From: cajus Date: Wed, 2 Dec 2009 11:03:12 +0000 (+0000) Subject: Use static function to strip acls, because we do not need to load the complete acl... X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=bd47d3d7eb678d2a179e9de3fde13f4534b38896;p=gosa.git Use static function to strip acls, because we do not need to load the complete acl feature set for that. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@14856 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc index 19bde859e..01165904c 100644 --- a/gosa-core/include/class_acl.inc +++ b/gosa-core/include/class_acl.inc @@ -1270,37 +1270,56 @@ class acl extends plugin /* Remove acls defined for $src */ function remove_acl() { - $this->remove_acl_for_dn($this->dn); + acl::remove_acl_for($this->dn); } /* Remove acls defined for $src */ - function remove_acl_for_dn($src = "") - { - if($src == ""){ - $src = $this->dn; - } - $ldap = $this->config->get_ldap_link(); - $ldap->cd($this->config->current['BASE']); - $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn")); - while($attrs = $ldap->fetch()){ - $acl = new acl($this->config,$this->parent,$attrs['dn']); - foreach($acl->gosaAclEntry as $id => $entry){ - foreach($entry['members'] as $m_id => $member){ - if($m_id == "U:".$src){ - unset($acl->gosaAclEntry[$id]['members'][$m_id]); - gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn'])); - } - if($m_id == "G:".$src){ - unset($acl->gosaAclEntry[$id]['members'][$m_id]); - gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn'])); - } - } + static function remove_acl_for($dn) + { + global $config; + + $ldap = $config->get_ldap_link(); + $ldap->cd($config->current['BASE']); + $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn")); + $new_entries= array(); + while($attrs = $ldap->fetch()){ + if (!isset($attrs['gosaAclEntry'])) { + continue; + } + unset($attrs['gosaAclEntry']['count']); + + // Remove entry directly + foreach($attrs['gosaAclEntry'] as $id => $entry){ + $parts= split(':',$entry); + $members= split(',',$parts[2]); + $new_members= array(); + foreach($members as $member) { + if (base64_decode($member) != $dn) { + $new_members[]= $member; + } else { + gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn'])); + } + } + + /* We can completely remove the entry if there are no members anymore */ + if (count($new_members)) { + $parts[2]= implode(",", $new_members); + $new_entries[]= implode(":", $parts); + } + } + + // There should be a modification, so write it back + $ldap->cd($attrs['dn']); + $new_attrs= array("gosaAclEntry" => $new_entries); + $ldap->modify($new_attrs); + if (!$ldap->success()){ + msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG); } - $acl -> save(); } } + function update_acl_membership($src,$dst) { $ldap = $this->config->get_ldap_link();