From: hickert Date: Wed, 9 May 2007 08:57:56 +0000 (+0000) Subject: Resolve acl-roles X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=8d6913a85f6561e58706451d57d4afe315873808;p=gosa.git Resolve acl-roles git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@6314 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc index 93e7cff77..b7b33514f 100644 --- a/setup/class_setupStep_Migrate.inc +++ b/setup/class_setupStep_Migrate.inc @@ -758,32 +758,73 @@ class Step_Migrate extends setup_step $this->checks['acls']['ERROR_MSG'] = _("Possibly the 'root object' is missing."); }else{ $found = false; + $username = ""; $attrs = $ldap->fetch(); if(isset($attrs['gosaAclEntry'])){ $acls = $attrs['gosaAclEntry']; for($i = 0 ; $i < $acls['count'] ; $i++){ $acl = $acls[$i]; $tmp = split(":",$acl); - - /* Only check permanent acls */ if($tmp[1] == "psub"){ + $members = split(",",$tmp[2]); + foreach($members as $member){ + $member = base64_decode($member); + + /* Check if acl owner is a valid GOsa user account */ + $ldap->cat($member,array("objectClass","uid","cn")); + $ret = $ldap->fetch(); + + if(isset($ret['objectClass']) && in_array("posixGroup",$ret['objectClass'])){ + $found = TRUE; + $username .= _("ACL-Group").": ".$ret['cn'][0]."
"; + }elseif(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && + in_array("organizationalPerson",$ret['objectClass']) && + in_array("inetOrgPerson",$ret['objectClass'])){ + $found = TRUE; + $username .= _("ACL").": ".$ret['uid'][0]."
"; + } + } + }elseif($tmp[1] == "role"){ /* Check if acl owner is a valid GOsa user account */ - $ldap->cat(base64_decode($tmp[2]),array("objectClass")); + $ldap->cat(base64_decode($tmp[2]),array("gosaAclTemplate")); $ret = $ldap->fetch(); - if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && - in_array("organizationalPerson",$ret['objectClass']) && - in_array("inetOrgPerson",$ret['objectClass'])){ - $found = TRUE; + if(isset($ret['gosaAclTemplate'])){ + $cnt = $ret['gosaAclTemplate']['count']; + for($e = 0 ; $e < $cnt ; $e++){ + + $a_str = $ret['gosaAclTemplate'][$e]; + if(preg_match("/^[0-9]*:psub:/",$a_str) && preg_match("/:all;cmdrw$/",$a_str)){ + + $members = split(",",$tmp[3]); + foreach($members as $member){ + $member = base64_decode($member); + + /* Check if acl owner is a valid GOsa user account */ + $ldap->cat($member,array("objectClass","uid")); + $ret = $ldap->fetch(); + + if(isset($ret['objectClass']) && in_array("gosaAccount",$ret['objectClass']) && + in_array("organizationalPerson",$ret['objectClass']) && + in_array("inetOrgPerson",$ret['objectClass'])){ + $found = TRUE; + $username .= _("ACL Role").": ".$ret['uid'][0]."
"; + } + } + } + } } } } } + # For debugging + #echo $username; + if($found){ $this->checks['acls']['STATUS'] = TRUE; - $this->checks['acls']['STATUS_MSG']= _("Ok"); + $this->checks['acls']['STATUS_MSG']= _("Ok")." "; $this->checks['acls']['ERROR_MSG'] = ""; }else{ $this->checks['acls']['STATUS'] = FALSE;