From: cajus Date: Thu, 30 Nov 2006 11:26:06 +0000 (+0000) Subject: Fixed ACL problem with non ALL ACL's X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=5183b17c15e97d2351f10c921ef6796bcd2f11ae;p=gosa.git Fixed ACL problem with non ALL ACL's git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@5270 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/Changelog b/Changelog index 3b0aaff43..f80b743dd 100644 --- a/Changelog +++ b/Changelog @@ -6,6 +6,8 @@ GOsa2 changelog - Added function to remove PPD's from disc - Removed old cups dependencies - Fixed saving of terminals printer service attribute + - Fixed a ACL naming bug, that avoids that an admin with non "all" ACLs + can edit specified objects. * gosa 2.5.6 - Copy & paste implemented into FAI diff --git a/plugins/admin/groups/acl_definition.inc b/plugins/admin/groups/acl_definition.inc index 608415c57..660456aec 100644 --- a/plugins/admin/groups/acl_definition.inc +++ b/plugins/admin/groups/acl_definition.inc @@ -143,7 +143,7 @@ $ACLD['user']= array("academicTitle", "telephoneNumber", "uid", "vocation"); -$ACLD['mail']= array( +$ACLD['mailAccount']= array( "custom_sieve", "gosaMailAlternateAddress", # "gosaMailDeliveryMode", @@ -157,7 +157,7 @@ $ACLD['mail']= array( "drop_own_mails", "mail", "only_local"); -$ACLD['posix']= array("allowedHosts", +$ACLD['posixAccount']= array("allowedHosts", "force_ids", "gidNumber", "gosaDefaultLanguage", @@ -176,7 +176,7 @@ $ACLD['posix']= array("allowedHosts", "shadowMin", "shadowWarning", "uidNumber"); -$ACLD['samba']= +$ACLD['sambaAccount']= array("acctFlags" => "samba2:acctFlags", "allow_pwchange" => "samba2:allow_pwchange", "homeDrive" => "samba2:homeDrive", diff --git a/plugins/personal/mail/main.inc b/plugins/personal/mail/main.inc index 160ce5841..79075eee2 100644 --- a/plugins/personal/mail/main.inc +++ b/plugins/personal/mail/main.inc @@ -57,10 +57,10 @@ if (!$remove_lock){ /* Adjust acl's to mode */ if (isset($_SESSION['edit'])){ $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $mailAccount->acl= get_module_permission($acl, "mail", $ui->dn); + $mailAccount->acl= get_module_permission($acl, "mailAccount", $ui->dn); } else { $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $editacl= get_module_permission($acl, "mail", $ui->dn); + $editacl= get_module_permission($acl, "mailAccount", $ui->dn); $mailAccount->acl= "#none#"; } @@ -75,7 +75,7 @@ if (!$remove_lock){ $mailAccount->save (); gosa_log ("User/mail object'".$ui->dn."' has been saved"); $mailAccount->acl= "#none#"; - $editacl= get_module_permission($acl, "mail", $ui->dn); + $editacl= get_module_permission($acl, "mailAccount", $ui->dn); del_lock ($ui->dn); sess_del ('edit'); diff --git a/plugins/personal/posix/main.inc b/plugins/personal/posix/main.inc index 4ce234561..af7230205 100644 --- a/plugins/personal/posix/main.inc +++ b/plugins/personal/posix/main.inc @@ -62,10 +62,10 @@ if (!$remove_lock){ /* Adjust acl's to mode */ if (isset($_SESSION['edit'])){ $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $posixAccount->acl= get_module_permission($acl, "posix", $ui->dn); + $posixAccount->acl= get_module_permission($acl, "posixAccount", $ui->dn); } else { $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $editacl= get_module_permission($acl, "posix", $ui->dn); + $editacl= get_module_permission($acl, "posixAccount", $ui->dn); $posixAccount->acl= "#none#"; } @@ -81,7 +81,7 @@ if (!$remove_lock){ $posixAccount->save (); gosa_log ("User/posix object'".$ui->dn."' has been saved"); $posixAccount->acl= "#none#"; - $editacl= get_module_permission($acl, "posix", $ui->dn); + $editacl= get_module_permission($acl, "posixAccount", $ui->dn); del_lock ($ui->dn); sess_del ('edit'); diff --git a/plugins/personal/samba/main.inc b/plugins/personal/samba/main.inc index 5a78b651a..c17d7d5c6 100644 --- a/plugins/personal/samba/main.inc +++ b/plugins/personal/samba/main.inc @@ -58,10 +58,10 @@ if (!$remove_lock){ /* Adjust acl's to mode */ if (isset($_SESSION['edit'])){ $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $sambaAccount->acl= get_module_permission($acl, "samba", $ui->dn); + $sambaAccount->acl= get_module_permission($acl, "sambaAccount", $ui->dn); } else { $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $editacl= get_module_permission($acl, "samba", $ui->dn); + $editacl= get_module_permission($acl, "sambaAccount", $ui->dn); $sambaAccount->acl= "#none#"; } @@ -76,7 +76,7 @@ if (!$remove_lock){ $sambaAccount->save (); gosa_log ("User/samba object'".$ui->dn."' has been saved"); $sambaAccount->acl= "#none#"; - $editacl= get_module_permission($acl, "samba", $ui->dn); + $editacl= get_module_permission($acl, "sambaAccount", $ui->dn); del_lock ($ui->dn); sess_del ('edit');