From: cajus Date: Fri, 8 Dec 2006 12:40:03 +0000 (+0000) Subject: Added ACL's for ACL's. Currently this was done via "All". Now it is done by a special ACL X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=1191672fd4acb0ded7d31a3fdd2a3b582efb86c1;p=gosa.git Added ACL's for ACL's. Currently this was done via "All". Now it is done by a special ACL git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@5350 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/include/class_tabs.inc b/include/class_tabs.inc index a8ffef5b0..15c5fa0fe 100644 --- a/include/class_tabs.inc +++ b/include/class_tabs.inc @@ -170,44 +170,44 @@ class tabs function set_acl($acl) { - /* Set local acl */ - $this->acl= $acl; + /* Set local acl */ + $this->acl= $acl; - /* Setup for all plugins */ - foreach ($this->by_object as $key => $obj){ - $sacl= get_module_permission($acl, "$key", $this->dn); - $obj->acl= $sacl; - $this->by_object[$key]= $obj; - } + /* Setup for all plugins */ + foreach ($this->by_object as $key => $obj){ + $sacl= get_module_permission($acl, "$key", $this->dn); + $obj->acl= $sacl; + $this->by_object[$key]= $obj; + } } function delete() { - /* Check if all plugins will ACK for deletion */ - foreach (array_reverse($this->by_object) as $key => $obj){ - $reason= $obj->allow_remove(); - if ($reason != ""){ - print_red(sprintf(_("Delete process has been canceled by plugin '%s': %s"), $key, $reason)); - return; - } - } + /* Check if all plugins will ACK for deletion */ + foreach (array_reverse($this->by_object) as $key => $obj){ + $reason= $obj->allow_remove(); + if ($reason != ""){ + print_red(sprintf(_("Delete process has been canceled by plugin '%s': %s"), $key, $reason)); + return; + } + } - /* Delete for all plugins */ - foreach (array_reverse($this->by_object) as $key => $obj){ - $obj->remove_from_parent(); - } + /* Delete for all plugins */ + foreach (array_reverse($this->by_object) as $key => $obj){ + $obj->remove_from_parent(); + } } function password_change_needed() { - /* Ask all plugins for needed password changes */ - foreach ($this->by_object as $key => $obj){ - if ($obj->password_change_needed()){ - return TRUE; - } - } + /* Ask all plugins for needed password changes */ + foreach ($this->by_object as $key => $obj){ + if ($obj->password_change_needed()){ + return TRUE; + } + } - return FALSE; + return FALSE; } function check($ignore_account= FALSE) diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index 77003f9e7..99e728610 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -84,6 +84,7 @@ class userinfo $this->subtreeACL[$base][]= $attrs["gosaSubtreeACL"][$i]; } } + } } diff --git a/plugins/admin/groups/acl_definition.inc b/plugins/admin/groups/acl_definition.inc index 678ef0b7f..5d52314be 100644 --- a/plugins/admin/groups/acl_definition.inc +++ b/plugins/admin/groups/acl_definition.inc @@ -62,6 +62,7 @@ $ACLD['group']= array("cn", "gidNumber"); $ACLD['appgroup']= array(); $ACLD['all']= array(); +$ACLD['acl']= array('acl'); $ACLD['mailgroup']= array("default_permission", "imap_perms", "member_permissions", diff --git a/plugins/admin/groups/class_groupAcl.inc b/plugins/admin/groups/class_groupAcl.inc index 25799507b..3507d91fa 100644 --- a/plugins/admin/groups/class_groupAcl.inc +++ b/plugins/admin/groups/class_groupAcl.inc @@ -19,6 +19,7 @@ class acl extends plugin var $object= ""; var $current_acl= ""; var $selfflag= FALSE; + var $tacl= ""; var $gosaSubtreeACL; @@ -52,6 +53,12 @@ class acl extends plugin function execute() { + if (chkacl($this->acl, 'acl') != ""){ + $display= ""._("You have no permissions to view and edit ACLs.").""; + + return ($display); + } + /* Call parent execute */ plugin::execute(); @@ -83,7 +90,7 @@ class acl extends plugin $display= $smarty->fetch (get_template_path('acl.tpl', TRUE)); /* Show acl stuff */ - $this->acl= get_module_permission (array($this->current_acl), $this->object, ""); + $this->tacl= get_module_permission (array($this->current_acl), $this->object, ""); $display.= $this->print_attributes ($this->objects[$this->object]); return ($display); } @@ -106,65 +113,68 @@ class acl extends plugin /* Save data to object */ function save_object() { - plugin::save_object(); + if (chkacl($this->acl, 'acl') == ""){ + plugin::save_object(); - if (!isset($_POST['object'])){ - return; - } + if (!isset($_POST['object'])){ + return; + } - /* Strip of old information */ - if ($this->object == "all"){ - $this->current_acl= preg_replace ( "/[,]?all[,]?/", "", $this->current_acl); - } - $this->current_acl= preg_replace ( "/(^|[^a-z0-9A-Z])$this->object#[^,]*[,]?/", ",", $this->current_acl); + /* Strip of old information */ + if ($this->object == "all"){ + $this->current_acl= preg_replace ( "/[,]?all[,]?/", "", $this->current_acl); + } + $this->current_acl= preg_replace ( "/(^|[^a-z0-9A-Z])$this->object#[^,]*[,]?/", ",", $this->current_acl); - /* assemble new attributes */ - $attrs= ""; - if (isset($_POST['all'])){ - $attrs.= "#all"; - } - if ($this->object != "all" && !isset($_POST['all']) && $this->object != ""){ - foreach ($this->objects[$this->object] as $key => $val){ - if (is_integer($key)){ - $aname= $val; - } else { - $aname= $key; - } - if (isset($_POST[$aname])){ - $attrs.= "#$aname"; + /* assemble new attributes */ + $attrs= ""; + if (isset($_POST['all'])){ + $attrs.= "#all"; + } + if ($this->object != "all" && !isset($_POST['all']) && $this->object != ""){ + foreach ($this->objects[$this->object] as $key => $val){ + if (is_integer($key)){ + $aname= $val; + } else { + $aname= $key; + } + if (isset($_POST[$aname])){ + $attrs.= "#$aname"; + } } } - } - /* append information */ - if ($attrs != ""){ - $tmp= $this->object; - $attrs= $tmp.$attrs; - } - if ($this->current_acl != "" && $attrs != ""){ - $this->current_acl.= ","; - } - $this->current_acl.= $attrs; - if (preg_match("/all#all/", $this->current_acl)){ - $this->current_acl= "all"; - } - if (preg_match("/^all,/", $this->current_acl)){ - $this->current_acl= "all"; - } + /* append information */ + if ($attrs != ""){ + $tmp= $this->object; + $attrs= $tmp.$attrs; + } + if ($this->current_acl != "" && $attrs != ""){ + $this->current_acl.= ","; + } + $this->current_acl.= $attrs; + if (preg_match("/all#all/", $this->current_acl)){ + $this->current_acl= "all"; + } + if (preg_match("/^all,/", $this->current_acl)){ + $this->current_acl= "all"; + } - /* Save current object selection */ - if (isset($_POST['object'])){ - $this->object= $_POST['object']; - } - if (isset($_POST['selfflag'])){ - $this->selfflag= TRUE; - } else { - $this->selfflag= FALSE; - } + /* Save current object selection */ + if (isset($_POST['object'])){ + $this->object= $_POST['object']; + } + if (isset($_POST['selfflag'])){ + $this->selfflag= TRUE; + } else { + $this->selfflag= FALSE; + } - /* Remove double colons, strip trailing colon... */ - $this->current_acl= preg_replace("/,,/", ",", $this->current_acl); - $this->current_acl= preg_replace("/,$/", "", $this->current_acl); + /* Remove double colons, strip trailing colon... */ + $this->current_acl= preg_replace("/,,/", ",", $this->current_acl); + $this->current_acl= preg_replace("/,$/", "", $this->current_acl); + $this->current_acl= preg_replace("/^,/", "", $this->current_acl); + } } @@ -206,7 +216,7 @@ class acl extends plugin function print_attributes ($name) { $display= "acl, "all") == ""){ + if (chkacl ($this->tacl, "all") == ""){ $display.= " checked"; } $display.= ">"._("All fields are writeable")."
"; @@ -224,13 +234,13 @@ class acl extends plugin if (is_integer($key)){ $display.= "acl, "$val") == ""){ + if (chkacl ($this->tacl, "$val") == ""){ $display.= "checked"; } $display.= ">$val"; } else { $display.= "acl, "$key") == ""){ + if (chkacl ($this->tacl, "$key") == ""){ $display.= "checked"; } $display.= ">"._($val)."";