From: cajus Date: Mon, 24 Jul 2006 18:30:04 +0000 (+0000) Subject: Modificiations for new ACL handling X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=1b02cf87a484fc096961998a8a6ebd6fac5f59da;p=gosa.git Modificiations for new ACL handling git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4277 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/include/class_acl.inc b/include/class_acl.inc index 7ea80a744..8870d1a2c 100644 --- a/include/class_acl.inc +++ b/include/class_acl.inc @@ -809,6 +809,11 @@ class acl extends plugin $ldap->modify ($this->attrs); show_ldap_error($ldap->get_error(), sprintf(_("Saving ACLs with dn '%s' failed."),$this->dn)); + + /* Refresh users ACLs */ + $ui= get_userinfo(); + $ui->loadACL(); + $_SESSION['ui']= $ui; } diff --git a/include/class_plugin.inc b/include/class_plugin.inc index a4182cfd8..a83cb1cea 100644 --- a/include/class_plugin.inc +++ b/include/class_plugin.inc @@ -105,9 +105,11 @@ class plugin /* attribute list for save action */ var $attributes= array(); var $objectclasses= array(); - var $new= TRUE; + var $is_new= TRUE; var $saved_attributes= array(); + var $acl_base= ""; + /* Plugin identifier */ var $plHeadline= ""; var $plDescription= ""; @@ -130,6 +132,9 @@ class plugin return; } + /* Save current dn as acl_base */ + $this->acl_base= $dn; + /* Get LDAP descriptor */ $ldap= $this->config->get_ldap_link(); if ($dn != NULL){ @@ -212,7 +217,7 @@ class plugin */ function execute() { - # This one is empty currently. Fabian - please fill in the docu code + /* This one is empty currently. Fabian - please fill in the docu code */ $_SESSION['current_class_for_help'] = get_class($this); /* Reset Lock message POST/GET check array, to prevent perg_match errors*/ $_SESSION['LOCK_VARS_TO_USE'] =array(); @@ -313,10 +318,10 @@ class plugin if (isset($tmp['objectClass'])){ $oc= $tmp["objectClass"]; - $this->new= FALSE; + $this->is_new= FALSE; } else { $oc= array("count" => 0); - $this->new= TRUE; + $this->is_new= TRUE; } /* Load (minimum) attributes, add missing ones */ @@ -331,7 +336,7 @@ class plugin foreach ($this->attributes as $val){ if ($this->$val != ""){ $this->attrs["$val"]= $this->$val; - } elseif (!$this->new) { + } elseif (!$this->is_new) { $this->attrs["$val"]= array(); } } @@ -1399,46 +1404,59 @@ echo "FIXME: remove_snapshot uses old acl's
"; } + function set_acl_base($base) + { + $this->acl_base= $base; + } + + function acl_is_writeable($attribute,$skip_write = FALSE) { $ui= get_userinfo(); - return preg_match('/w/', $ui->get_permissions($this->dn, get_class($this), $attribute,$skip_write)); + return preg_match('/w/', $ui->get_permissions($this->acl_base, get_class($this), $attribute,$skip_write)); } function acl_is_readable($attribute) { $ui= get_userinfo(); - return preg_match('/r/', $ui->get_permissions($this->dn, get_class($this), $attribute)); + return preg_match('/r/', $ui->get_permissions($this->acl_base, get_class($this), $attribute)); } function acl_is_createable() { $ui= get_userinfo(); - return preg_match('/c/', $ui->get_permissions($this->dn, get_class($this), '0')); + return preg_match('/c/', $ui->get_permissions($this->acl_base, get_class($this), '0')); } function acl_is_removeable() { $ui= get_userinfo(); - return preg_match('/d/', $ui->get_permissions($this->dn, get_class($this), '0')); + return preg_match('/d/', $ui->get_permissions($this->acl_base, get_class($this), '0')); } function acl_is_moveable() { $ui= get_userinfo(); - return preg_match('/m/', $ui->get_permissions($this->dn, get_class($this), '0')); + return preg_match('/m/', $ui->get_permissions($this->acl_base, get_class($this), '0')); + } + + + function acl_have_any_permissions() + { } function getacl($attribute,$skip_write= FALSE) { $ui= get_userinfo(); - return $ui->get_permissions($this->dn, get_class($this), $attribute,$skip_write); + return $ui->get_permissions($this->acl_base, get_class($this), $attribute,$skip_write); } + + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> diff --git a/include/class_tabs.inc b/include/class_tabs.inc index fc1af5227..72068da00 100644 --- a/include/class_tabs.inc +++ b/include/class_tabs.inc @@ -24,6 +24,7 @@ class tabs var $config; var $acl; var $is_template; + var $is_new= FALSE; var $last= ""; var $current= ""; @@ -300,6 +301,23 @@ class tabs } + function set_acl_base($base= "") + { + /* Update reference, transfer variables */ + $first= ($base == ""); + foreach ($this->by_object as $name => $obj){ + if ($first){ + $first= FALSE; +echo "Setting base to ".$obj->acl_base."
"; + $base= $obj->acl_base; + } else { +echo "Transfering $base to $name
"; + $obj->set_acl_base($base); + $this->by_object[$name]= $obj; + } + } + } + } ?> diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index 6c5fa1430..737bde73f 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -114,7 +114,7 @@ class userinfo $aclc[$attrs['dn']]= array(); $ol= array(); for($i= 0; $i<$attrs['gosaAclEntry']['count']; $i++){ - $ol= array_merge($ol, acl::explodeAcl($attrs['gosaAclEntry'][$i])); + $ol= array_merge($ol, @acl::explodeAcl($attrs['gosaAclEntry'][$i])); } $aclc[$attrs['dn']]= $ol; } diff --git a/plugins/admin/acl/class_aclManagement.inc b/plugins/admin/acl/class_aclManagement.inc index 4b85ff9bf..a7c7215dd 100644 --- a/plugins/admin/acl/class_aclManagement.inc +++ b/plugins/admin/acl/class_aclManagement.inc @@ -356,7 +356,11 @@ class aclManagement extends plugin not needed in this class. */ function remove_from_parent() { } function check() { } - function save() { } + + function save() { + echo "SAVE ACL"; + } + function adapt_from_template($dn) { } function password_change_needed() { } diff --git a/plugins/admin/users/class_userManagement.inc b/plugins/admin/users/class_userManagement.inc index 361586706..e8540af7f 100644 --- a/plugins/admin/users/class_userManagement.inc +++ b/plugins/admin/users/class_userManagement.inc @@ -141,7 +141,7 @@ class userManagement extends plugin $this->usertab->current = $s_tab; /* Set ACL and move DN to the headline */ - $this->usertab->set_acl($acl); +# $this->usertab->set_acl_base(); $_SESSION['objectinfo']= $this->dn; } @@ -470,6 +470,7 @@ class userManagement extends plugin /* By default we set 'dn' to 'new', all relevant plugins will react on this. */ $this->dn= "new"; + if (isset($this->config->current['IDGEN'])){ $this->got_uid= false; } else { @@ -478,8 +479,8 @@ class userManagement extends plugin /* Create new usertab object */ $this->usertab= new usertabs($this->config,$this->config->data['TABS']['USERTABS'], $this->dn); - $this->usertab->set_acl(array(':all')); $this->usertab->by_object['user']->base= $this->DivListUsers->selectedBase; + $this->usertab->set_acl_base('dummy,'.$this->DivListUsers->selectedBase); /* Take care about templates */ if ($s_action=="new_tpl"){ @@ -800,8 +801,8 @@ class userManagement extends plugin $acl= get_permissions ($dn, $this->ui->subtreeACL); $obj = new usertabs($this->config, $this->config->data['TABS']['USERTABS'], $dn); $objNew = new usertabs($this->config, $this->config->data['TABS']['USERTABS'], "new"); - $obj-> set_acl($acl); - $objNew-> set_acl($acl); + $obj->set_acl($acl); + $objNew->set_acl($acl); $this->CopyPasteHandler->Copy($obj,$objNew); } diff --git a/plugins/admin/users/tabs_user.inc b/plugins/admin/users/tabs_user.inc index c5bcba3d7..4e97558f5 100644 --- a/plugins/admin/users/tabs_user.inc +++ b/plugins/admin/users/tabs_user.inc @@ -11,6 +11,7 @@ class usertabs extends tabs /* Add references/acls/snapshots */ $this->addSpecialTabs(); + $this->set_acl_base(); } function save_object($save_current= FALSE) @@ -69,6 +70,9 @@ class usertabs extends tabs $number= key($this->by_object['phoneAccount']->phoneNumbers); $this->by_object['user']->telephoneNumber= $number; } + + /* Possibly change acl base */ + $this->set_acl_base(); } function save() diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc index 1800a0722..a5f18a3e5 100644 --- a/plugins/personal/generic/class_user.inc +++ b/plugins/personal/generic/class_user.inc @@ -624,6 +624,7 @@ class user extends plugin } } } + $this->set_acl_base('dummy,'.$this->base); } } @@ -689,7 +690,7 @@ class user extends plugin foreach ($this->govattrs as $val){ if ($this->$val != ""){ $this->attrs["$val"]= $this->$val; - } elseif (!$this->new) { + } elseif (!$this->is_new) { $this->attrs["$val"]= array(); } } @@ -697,7 +698,7 @@ class user extends plugin /* Remove attribute if set to "nein" */ if ($this->publicVisible == "nein"){ $this->attrs['publicVisible']= array(); - if($this->new){ + if($this->is_new){ unset($this->attrs['publicVisible']); }else{ $this->attrs['publicVisible']=array(); @@ -717,21 +718,21 @@ class user extends plugin /* Special handling for dateOfBirth value */ if ($this->use_dob != "1"){ - if ($this->new) { + if ($this->is_new) { unset($this->attrs["dateOfBirth"]); } else { $this->attrs["dateOfBirth"]= array(); } } if (!$this->gender){ - if ($this->new) { + if ($this->is_new) { unset($this->attrs["gender"]); } else { $this->attrs["gender"]= array(); } } if (!$this->preferredLanguage){ - if ($this->new) { + if ($this->is_new) { unset($this->attrs["preferredLanguage"]); } else { $this->attrs["preferredLanguage"]= array(); @@ -802,7 +803,7 @@ class user extends plugin $this->attrs["jpegPhoto"] = $output; } - } elseif(!$this->new) { + } elseif(!$this->is_new) { $this->attrs["jpegPhoto"] = array(); } @@ -856,7 +857,7 @@ class user extends plugin /* Remove cert? For some reason, the 'ldap' class doesn't want to remove binary entries, so I need to work around myself. */ - if ($remove_userCertificate == true && !$this->new && $this->had_userCertificate){ + if ($remove_userCertificate == true && !$this->is_new && $this->had_userCertificate){ /* Reset array, assemble new, this should be reworked */ $this->attrs= array(); @@ -973,7 +974,7 @@ class user extends plugin } /* must: sn, givenName, uid */ - if ($this->sn == "" && ($this->acl_is_writeable("sn",(!is_object($this->parent) && !isset($_SESSION['edit'])) || ($this->new)))){ + if ($this->sn == "" && ($this->acl_is_writeable("sn",(!is_object($this->parent) && !isset($_SESSION['edit'])) || ($this->is_new)))){ $message[]= _("The required field 'Name' is not set."); } diff --git a/plugins/personal/generic/generic.tpl b/plugins/personal/generic/generic.tpl index d27930c6b..1dbec3ea9 100644 --- a/plugins/personal/generic/generic.tpl +++ b/plugins/personal/generic/generic.tpl @@ -145,7 +145,7 @@
{render acl=$baseACL} - {html_options options=$bases selected=$base_select} {/render}