
+ $this->dialogState= 'create';
+ }
+
+ /* Add acl? */
+ if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){
+ $this->dialogState= 'edit';
+ $this->savedAclContents= array();
+ foreach ($this->ocMapping[$this->aclObject] as $oc){
+ if (isset($this->aclContents[$oc])){
+ $this->savedAclContents[$oc]= $this->aclContents[$oc];
+ }
+ }
+ }
+
+ /* Save common values */
+ foreach (array("aclType", "aclObject", "target") as $key){
+ if (isset($_POST[$key])){
+ $this->$key= validate($_POST[$key]);
+ }
+ }
+
+ /* Create templating instance */
+ $smarty= get_smarty();
+
+ $smarty->assign("bases", $this->get_allowed_bases());
+ $smarty->assign("base_select", $this->base);
+
+ $tmp = $this->plInfo();
+ foreach($tmp['plProvidedAcls'] as $name => $translation){
+ $smarty->assign($name."ACL",$this->getacl($name));
+ }
+
+ if ($this->dialogState == 'head'){
+ /* Draw list */
+ $aclList= new DivSelectBox("aclList");
+ $aclList->SetHeight(350);
+
+ /* Fill in entries */
+ foreach ($this->gosaAclTemplate as $key => $entry){
+ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'");
+ $field2= array("string" => $this->assembleAclSummary($entry));
+ $action= "<input type='image' name='sortup_$key' alt='up' title='"._("Up")."' src='images/sort_up.png' align='top'>";
+ $action.= "<input type='image' name='sortdown_$key' alt='down' title='"._("Down")."' src='images/sort_down.png'>";
+ $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='acl_edit_$key' title='"._("Edit ACL")."'>";
+ $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='acl_del_$key' title='"._("Delete ACL")."'>";
+
+ $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
+ $aclList->AddEntry(array($field1, $field2, $field3));
+ }
+
+ $smarty->assign("aclList", $aclList->DrawList());
+ }
+
+ if ($this->dialogState == 'create'){
+ /* Draw list */
+ $aclList= new DivSelectBox("aclList");
+ $aclList->SetHeight(450);
+
+ /* Add settings for all categories to the (permanent) list */
+ foreach ($this->aclObjects as $section => $dsc){
+ $summary= "";
+ foreach($this->ocMapping[$section] as $oc){
+ if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) &&
+ $this->aclContents[$oc][0] != ""){
+
+ $summary.= "$oc, ";
+ continue;
+ }
+ if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) &&
+ $this->aclContents["$section/$oc"][0] != ""){
+
+ $summary.= "$oc, ";
+ continue;
+ }
+ if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){
+ $summary.= "$oc, ";
+ }
+ }
+
+ /* Set summary... */
+ if ($summary == ""){
+ $summary= '<i>'._("No ACL settings for this category").'</i>';
+ } else {
+ $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary));
+ }
+
+ $field1= array("string" => $dsc, "attach" => "style='width:140px'");
+ $field2= array("string" => $summary);
+ $action= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."' name='cat_edit_$section' title='"._("Edit categories ACLs")."'>";
+ $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."' name='cat_del_$section' title='"._("Clear categories ACLs")."'>";
+ $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'");
+ $aclList->AddEntry(array($field1, $field2, $field3));
+ }
+
+ $smarty->assign("aclList", $aclList->DrawList());
+ $smarty->assign("aclType", $this->aclType);
+ $smarty->assign("aclTypes", $this->aclTypes);
+ $smarty->assign("target", $this->target);
+
+ if ($this->aclType == 'base'){
+ $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects));
+ }
+ }
+
+ if ($this->dialogState == 'edit'){
+ $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType]));
+
+ /* Collect objects for selected category */
+ foreach ($this->ocMapping[$this->aclObject] as $idx => $class){
+ if ($idx == 0){
+ continue;
+ }
+ $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription'];
+ }
+ if ($this->aclObject == 'all'){
+ $aclObjects['all']= _("All objects in current subtree");
+ }
+ $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects));
+ }
+
+ /* Show main page */
+ $smarty->assign("dialogState", $this->dialogState);
+
+ /* Assign cn and decription if this is a role */
+ foreach(array("cn","description") as $name){
+ $smarty->assign($name,$this->$name);
+ }
+ return ($smarty->fetch (get_template_path('acl_role.tpl',dirname(__FILE__))));
+ }
+
+ function sort_by_priority($list)
+ {
+ $tmp= get_global('plist');
+ $plist= $tmp->info;
+ asort($plist);
+ $newSort = array();
+
+ foreach($list as $name => $translation){
+ $na = preg_replace("/^.*\//","",$name);
+ $prio= $plist[$na]['plPriority'] ;
+
+ $newSort[$name] = $prio;
+ }
+
+ asort($newSort);
+
+ $ret = array();
+ foreach($newSort as $name => $prio){
+ $ret[$name] = $list[$name];
+ }
+ return($ret);
+ }
+
+ function buildAclSelector($list)
+ {
+ $display= "<input type='hidden' name='acl_dummy_0_0_0' value='1'>";
+ $cols= 3;
+ $tmp= get_global('plist');
+ $plist= $tmp->info;
+ asort($plist);
+
+ /* Add select all/none buttons */
+ $style = "style='width:100px;'";
+
+ $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
+ $display .= "<input ".$style." type='button' name='toggle_all_move' onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
+ $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
+ $display .= "<input ".$style." type='button' name='toggle_all_read' onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
+ $display .= "<input ".$style." type='button' name='toggle_all_write' onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
+
+ $display .= "<input ".$style." type='button' name='toggle_all_sub_read' onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
+ $display .= "<input ".$style." type='button' name='toggle_all_sub_write' onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
+
+ $display .= "<br>";
+
+ $style = "style='width:50px;'";
+ $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
+ $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
+ $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
+ $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
+ $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
+
+ $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
+ $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
+ $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+
+ /* Build general objects */
+ $list =$this->sort_by_priority($list);
+ foreach ($list as $key => $name){
+
+ /* Create sub acl if it does not exist */
+ if (!isset($this->aclContents[$key])){
+ $this->aclContents[$key]= array();
+ $this->aclContents[$key][0]= '';
+ }
+ $currentAcl= $this->aclContents[$key];
+
+ /* Object header */
+ if($_SESSION['js']) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
+ "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
+ "\n </tr>";
+ } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+ "\n <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
+ "\n <input type='button' onclick='divtoggle(\"".preg_replace("/[^a-z0-9]/i","_",$name)."\");' value='"._("Show/Hide Advanced Settings")."' /></td>".
+ "\n </tr>";
+ } else {
+ $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
+ "\n </tr>";
+ }
+ } else {
+ $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+ "\n <tr>".
+ "\n <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
+ "\n </tr>";
+ }
+
+ /* Generate options */
+ $spc= " ";
+ if ($this->isContainer && $this->aclType != 'base'){
+ $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc;
+ $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc;
+ $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc;
+ if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
+ }
+ } else {
+ $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc;
+ $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc;
+ if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){
+ $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc;
+ }
+ }
+
+ /* Global options */
+ $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $currentAcl[0])).$spc;
+ $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $currentAcl[0]));
+
+ $display.= "\n <tr>".
+ "\n <td style='background-color:#E0E0E0' colspan=".($cols-1).">$options</td>".
+ "\n <td style='background-color:#D4D4D4'> "._("Complete object").": $more_options</td>".
+ "\n </tr>";
+
+ /* Walk through the list of attributes */
+ $cnt= 1;
+ $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls'];
+ asort($splist);
+ if($_SESSION['js']) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+ "\n <td colspan=".$cols.">".
+ "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
+ "\n <table style='width:100%;'>";
+ } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+ $display.= "\n <tr id='tr_".preg_replace("/[^a-z0-9]/i","_",$name)."' style='vertical-align:top;height:0px;'>".
+ "\n <td colspan=".$cols.">".
+ "\n <div id='".preg_replace("/[^a-z0-9]/i","_",$name)."' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
+ "\n <table style='width:100%;'>";
+ }
+ }
+ foreach($splist as $attr => $dsc){
+
+ /* Skip pl* attributes, they are internal... */
+ if (preg_match('/^pl[A-Z]+.*$/', $attr)){
+ continue;
+ }
+
+ /* Open table row */
+ if ($cnt == 1){
+ $display.= "\n <tr>";
+ }
+
+ /* Close table row */
+ if ($cnt == $cols){
+ $cnt= 1;
+ $rb= "";
+ $end= "\n </tr>";
+ } else {
+ $cnt++;
+ $rb= "border-right:1px solid #A0A0A0;";
+ $end= "";
+ }
+
+ /* Collect list of attributes */
+ $state= "";
+ if (isset($currentAcl[$attr])){
+ $state= $currentAcl[$attr];
+ }
+ $display.= "\n <td style='border-top:1px solid #A0A0A0;${rb}width:".(int)(100/$cols)."%'>".
+ "\n <b>$dsc</b> ($attr)<br>".$this->mkrwbx($key."_".$attr, $state)."</td>$end";
+ }
+
+ /* Fill missing td's if needed */
+ if (--$cnt != $cols && $cnt != 0){
+ $display.= str_repeat("\n <td style='border-top:1px solid #A0A0A0; width:".(int)(100/$cols)."%'> </td>", $cols-$cnt);
+ }
+
+ if($_SESSION['js']) {
+ if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT']))) {
+ $display.= "\n </table>".
+ "\n </div>".
+ "\n </td>".
+ "\n </tr>";
+ }
+ }
+
+ $display.= "\n</table><br />\n";
+ }
+
+ return ($display);
+ }
+
+
+ function mkchkbx($name, $text, $state= FALSE)
+ {
+ $state= $state?"checked":"";
+ return "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."' type=checkbox name='acl_$name' $state>".
+ "\n <label for='acl_$name'>$text</label>";
+ }
+
+
+ function mkrwbx($name, $state= "")
+ {
+ $rstate= preg_match('/r/', $state)?'checked':'';
+ $wstate= preg_match('/w/', $state)?'checked':'';
+ return ("\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_r' type=checkbox name='acl_${name}_r' $rstate>".
+ "\n <label for='acl_${name}_r'>"._("read")."</label>".
+ "\n <input id='acl_".preg_replace("/[^a-z0-9]/i","_",$name)."_w' type=checkbox name='acl_${name}_w' $wstate>".
+ "\n <label for='acl_${name}_w'>"._("write")."</label>");
+ }
+
+
+ function explodeACL($acl)
+ {
+ list($index, $type)= split(':', $acl);
+ $a= array( $index => array("type" => $type,
+ "members" => $this->extractMembers($acl)));
+
+ /* Handle different types */
+ switch ($type){
+
+ case 'psub':
+ case 'sub':
+ case 'one':
+ case 'base':
+ $a[$index]['acl']= $this->extractACL($acl);
+ break;
+
+ case 'role':
+ echo "Role";
+ break;
+
+ case 'reset':
+ break;
+
+ default:
+ print_red(sprintf(_("Unkown ACL type '%s'. Don't know how to handle it."), $type));
+ $a= array();
+ }
+
+ return ($a);
+ }
+
+
+ function extractMembers($acl)
+ {
+ global $config;
+ $a= array();
+
+ /* Rip acl off the string, seperate by ',' and place it in an array */
+ $ms= preg_replace('/^[^:]+:[^:]+:([^:]+).*$/', '\1', $acl);
+ if ($ms == $acl){
+ return $a;
+ }
+ $ma= split(',', $ms);
+
+ /* Decode dn's, fill with informations from LDAP */
+ $ldap= $config->get_ldap_link();
+ foreach ($ma as $memberdn){
+ $dn= base64_decode($memberdn);
+ $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+
+ /* Found entry... */
+ if ($ldap->count()){
+ $attrs= $ldap->fetch();
+ if (in_array_ics('gosaAccount', $attrs['objectClass'])){
+ $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+ } else {
+ $a['G:'.$dn]= $attrs['cn'][0];
+ if (isset($attrs['description'][0])){
+ $a['G:'.$dn].= " [".$attrs['description'][0]."]";
+ }
+ }
+
+ /* ... or not */
+ } else {
+ $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
+ }
+ }
+
+ return ($a);
+ }
+
+
+ function extractACL($acl)
+ {
+ /* Rip acl off the string, seperate by ',' and place it in an array */
+ $as= preg_replace('/^[^:]+:[^:]+:[^:]*:(.*)$/', '\1', $acl);
+ $aa= split(',', $as);
+ $a= array();
+
+ /* Dis-assemble single ACLs */
+ foreach($aa as $sacl){
+
+ /* Dis-assemble field ACLs */
+ $ao= split('#', $sacl);
+ $gobject= "";
+ foreach($ao as $idx => $ssacl){
+
+ /* First is department with global acl */
+ $object= preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
+ $gacl= preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
+ if ($idx == 0){
+ /* Create hash for this object */
+ $gobject= $object;
+ $a[$gobject]= array();
+
+ /* Append ACL if set */
+ if ($gacl != ""){
+ $a[$gobject]= array($gacl);
+ }
+ } else {
+
+ /* All other entries get appended... */
+ list($field, $facl)= split(';', $ssacl);
+ $a[$gobject][$field]= $facl;
+ }
+
+ }
+ }
+
+ return ($a);
+ }
+
+
+ function assembleAclSummary($entry)
+ {
+ $summary= "";
+
+ /* Summarize ACL */
+ if (isset($entry['acl'])){
+ $acl= "";
+ foreach ($entry['acl'] as $name => $object){
+ if (count($object)){
+ $acl.= "$name, ";
+ }
+ }
+ $summary.= sprintf(_("Contains settings for these objects: %s"), preg_replace('/, $/', '', $acl));
+ }
+
+ /* Summarize members */
+ if ($summary != ""){
+ $summary.= ", ";
+ }
+ if (count($entry['members'])){
+ $summary.= _("Members:")." ";
+ foreach ($entry['members'] as $cn){
+ $cn= preg_replace('/ \[.*$/', '', $cn);
+ $summary.= $cn.", ";
+ }
+ } else {
+ $summary.= _("ACL is valid for all users");
+ }
+
+ return (preg_replace('/, $/', '', $summary));
+ }
+
+
+ function loadAclEntry($new= FALSE)
+ {
+ /* New entry gets presets... */
+ if ($new){
+ $this->aclType= 'base';
+ $this->recipients= array();
+ $this->aclContents= array();
+ } else {
+ $acl= $this->gosaAclTemplate[$this->currentIndex];
+ $this->aclType= $acl['type'];
+ $this->recipients= $acl['members'];
+ $this->aclContents= $acl['acl'];
+ }
+
+ $this->wasNewEntry= $new;
+ }
+
+
+ function aclPostHandler()
+ {
+ if (isset($_POST['save_acl'])){
+ $this->save();
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+
+ function save()
+ {
+ /* Assemble ACL's */
+ $tmp_acl= array();
+ foreach ($this->gosaAclTemplate as $prio => $entry){
+ $final= "";
+ $members= "";
+ if (isset($entry['members'])){
+ foreach ($entry['members'] as $key => $dummy){
+ $members.= base64_encode(preg_replace('/^.:/', '', $key)).',';
+ }
+ }
+ $final= $prio.":".$entry['type'].":".preg_replace('/,$/', '', $members);
+
+ /* ACL's if needed */
+ if ($entry['type'] != "reset" && $entry['type'] != "role"){
+ $acl= ":";
+ if (isset($entry['acl'])){
+ foreach ($entry['acl'] as $object => $contents){
+
+ /* Only save, if we've some contents in there... */
+ if (count($contents)){
+ $acl.= $object.";";
+
+ foreach($contents as $attr => $permission){
+
+ /* First entry? Its the one for global settings... */
+ if ($attr == '0'){
+ $acl.= $permission;
+ } else {
+ $acl.= '#'.$attr.';'.$permission;
+ }
+
+ }
+ $acl.= ',';
+ }
+
+ }
+ }
+ $final.= preg_replace('/,$/', '', $acl);
+ }
+
+ $tmp_acl[]= $final;
+ }
+
+ /* Call main method */
+ plugin::save();
+
+ /* Finally (re-)assign it... */
+ $this->attrs["gosaAclTemplate"]= $tmp_acl;
+
+ /* Remove acl from this entry if it is empty... */
+ if (!count($tmp_acl)){
+ /* Remove attribute */
+ if ($this->initially_was_account){
+ $this->attrs["gosaAclTempalte"]= array();
+ } else {
+ if (isset($this->attrs["gosaAclTemplate"])){
+ unset($this->attrs["gosaAclTemplate"]);
+ }
+ }
+ }
+
+ /* Do LDAP modifications */
+ $ldap= $this->config->get_ldap_link();
+
+ /* Check if object already exists */
+ $ldap->cat($this->dn);
+ if($ldap->count()){
+ $ldap->cd($this->dn);
+ $this->cleanup();
+ $ldap->modify ($this->attrs);
+ }else{
+ $ldap->cd($this->config->current['BASE']);
+ $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn));
+ $ldap->cd($this->dn);
+ $ldap->add($this->attrs);
+ }
+
+ show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn));
+
+ /* Refresh users ACLs */
+ $ui= get_userinfo();
+ $ui->loadACL();
+ $_SESSION['ui']= $ui;
+ }
+
+
+ function remove_from_parent()
+ {
+ }
+
+ function save_object()
+ {
+ plugin::save_object();
+ if(isset($_POST['acl_role_posted'])){
+
+ /* Get base selection */
+ if(isset($_POST['base'])){
+ $tmp = $this->get_allowed_bases();
+ if(isset($tmp[$_POST['base']])){
+ $this->base = $_POST['base'];
+ }
+ }
+ }
+ }
+
+ /* Return plugin informations for acl handling */
+ function plInfo()
+ {
+ return (array(
+ "plShortName" => _("Role"),
+ "plDescription" => _("ACL roles"),
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("admin"),
+ "plCategory" => array("aclroles" => array("objectClass" => "gosaRole", "description" => _("Acl roles"))),
+
+ "plProvidedAcls" => array(
+ "cn" => _("Name"),
+ "base" => _("Base"),
+ "description" => _("Description"))
+ ));
+ }
+
+}
+
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
index e75b84ce24f2f904b697b02f31d018365f237f0a..c40a02e975e262306da9515797c3ac82c6ff7455 100644 (file)
$this->EnableSaveButton (false);
/* Dynamic action col */
- $this->action_col_size = 45;
+ $this->action_col_size = 110;
/* set Page header */
$this->AddHeader(array("string"=>" ", "attach"=>"style='width:20px;'"));
which are shown in the listbox on top of the listbox
*/
$options= "";
+ $Copy_Paste = "";
/* Get all departments within this subtree */
$base = $this->config->current['BASE'];
}
}
+ /* Allow copy & paste for roles */
+ $acl_all = $ui->has_complete_category_acls($this->selectedBase,"acl");
+ $acl = $ui->get_permissions($this->selectedBase,"acl/acl");
+
+ /* Add default header */
+ $listhead = MultiSelectWindow::get_default_header();
+
/* Get copy & paste icon */
- $acl = $ui->get_permissions($this->selectedBase,"acl/aclManagement");
+ $Copy_Paste ="";
+ if(preg_match("/(c.*w|w.*c)/",$acl_all) && $this->parent->CopyPasteHandler){
+ $Copy_Paste = $this->parent->CopyPasteHandler->generatePasteIcon();
+ $addsep = true;
+ }
+ /* Add snapshot icons */
+ if(preg_match("/(c.*w|w.*c)/",$acl_all)){
+ $listhead .= $this->get_snapshot_header($this->selectedBase);
+ $add_sep = true;
+ }
- /* Add default header */
- $listhead = MultiSelectWindow::get_default_header();
- $listhead .=
+ if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"acl/acl"))){
+ $add_sep = true;
+ $listhead .= "<input class='center' type='image' align='middle' src='images/list_new_acl_role.png'
+ name='new_acl_role' alt='"._("New acl role")."' title='"._("New acl role")."'> ";
+ }
+
+ $listhead .= $Copy_Paste.
_("Base")." <select name='CurrentMainBase' onChange='mainform.submit()' class='center'>$options</select>".
" <input class='center' type='image' src='images/list_submit.png' align='middle'
title='"._("Submit department")."' name='submit_department' alt='". _("Submit")."'> ".
function setEntries($list)
{
- $list_left_icon = "<img src='images/select_acl.png' alt='"._("Acl")."'>";
- $editlink = "<a href='?plug=".$_GET['plug']."&id=%s&act=list_edit_entry'>%s</a>";
foreach($list as $key => $acl_entry){
/* Get copy & paste icon */
- $acl = $this->ui->get_permissions($acl_entry['dn'],"acl/aclManagement");
+ $acl = $this->ui->get_permissions($acl_entry['dn'],"acl/acl");
+ $acl_all = $this->ui->has_complete_category_acls($acl_entry['dn'],"acl");
+ $action = "";
- $action = "";
+ if(in_array("gosaRole",$acl_entry['objectClass'])){
- /* Add actions depending on acls */
- if(preg_match("/r/", $acl)){
- $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."'
- name='list_acl_edit_%KEY%' title='"._("Edit system")."'>";
- }
- if(preg_match("/d/", $acl)){
- $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."'
- name='list_acl_del_%KEY%' title='"._("Delete system")."'>";
+ /* Role handling */
+ $editlink = "<a href='?plug=".$_GET['plug']."&id=%s&act=list_edit_role'>%s</a>";
+ $list_left_icon = "<img src='images/select_acl_role.png' alt='"._("Role")."'>";
+ $cn = htmlentities(utf8_decode($acl_entry['cn'][0])) ;
+
+ if(isset($acl_entry['description'][0])){
+ $cn .= " [".$acl_entry['description'][0]."]";
+ }
+
+ /* Add copy & paste handler */
+ if(($this->parent->CopyPasteHandler) && preg_match("/(c.*w|w.*c)/",$acl_all)){
+ $action.= "<input class='center' type='image'
+ src='images/editcut.png' alt='"._("cut")."' name='cut_%KEY%' title='"._("Cut this entry")."'> ";
+ $action.= "<input class='center' type='image'
+ src='images/editcopy.png' alt='"._("copy")."' name='copy_%KEY%' title='"._("Copy this entry")."'> ";
+ }
+
+ /* Add actions depending on acls */
+ if(preg_match("/r/", $acl)){
+ $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."'
+ name='list_acl_role_edit_%KEY%' title='"._("Edit acl role")."'>";
+ }
+
+ /* Add snapshot functionality */
+ if(preg_match("/(c.*w|w.*c)/", $acl_all)){
+ $action.= $this->GetSnapShotActions($acl_entry['dn']);
+ }
+
+ if(preg_match("/d/", $acl)){
+ $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."'
+ name='list_acl_role_del_%KEY%' title='"._("Delete acl role")."'>";
+ }
+ }else{
+
+ /* Acl handling */
+ $editlink = "<a href='?plug=".$_GET['plug']."&id=%s&act=list_edit_entry'>%s</a>";
+ $list_left_icon = "<img src='images/select_acl.png' alt='"._("Acl")."'>";
+ $cn = htmlentities(utf8_decode($acl_entry['dn']));
+
+ /* Add actions depending on acls */
+ if(preg_match("/r/", $acl)){
+ $action.= "<input class='center' type='image' src='images/edit.png' alt='"._("edit")."'
+ name='list_acl_edit_%KEY%' title='"._("Edit acl")."'>";
+ }
+ if(preg_match("/d/", $acl)){
+ $action.= "<input class='center' type='image' src='images/edittrash.png' alt='"._("delete")."'
+ name='list_acl_del_%KEY%' title='"._("Delete acl")."'>";
+ }
}
$field1 = array("string" => $list_left_icon, "attach"=> "style='text-align:center;width:20px;'");
- $field2 = array("string" => sprintf($editlink,$key,htmlentities(utf8_decode($acl_entry['dn'])))." ","attach" => "");
- $field3 = array("string" => preg_replace("/%KEY%/",$key,$action), "attach"=> "style='text-align:center;width:".$this->action_col_size."px;border-right:0px;'");
+ $field2 = array("string" => sprintf($editlink,$key,$cn)." ","attach" => "");
+ $field3 = array("string" => preg_replace("/%KEY%/",$key,$action), "attach"=> "style='text-align:right;width:".$this->action_col_size."px;border-right:0px;'");
$this->AddElement(array($field1,$field2,$field3));
}
}
return(array("gosaAccount","gosaDepartment"));
}
+
+ /* Return plugin informations for acl handling */
+ function plInfo()
+ {
+ return (array(
+ "plShortName" => _("ACL")." & "._("ACL roles"),
+ "plDescription" => _("ACL")." & "._("ACL roles")." - ("._("Access control list").")",
+ "plSelfModify" => FALSE,
+ "plDepends" => array(),
+ "plPriority" => 0,
+ "plSection" => array("administration"),
+ "plCategory" => array("acl" => array("description" => _("ACL")." & "._("ACL roles"),
+ "objectClass" => array("gosaAcl","gosaRole"))),
+ "plProvidedAcls"=> array(
+ "cn" => _("Role name"),
+ "description" => _("Role description"))
+
+ ));
+ }
+
+
+
}
// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
?>
diff --git a/plugins/admin/acl/tabs_acl.inc b/plugins/admin/acl/tabs_acl.inc
--- /dev/null
@@ -0,0 +1,70 @@
+<?php
+
+class acltab extends tabs
+{
+
+ function acltab($config, $data, $dn)
+ {
+ $data = array(array("CLASS" => "acl" , "NAME" => _("Acl")));
+
+ /* Save dn */
+ $this->dn= $dn;
+ $this->config= $config;
+
+ $baseobject= NULL;
+
+ foreach ($data as $tab){
+ $this->by_name[$tab['CLASS']]= $tab['NAME'];
+
+
+ if ($baseobject == NULL){
+ if($tab['CLASS'] == "acl"){
+ $baseobject= new $tab['CLASS']($this->config, $this, $this->dn);
+ }else{
+ $baseobject= new $tab['CLASS']($this->config,$this->dn);
+ }
+ $this->by_object[$tab['CLASS']]= $baseobject;
+ } else {
+ if($tab['CLASS'] == "acl"){
+ $this->by_object[$tab['CLASS']]= new $tab['CLASS']($this->config,$this,$this->dn, $baseobject);
+ }else{
+ $this->by_object[$tab['CLASS']]= new $tab['CLASS']($this->config, $this->dn, $baseobject);
+ }
+ }
+
+ $this->by_object[$tab['CLASS']]->parent= &$this;
+ $this->by_object[$tab['CLASS']]->set_acl_category("acl");
+
+ /* Initialize current */
+ if ($this->current == ""){
+ $this->current= $tab['CLASS'];
+ }
+ }
+ }
+
+ function save()
+ {
+ $ret= tabs::save();
+ return $ret;
+ }
+
+ function save_object()
+ {
+ tabs::save_object();
+ }
+
+ function execute()
+ {
+ $display= tabs::execute();
+ if(!$this->by_object['acl']->dialog){
+ $display.= "<p style=\"text-align:right\">\n";
+ $display.= " <input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
+ $display.= " \n";
+ $display.= " <input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
+ $display.= "</p>";
+ }
+ return($display);
+ }
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/plugins/admin/acl/tabs_acl_role.inc b/plugins/admin/acl/tabs_acl_role.inc
--- /dev/null
@@ -0,0 +1,61 @@
+<?php
+
+class aclroletab extends tabs
+{
+
+ function aclroletab($config, $data, $dn)
+ {
+ $data = array(array("CLASS" => "aclrole" , "NAME" => _("ACL Templates")));
+ tabs::tabs($config, $data, $dn,"acl");
+ }
+
+ function save()
+ {
+ $baseobject= $this->by_object['aclrole'];
+
+ /* Check for new 'dn', in order to propagate the
+ 'dn' to all plugins */
+ $new_dn= 'cn='.$baseobject->cn.",ou=aclroles,".$baseobject->base;
+
+ if ($this->dn != $new_dn){
+
+ /* Write entry on new 'dn' */
+ if ($this->dn != "new"){
+ $baseobject->move($this->dn, $new_dn);
+ $this->by_object['aclrole']= $baseobject;
+ }
+
+ /* Happen to use the new one */
+ $this->dn= $new_dn;
+ }
+
+ $ret= tabs::save();
+
+ /* Fix tagging if needed */
+ $baseobject->dn= $new_dn;
+ $baseobject->handle_object_tagging();
+
+ return $ret;
+ }
+
+ function save_object()
+ {
+ tabs::save_object();
+ }
+
+ function execute()
+ {
+ $display= tabs::execute();
+ if(!$this->by_object['aclrole']->dialog){
+ $display.= "<p style=\"text-align:right\">\n";
+ $display.= " <input type=submit name=\"edit_finish\" style=\"width:80px\" value=\""._("Ok")."\">\n";
+ $display.= " \n";
+ $display.= " <input type=submit name=\"edit_cancel\" value=\""._("Cancel")."\">\n";
+ $display.= "</p>";
+ }
+ return($display);
+ }
+
+}
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
+?>
diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index c0fb36eb343b6ba14af8e60f9713f40713cf4b0a..8858285e8947b7618882d8f19a783f514c52f905 100644 (file)
/* Check if selected base is valid */
$tmp = $this->get_allowed_bases();
- if(isset($tmp[$_POST['base']])){
+ if(isset($tmp[$this->dialog->isSelected()])){
$this->base = $this->dialog->isSelected();
}
$this->dialog= false;
index 4cf7a73fd1019816eb706b00655e07be8fd33223..0dd27c42b2c63ed9f1f6da682486f3d455e879f2 100644 (file)
$this->perms["p"]= _("external post");
$this->perms["lrsip"]= _("append");
$this->perms["lrswipcd"]= _("write");
+ $this->perms[""]= _("none");
}
function execute()