From: hickert Date: Wed, 5 Nov 2008 08:10:39 +0000 (+0000) Subject: Updated ACL checks for FAI management X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=8c9e0af8eba8b7f5a3f0a59a7bc80a3e5e511630;p=gosa.git Updated ACL checks for FAI management git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@12912 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-plugins/fai/admin/fai/class_divListFai.inc b/gosa-plugins/fai/admin/fai/class_divListFai.inc index 2fba97966..ebb49b04b 100644 --- a/gosa-plugins/fai/admin/fai/class_divListFai.inc +++ b/gosa-plugins/fai/admin/fai/class_divListFai.inc @@ -129,7 +129,7 @@ class divListFai extends MultiSelectWindow $add_sep = false; /* Get complete fai acls, to be able to check if we must show or hide the snapshot abilities */ - $acl_all = $ui->has_complete_category_acls($this->config->current['BASE'],$this->module); + $acl_all = $ui->has_complete_category_acls($this->parent->acl_base,$this->module); /* Add default header */ $listhead = MultiSelectWindow::get_default_header(false); @@ -143,7 +143,7 @@ class divListFai extends MultiSelectWindow $s .= "..|". " "._("Create")."|\n"; - $acl = $ui->get_permissions($this->config->current['BASE'],"fai/faiProfile"); + $acl = $ui->get_permissions($this->parent->acl_base,"fai/faiProfile"); if($this->parent->lock_type == "freeze" && !$this->parent->allow_freeze_object_attach){ $s.= "...|". " "._("Freezed")."|\n"; @@ -169,7 +169,7 @@ class divListFai extends MultiSelectWindow "Create_package" , _("PK") , "faiPackage")); foreach($arr as $ar){ - $acl = $ui->get_permissions($this->config->current['BASE'],"fai/".$ar[4]); + $acl = $ui->get_permissions($this->parent->acl_base,"fai/".$ar[4]); if(preg_match("/c/",$acl)){ $s.= "...|". " ".$ar[1]."|".$ar[2]."|\n"; @@ -269,7 +269,7 @@ class divListFai extends MultiSelectWindow /* Add copy & cut icons */ $ui = get_userinfo(); $action =""; - $acl_all = $ui->has_complete_category_acls($this->config->current['BASE'],$this->module); + $acl_all = $ui->has_complete_category_acls($this->parent->acl_base,$this->module); if(preg_match("/^opsi_/",$type)){ $editlink ="%NAME%"; diff --git a/gosa-plugins/fai/admin/fai/class_faiManagement.inc b/gosa-plugins/fai/admin/fai/class_faiManagement.inc index 35d5cb060..71ab93b09 100644 --- a/gosa-plugins/fai/admin/fai/class_faiManagement.inc +++ b/gosa-plugins/fai/admin/fai/class_faiManagement.inc @@ -51,6 +51,7 @@ class faiManagement extends plugin var $allow_freeze_object_attach = TRUE; var $no_save; + var $acl_base =""; var $fai_base =""; var $fai_release =""; @@ -82,9 +83,8 @@ class faiManagement extends plugin } /* Set default release - !! If you change the base here you have to update the base in - class_divListFai.inc too, all ACL checks use ($this->config->current['BASE']). */ + $this->acl_base = $this->config->current['BASE']; $this->fai_base = get_ou("faiBaseRDN").$this->config->current['BASE']; if(!session::is_set("fai_filter")){ @@ -451,7 +451,7 @@ class faiManagement extends plugin Delete confirmed ****************/ - /* Deltetion was confirmed, so delete this entry + /* Deletion was confirmed, so delete this entry */ if (isset($_POST['delete_terminal_confirm'])){ @@ -541,7 +541,7 @@ class faiManagement extends plugin if("" != $this->config->search("faiManagement", "POSTREMOVE",array('menu','tabs'))){ /* Load permissions for selected 'dn' and check if we're allowed to remove this 'dn' */ - if($this->acl_is_removeable()){ + if(preg_match("/d/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){ $smarty->assign("release_hidden",base64_encode($this->fai_release)); $smarty->assign("info", msgPool::deleteInfo(LDAP::fix($this->fai_release),_("FAI branch/freeze"))); return($smarty->fetch(get_template_path('remove_branch.tpl',TRUE))); @@ -574,7 +574,7 @@ class faiManagement extends plugin $br = $this->getBranches(); - if(isset($br[$bb]) && $this->acl_is_removeable()){ + if(isset($br[$bb]) && preg_match("/d/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){ $name = $br[$bb]; $ldap->cd($bb); @@ -692,7 +692,7 @@ class faiManagement extends plugin if(isset($_GET['PerformBranch'])){ - if(!$this->acl_is_createable()){ + if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){ msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG); }else{ @@ -853,8 +853,12 @@ class faiManagement extends plugin */ if("" != $this->config->search("faiManagement", "POSTCREATE",array('menu','tabs'))){ if(($s_action == "branch_branch")||($this->dispNewBranch)){ - if(!$this->acl_is_createable()){ - msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG); + + echo $this->acl_base; + echo "->".$this->ui->get_permissions($this->acl_base,"fai/faiManagement"); + + if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){ + msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG); }else{ $this->dispNewBranch=true; $smarty->assign("iframe",false); @@ -874,7 +878,7 @@ class faiManagement extends plugin */ if("" != $this->config->search("faiManagement", "POSTCREATE",array('menu','tabs'))){ if(($s_action == "freeze_branch")||($this->dispNewFreeze)){ - if(!$this->acl_is_createable()){ + if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){ msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG); }else{ $this->dispNewFreeze = true; @@ -1133,7 +1137,7 @@ class faiManagement extends plugin } } $this->base = $base; - $this->set_acl_base($this->base); + $this->set_acl_base($this->acl_base); $this->lock_type = FAI::get_release_tag(FAI::get_release_dn($base)); diff --git a/gosa-plugins/fai/admin/fai/main.inc b/gosa-plugins/fai/admin/fai/main.inc index 650515abc..d2543758c 100644 --- a/gosa-plugins/fai/admin/fai/main.inc +++ b/gosa-plugins/fai/admin/fai/main.inc @@ -30,7 +30,6 @@ if ($remove_lock){ if (!session::is_set('FAI') || (isset($_GET['reset']) && $_GET['reset'] == 1)){ $FAI= new faiManagement($config, $ui); $FAI->set_acl_category("fai"); - $FAI->set_acl_base(session::get('CurrentMainBase')); session::set('FAI',$FAI); } $FAI = session::get('FAI');