From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 14 May 2008 09:11:03 +0000 (+0000)
Subject: Added ignore_acl option for gosa.conf.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=c5849fe4df3ee6b875d778c8cff862b2bf31eeb3;p=gosa.git

Added ignore_acl option for gosa.conf.


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10884 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index bba185e0a..c1263330c 100644
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -178,6 +178,13 @@ class userinfo
 
   function get_category_permissions($dn, $category)
   {
+    /* If we are forced to skip ACLs checks for the current user 
+        then return all permissions.
+     */
+    if($this->ignore_acl_for_current_user()){
+      return("rwcdm");
+    }
+
     /* Get list of objectClasses and get the permissions for it */
     $acl= "";
     if (isset($this->ocMapping[$category])){
@@ -194,6 +201,13 @@ class userinfo
 
   function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE)
   {
+    /* If we are forced to skip ACLs checks for the current user 
+        then return all permissions.
+     */
+    if($this->ignore_acl_for_current_user()){
+      return("rwcdm");
+    }
+
     /* Push cache answer? */
     $ACL_CACHE = &session::get('ACL_CACHE');
     if (isset($ACL_CACHE["$dn+$object+$attribute"])){
@@ -293,6 +307,14 @@ class userinfo
      accessible department) */
   function get_module_departments($module)
   {
+    
+    /* If we are forced to skip ACLs checks for the current user 
+        then return all departments as valid.
+     */
+    if($this->ignore_acl_for_current_user()){
+      return(array_keys($this->config->idepartments));
+    }
+
     /* Use cached results if possilbe */
     $ACL_CACHE = session::get('ACL_CACHE');
     if(isset($ACL_CACHE['MODULE_DEPARTMENTS'][serialize($module)])){
@@ -505,6 +527,16 @@ class userinfo
     }
     return($acl);
   }
+
+ 
+  /*! \brief  Returns TRUE if the current user is configured in IGNORE_ACL=".." in your gosa.conf 
+      @param  Return Boolean TRUE if we have to skip ACL checks else FALSE.
+   */ 
+  function ignore_acl_for_current_user()
+  {
+    return(isset($this->config->current['IGNORE_ACL']) && $this->config->current['IGNORE_ACL'] == $this->dn);
+  }
+
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: