From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 17 Sep 2007 13:42:43 +0000 (+0000)
Subject: Upated ACL handling.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=8835813a83be7453c24f74652f64a4ab96f734c8;p=gosa.git

Upated ACL handling.
-Moved plinfo from divlist to class_acl
-If an user is removed, all its acls will be removed too.
-If an user is moved, all its acls will be moved too.


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7307 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/include/class_acl.inc b/include/class_acl.inc
index 4fbdbe962..4998df217 100644
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
@@ -1079,6 +1079,87 @@ class acl extends plugin
     $this->handle_post_events("remove",array("uid" => $this->uid));
   }
 
+  
+  /* Return plugin informations for acl handling */
+  function plInfo()
+  {
+    return (array(
+          "plShortName"   => _("ACL"),
+          "plDescription" => _("ACL")._("Access control list").")",
+          "plSelfModify"  => FALSE,
+          "plDepends"     => array(),
+          "plPriority"    => 0,
+          "plSection"     => array("administration"),
+          "plCategory"    => array("acl" => array("description"  => _("ACL")."&nbsp;&amp;&nbsp;"._("ACL roles"),
+                                                          "objectClass"  => array("gosaAcl","gosaRole"))),
+          "plProvidedAcls"=> array(
+            "cn"          => _("Role name"),
+            "description" => _("Role description"))
+
+          ));
+  }
+
+
+  /* Remove acls defined for $src */
+  function remove_acl()
+  {
+    $this->remove_acl_for_dn($this->dn);
+  }
+
+
+  /* Remove acls defined for $src */
+  function remove_acl_for_dn($src = "")
+  {
+    if($src == ""){
+      $src = $this->dn;
+    }
+    $ldap = $this->config->get_ldap_link();
+    $ldap->cd($this->config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+    while($attrs = $ldap->fetch()){
+      $acl = new acl($this->config,$this->parent,$attrs['dn']);
+      foreach($acl->gosaAclEntry as $id => $entry){
+        foreach($entry['members'] as $m_id => $member){
+          if($m_id == "U:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
+          }
+          if($m_id == "G:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
+          }
+        }
+      }
+      $acl -> save();
+    }
+  }
+
+  function update_acl_membership($src,$dst)
+  {
+    $ldap = $this->config->get_ldap_link();
+    $ldap->cd($this->config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
+    while($attrs = $ldap->fetch()){
+      $acl = new acl($this->config,$this->parent,$attrs['dn']);
+      foreach($acl->gosaAclEntry as $id => $entry){
+        foreach($entry['members'] as $m_id => $member){
+          if($m_id == "U:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            $new = "U:".$dst;
+            $acl->gosaAclEntry[$id]['members'][$new] = $new;
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Updated acl for user %s on object %s.",$src,$attrs['dn']));
+          }
+          if($m_id == "G:".$src){
+            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
+            $new = "G:".$dst;
+            $acl->gosaAclEntry[$id]['members'][$new] = $new;
+            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Updated acl for group %s on object %s.",$src,$attrs['dn']));
+          }
+        }
+      }
+      $acl -> save();
+    }
+  }
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
diff --git a/include/class_plugin.inc b/include/class_plugin.inc
index 462be0b6c..bb7d7354c 100644
--- a/include/class_plugin.inc
+++ b/include/class_plugin.inc
@@ -766,7 +766,7 @@ class plugin
       $ei=ldap_first_entry($ds, $sr);
       if ($ei) {
         foreach($attrs as $attr => $val){
-          if ($info = ldap_get_values_len($ds, $ei, $attr)){
+          if ($info = @ldap_get_values_len($ds, $ei, $attr)){
             for ($i= 0; $i<$info['count']; $i++){
               if ($info['count'] == 1){
                 $new[$attr]= $info[$i];
diff --git a/plugins/admin/acl/class_divListACL.inc b/plugins/admin/acl/class_divListACL.inc
index 65e130f79..0d76a7af7 100644
--- a/plugins/admin/acl/class_divListACL.inc
+++ b/plugins/admin/acl/class_divListACL.inc
@@ -286,26 +286,6 @@ class divListACL extends MultiSelectWindow
     return(array("gosaAccount","gosaDepartment"));
   }
 
-  
-  /* Return plugin informations for acl handling */
-  function plInfo()
-  {
-    return (array(
-          "plShortName"   => _("ACL"),
-          "plDescription" => _("ACL")._("Access control list").")",
-          "plSelfModify"  => FALSE,
-          "plDepends"     => array(),
-          "plPriority"    => 0,
-          "plSection"     => array("administration"),
-          "plCategory"    => array("acl" => array("description"  => _("ACL")."&nbsp;&amp;&nbsp;"._("ACL roles"),
-                                                          "objectClass"  => array("gosaAcl","gosaRole"))),
-          "plProvidedAcls"=> array(
-            "cn"          => _("Role name"),
-            "description" => _("Role description"))
-
-          ));
-  }
-
 
 
 }
diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index 057c87fee..27d617d8c 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -78,6 +78,7 @@ class user extends plugin
   var $role= "";
   var $publicVisible= "";
 
+  var $orig_dn;
   var $dialog;
 
   /* variables to trigger password changes */
@@ -118,6 +119,8 @@ class user extends plugin
     /* Load base attributes */
     plugin::plugin ($config, $dn);
 
+    $this->orig_dn = $this->dn;
+
     if ($this->config->current['GOVERNMENTMODE']){
       /* Fix public visible attribute if unset */
       if (!isset($this->attrs['publicVisible'])){
@@ -651,21 +654,8 @@ class user extends plugin
 
     /* Remove ACL dependencies too, 
      */
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($this->dn)."*))",array("gosaAclEntry","dn"));
-    while($attrs = $ldap->fetch()){
-      $acl = new acl($this->config,$this->parent,$attrs['dn']);
-      foreach($acl->gosaAclEntry as $id => $entry){
-        foreach($entry['members'] as $m_id => $member){
-          if($m_id == "U:".$this->dn){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]); 
-            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$this->dn,$attrs['dn'])); 
-          }
-        }
-      }  
-      $acl -> save();
-    }
+    $tmp = new acl($this->config,$this->parent,$this->dn);
+    $tmp->remove_acl();
 
     /* Optionally execute a command after we're done */
     $this->handle_post_events("remove",array("uid" => $this->uid));
@@ -969,6 +959,12 @@ class user extends plugin
       return (1);
     }
 
+
+    /* Remove ACL dependencies too, 
+     */
+    $tmp = new acl($this->config,$this->parent,$this->dn);
+    $tmp->update_acl_membership($this->orig_dn,$this->dn);
+
     if($mode == "modify"){
       new log("modify","users/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error());
     }else{