From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Thu, 30 Aug 2007 08:26:47 +0000 (+0000)
Subject: Updated service acls, only allow editing for services we have acls for
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=a7a64fcb62506d095ec99cebbb0f73b98656c24c;p=gosa.git

Updated service acls, only allow editing for services we have acls for


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@7167 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/plugins/admin/systems/class_divListSystemService.inc b/plugins/admin/systems/class_divListSystemService.inc
index d48a3858d..041f339b1 100644
--- a/plugins/admin/systems/class_divListSystemService.inc
+++ b/plugins/admin/systems/class_divListSystemService.inc
@@ -79,6 +79,8 @@ class divListSystemService extends MultiSelectWindow
       $tmp2[$name] = $list[$name];
     }
 
+    $ui = get_userinfo();
+
     foreach($tmp2 as $name => $entry){
  
       switch($entry['Status']){
@@ -89,6 +91,12 @@ class divListSystemService extends MultiSelectWindow
         default: $str= "<img src='images/select_user.png' alt='".$entry['Status']."' title='"._("User status")." : ".$entry['Status']."'>";
       }
 
+      /* Get acls */
+      $acl = $ui->get_permissions($this->parent->dn,"server/".$name);
+      if(preg_match("/w/i",$acl) && !preg_match("/r/i",$acl)){
+        continue;
+      }
+  
       $WasAccount = $this->parent->plugins[$name] -> initially_was_account;    
   
       $field1 = array("string" => $str ,"attach" => "style='width:20px;'");
@@ -113,13 +121,17 @@ class divListSystemService extends MultiSelectWindow
       }else{
         $actions .= "&nbsp;<img src='images/empty' width='16' alt=''>";
       }
-      if($entry['AllowEdit']){
+
+      /* Check if edit is enabled and allowed for current service */
+      if($entry['AllowEdit'] && preg_match("/(r|w)/i",$acl)){
         $actions .= "&nbsp;<input type='image' name='EditSingleService_".$name."' src='images/edit.png'
                             title='"._("Edit service")."'>";
       }else{
         $actions .= "&nbsp;<img src='images/empty' width='16' alt=''>";
       }
-      if($entry['AllowRemove']){
+
+      /* Check if remove is enabled and allowed for current service */
+      if($entry['AllowRemove'] && preg_match("/d/i",$acl)){
         $actions .= "&nbsp;<input type='image' name='RemoveSingleService_".$name."' src='images/edittrash.png'
                             title='"._("Remove service")."'>";
       }else{
diff --git a/plugins/admin/systems/class_servDNSeditZone.inc b/plugins/admin/systems/class_servDNSeditZone.inc
index 500739c2d..615ede4bc 100644
--- a/plugins/admin/systems/class_servDNSeditZone.inc
+++ b/plugins/admin/systems/class_servDNSeditZone.inc
@@ -201,8 +201,11 @@ class servdnseditZone extends plugin
     plugin::execute();
 
 
+
     /* Fill templating stuff */
     $smarty= get_smarty();
+    $ui = get_userinfo();
+    $smarty->assign("ACLs",$ui->get_permissions($this->dn,"server/servdns"));
     $display= "";
 
     /* Open Zone Entry Edit Dialog
diff --git a/plugins/admin/systems/class_serverService.inc b/plugins/admin/systems/class_serverService.inc
index e417b38fe..239a5476e 100644
--- a/plugins/admin/systems/class_serverService.inc
+++ b/plugins/admin/systems/class_serverService.inc
@@ -167,7 +167,7 @@ class ServerService extends plugin
  
     /* Abort dialog 
        Restore vars with values before editing */
-    if(isset($_POST['CancelService'])){
+    if(isset($_POST['CancelService']) && !empty($this->current)){
       if($this->backup == NULL){
         $this->plugins[$this->current] = new $this->current($this->config,$this->dn);
         $this->plugins[$this->current]-> set_acl_base($this->acl_base);
diff --git a/plugins/admin/systems/servdnseditzone.tpl b/plugins/admin/systems/servdnseditzone.tpl
index 2e7c969be..1136dba53 100644
--- a/plugins/admin/systems/servdnseditzone.tpl
+++ b/plugins/admin/systems/servdnseditzone.tpl
@@ -6,22 +6,30 @@
 				<tr>
 					<td>{t}Zone name{/t}{$must}
 					</td>
-					<td><input type="text" name="zoneName" value="{$zoneName}" {if $NotNew} disabled {/if}>
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="zoneName" value="{$zoneName}" {if $NotNew} disabled {/if}>
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}Network address{/t}{$must}
 					</td>
-					<td><input type="text" name="ReverseZone" value="{$ReverseZone}" {if $NotNew} disabled {/if}>
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="ReverseZone" value="{$ReverseZone}" {if $NotNew} disabled {/if}>
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}Netmask{/t}
 					</td>
 					<td>
+{render acl=$ACLs}					
 						<select name="NetworkClass" {if $NotNew} disabled {/if}>
 							{html_options options=$NetworkClasses selected=$NetworkClass }
 						</select>
+{/render}
 					</td>
 				</tr>
 			</table>
@@ -37,7 +45,9 @@
 						{/if}
 					</td>
 					<td>
+{render acl=$ACLs}					
 						<input type="submit" name="EditZoneEntries" value="{t}Edit{/t}" {if $AllowZoneEdit == false} disabled {/if}> 
+{/render}
 					</td>
 				</tr>
 			</table>
@@ -53,19 +63,28 @@
 				<tr>
 					<td>{t}Primary dns server for this zone{/t}{$must}
 					</td>
-					<td><input type="text" name="sOAprimary" value="{$sOAprimary}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOAprimary" value="{$sOAprimary}">
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}Mail address{/t}{$must}
 					</td>
-					<td><input type="text" name="sOAmail" value="{$sOAmail}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOAmail" value="{$sOAmail}">
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}Serial number (automatically incremented){/t}{$must}
 					</td>
-					<td><input type="text" name="sOAserial" value="{$sOAserial}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOAserial" value="{$sOAserial}">
+{/render}
 					</td>
 				</tr>
 			</table>
@@ -75,25 +94,37 @@
 				<tr>
 					<td>{t}Refresh{/t}{$must}
 					</td>
-					<td><input type="text" name="sOArefresh" value="{$sOArefresh}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOArefresh" value="{$sOArefresh}">
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}Retry{/t}{$must}
 					</td>
-					<td><input type="text" name="sOAretry" value="{$sOAretry}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOAretry" value="{$sOAretry}">
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}Expire{/t}{$must}
 					</td>
-					<td><input type="text" name="sOAexpire" value="{$sOAexpire}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOAexpire" value="{$sOAexpire}">
+{/render}
 					</td>
 				</tr>
 				<tr>
 					<td>{t}TTL{/t}{$must}
 					</td>
-					<td><input type="text" name="sOAttl" value="{$sOAttl}">
+					<td>
+{render acl=$ACLs}					
+						<input type="text" name="sOAttl" value="{$sOAttl}">
+{/render}
 					</td>
 				</tr>
 			</table>
@@ -110,22 +141,32 @@
 			<table width="100%">	
 				<tr>
 					<td>
+{render acl=$ACLs}					
 						{$Mxrecords}
+{/render}
+{render acl=$ACLs}					
 						<input type="text" 		name="StrMXRecord" value="">
+{/render}
+{render acl=$ACLs}					
 						<input type="submit" 	name="AddMXRecord" value="{t}Add{/t}">
+{/render}
 					</td>
 				</tr>
 			</table>
 		</td>
 		<td style="vertical-align:top;">
 			<h2>{t}Global zone records{/t}</h2>
+{render acl=$ACLs}					
 			  {$records}
+{/render}
 		</td>
 	</tr>
 </table>
 <div style="text-algin:right;" align="right">
 	<p>
+{render acl=$ACLs}					
 		<input type="submit" name="SaveZoneChanges" value="{t}Save{/t}">
+{/render}
 		<input type="submit" name="CancelZoneChanges" value="{t}Cancel{/t}">
 	</p>
 </div>