From: hickert Date: Mon, 20 Oct 2008 07:30:52 +0000 (+0000) Subject: Updated GOsa ACLs management && role class X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=ce6f16db3bcd127966d9a4ce69d327f90a02a347;p=gosa.git Updated GOsa ACLs management && role class -Fixed ACL handling, gray out && cal category. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@12735 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/gosa-core/plugins/admin/acl/acl_role.tpl b/gosa-core/plugins/admin/acl/acl_role.tpl index 3dce4dc8a..1a9b90cd6 100644 --- a/gosa-core/plugins/admin/acl/acl_role.tpl +++ b/gosa-core/plugins/admin/acl/acl_role.tpl @@ -41,7 +41,9 @@ {$aclList} +{render acl=$gosaAclEntryACL} +{/render} {/if} @@ -56,8 +58,10 @@

 

+{render acl=$gosaAclEntryACL}   +{/render}
{/if} @@ -66,11 +70,15 @@

{$headline}

+{render acl=$gosaAclEntryACL} {$aclSelector} +{/render}

 

+{render acl=$gosaAclEntryACL} +{/render}  
diff --git a/gosa-core/plugins/admin/acl/class_aclManagement.inc b/gosa-core/plugins/admin/acl/class_aclManagement.inc index 910a31986..6c7f5bd66 100644 --- a/gosa-core/plugins/admin/acl/class_aclManagement.inc +++ b/gosa-core/plugins/admin/acl/class_aclManagement.inc @@ -36,7 +36,7 @@ class aclManagement extends plugin var $start_pasting_copied_objects = FALSE; var $dns = array(); - var $acl_module = array("acl","aclroles"); + var $acl_module = array("acl"); function aclManagement(&$config, &$ui) { @@ -157,7 +157,7 @@ class aclManagement extends plugin $this->dn= "new"; /* Check permissions */ - if(preg_match("/c/",$this->ui->get_permissions($this->DivListACL->selectedBase,"aclroles/aclrole"))){ + if(preg_match("/c/",$this->ui->get_permissions($this->DivListACL->selectedBase,"acl/aclrole"))){ /* Register acltabs to trigger edit dialog */ $this->acltabs= new aclroletab($this->config, NULL,$this->dn); @@ -177,7 +177,7 @@ class aclManagement extends plugin $this->dn= $this->list[trim($s_entry)]['dn']; if(in_array("gosaRole",$this->list[trim($s_entry)]['objectClass'])){ - $acl = "aclroles/aclrole"; + $acl = "acl/aclrole"; }else{ $acl = "acl/acl"; } @@ -250,7 +250,7 @@ class aclManagement extends plugin foreach($ids as $id){ $dn = $this->list[$id]['dn']; if(in_array("gosaRole",$this->list[$id]['objectClass'])){ - $acl = $this->ui->get_permissions($dn, "aclroles/aclrole"); + $acl = $this->ui->get_permissions($dn, "acl/aclrole"); }else{ $acl = $this->ui->get_permissions($dn, "acl/acl"); } @@ -286,7 +286,7 @@ class aclManagement extends plugin */ $dn = $this->list[$id]['dn']; if(in_array("gosaRole",$this->list[$id]['objectClass'])){ - $acl = $this->ui->get_permissions($dn,"aclroles/aclrole"); + $acl = $this->ui->get_permissions($dn,"acl/aclrole"); $name = _("ACL role"); }else{ $acl = $this->ui->get_permissions($dn,"acl/acl"); @@ -331,7 +331,7 @@ class aclManagement extends plugin $dn = $this->list[$id]['dn']; $this->dn = $dn; if(in_array("gosaRole",$this->list[$id]['objectClass'])){ - $acl = $this->ui->get_permissions($dn,"aclroles/aclrole"); + $acl = $this->ui->get_permissions($dn,"acl/aclrole"); $this->acltabs= new aclroletab($this->config,NULL, $this->dn); }else{ $acl = $this->ui->get_permissions($dn,"acl/acl"); @@ -346,7 +346,7 @@ class aclManagement extends plugin } else { msg_dialog::display(_("Permission error"),msgPool::permDelete(), ERROR_DIALOG); if(isset($this->ui->uid)){ - new log("security","aclroles/".get_class($this),$this->dn,array(), + new log("security","acl/".get_class($this),$this->dn,array(), "Warning: '".$this->ui->uid."' tried to trick acl role deletion."); } } @@ -567,11 +567,11 @@ class aclManagement extends plugin /* We can only copy & cut roles */ if(isset($this->list[$s_entry]['objectClass']) && in_array("gosaRole",$this->list[$s_entry]['objectClass'])){ - if($s_action == "copy" && $ui->is_copyable($dn,"aclroles","aclrole")){ - $this->CopyPasteHandler->add_to_queue($dn,$s_action,"aclroletab","ACLROLETAB","aclroles"); + if($s_action == "copy" && $ui->is_copyable($dn,"acl","aclrole")){ + $this->CopyPasteHandler->add_to_queue($dn,$s_action,"aclroletab","ACLROLETAB","acl"); } - if($s_action == "cut" && $ui->is_cutable($dn,"aclroles","aclrole")){ - $this->CopyPasteHandler->add_to_queue($dn,$s_action,"aclroletab","ACLROLETAB","aclroles"); + if($s_action == "cut" && $ui->is_cutable($dn,"acl","aclrole")){ + $this->CopyPasteHandler->add_to_queue($dn,$s_action,"aclroletab","ACLROLETAB","acl"); } } } @@ -588,11 +588,11 @@ class aclManagement extends plugin if(isset($this->list[$id]['objectClass']) && in_array("gosaRole",$this->list[$id]['objectClass'])){ - if($s_action == "copy_multiple" && $ui->is_copyable($dn,"aclroles","aclrole")){ - $this->CopyPasteHandler->add_to_queue($dn,"copy","aclroletab","ACLROLETAB","aclroles"); + if($s_action == "copy_multiple" && $ui->is_copyable($dn,"acl","aclrole")){ + $this->CopyPasteHandler->add_to_queue($dn,"copy","aclroletab","ACLROLETAB","acl"); } - if($s_action == "cut_multiple" && $ui->is_cutable($dn,"aclroles","aclrole")){ - $this->CopyPasteHandler->add_to_queue($dn,"cut","aclroletab","ACLROLETAB","aclroles"); + if($s_action == "cut_multiple" && $ui->is_cutable($dn,"acl","aclrole")){ + $this->CopyPasteHandler->add_to_queue($dn,"cut","aclroletab","ACLROLETAB","acl"); } } } diff --git a/gosa-core/plugins/admin/acl/class_aclRole.inc b/gosa-core/plugins/admin/acl/class_aclRole.inc index 2f90c4190..9deb2a94c 100644 --- a/gosa-core/plugins/admin/acl/class_aclRole.inc +++ b/gosa-core/plugins/admin/acl/class_aclRole.inc @@ -63,7 +63,7 @@ class aclrole extends acl $this->base = session::get('CurrentMainBase'); }else{ $this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn); - new log("view","aclroles/".get_class($this),$this->dn); + new log("view","acl/".get_class($this),$this->dn); } /* Load ACL's */ @@ -181,7 +181,7 @@ class aclrole extends acl $plist= $tmp->info; /* Handle posts */ - if (isset($_POST['new_acl'])){ + if (isset($_POST['new_acl']) && $this->acl_is_writeable("gosaAclEntry")){ $this->dialogState= 'create'; $this->dialog= TRUE; $this->currentIndex= count($this->gosaAclTemplate); @@ -202,11 +202,6 @@ class aclrole extends acl $this->loadAclEntry(); continue; } - if (preg_match('/^acl_del_.*_x/', $name)){ - unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]); - continue; - } - if (preg_match('/^cat_edit_.*_x/', $name)){ $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name); $this->dialogState= 'edit'; @@ -217,7 +212,17 @@ class aclrole extends acl } continue; } - if (preg_match('/^cat_del_.*_x/', $name)){ + + if(!$this->acl_is_writeable("gosaAclEntry")){ + continue; + } + + if (preg_match('/^acl_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){ + unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]); + continue; + } + + if (preg_match('/^cat_del_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){ $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name); foreach ($this->ocMapping[$idx] as $key){ unset($this->aclContents["$idx/$key"]); @@ -226,7 +231,7 @@ class aclrole extends acl } /* Sorting... */ - if (preg_match('/^sortup_.*_x/', $name)){ + if (preg_match('/^sortup_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){ $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name); if ($index > 0){ $tmp= $this->gosaAclTemplate[$index]; @@ -235,7 +240,7 @@ class aclrole extends acl } continue; } - if (preg_match('/^sortdown_.*_x/', $name)){ + if (preg_match('/^sortdown_.*_x/', $name) && $this->acl_is_writeable("gosaAclEntry")){ $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name); if ($index < count($this->gosaAclTemplate)-1){ $tmp= $this->gosaAclTemplate[$index]; @@ -246,7 +251,7 @@ class aclrole extends acl } /* ACL saving... */ - if (preg_match('/^acl_.*_[^xy]$/', $name)){ + if (preg_match('/^acl_.*_[^xy]$/', $name) && $this->acl_is_writeable("gosaAclEntry")){ $aclDialog= TRUE; list($dummy, $object, $attribute, $value)= split('_', $name); @@ -297,7 +302,7 @@ class aclrole extends acl } /* Store ACL in main object? */ - if (isset($_POST['submit_new_acl'])){ + if (isset($_POST['submit_new_acl']) && $this->acl_is_writeable("gosaAclEntry")){ $this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType; $this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients; $this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents; @@ -316,12 +321,12 @@ class aclrole extends acl } /* Save edit acl? */ - if (isset($_POST['submit_edit_acl'])){ + if (isset($_POST['submit_edit_acl']) && $this->acl_is_writeable("gosaAclEntry")){ $this->dialogState= 'create'; } /* Add acl? */ - if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){ + if (isset($_POST['add_acl']) && $_POST['aclObject'] != "" && $this->acl_is_writeable("gosaAclEntry")){ $this->dialogState= 'edit'; $this->savedAclContents= array(); foreach ($this->ocMapping[$this->aclObject] as $oc){ @@ -333,7 +338,7 @@ class aclrole extends acl /* Save common values */ foreach (array("aclType", "aclObject", "target") as $key){ - if (isset($_POST[$key])){ + if (isset($_POST[$key]) && $this->acl_is_writeable("gosaAclEntry")){ $this->$key= validate($_POST[$key]); } } @@ -353,15 +358,27 @@ class aclrole extends acl /* Draw list */ $aclList= new divSelectBox("aclList"); $aclList->SetHeight(350); - + /* Fill in entries */ foreach ($this->gosaAclTemplate as $key => $entry){ $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'"); $field2= array("string" => $this->assembleAclSummary($entry)); - $action= ""; - $action.= ""; - $action.= ""; - $action.= ""; + + $action =""; + if($this->acl_is_writeable("gosaAclEntry")){ + $action.= ""; + $action.= ""; + } + if($this->acl_is_readable("gosaAclEntry")){ + $action.= ""; + } + if($this->acl_is_writeable("gosaAclEntry")){ + $action.= ""; + } $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'"); $aclList->AddEntry(array($field1, $field2, $field3)); @@ -403,10 +420,18 @@ class aclrole extends acl $summary= sprintf(_("ACL for these objects: %s"), preg_replace('/, $/', '', $summary)); } + $action = ""; + if($this->acl_is_readable("gosaAclEntry")){ + $action.= ""; + } + if($this->acl_is_writeable("gosaAclEntry")){ + $action.= ""; + } + $field1= array("string" => $dsc, "attach" => "style='width:140px'"); $field2= array("string" => $summary); - $action= ""; - $action.= ""; $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'"); $aclList->AddEntry(array($field1, $field2, $field3)); } @@ -494,7 +519,7 @@ class aclrole extends acl function aclPostHandler() { - if (isset($_POST['save_acl'])){ + if (isset($_POST['save_acl']) && $this->acl_is_writeable("gosaAclEntry")){ $this->save(); return TRUE; } @@ -575,13 +600,13 @@ class aclrole extends acl $ldap->cd($this->dn); $this->cleanup(); $ldap->modify ($this->attrs); - new log("modify","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); + new log("modify","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); }else{ $ldap->cd($this->config->current['BASE']); $ldap->create_missing_trees(preg_replace("/^[^,]+,/","",$this->dn)); $ldap->cd($this->dn); $ldap->add($this->attrs); - new log("create","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); + new log("create","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); } if (!$ldap->success()){ @@ -623,7 +648,7 @@ class aclrole extends acl } $ldap->rmDir($this->dn); - new log("remove","aclroles/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); + new log("remove","acl/".get_class($this),$this->dn,array_keys($this->attrs),$ldap->get_error()); if (!$ldap->success()){ msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, "", get_class())); } @@ -700,12 +725,12 @@ class aclrole extends acl "plDepends" => array(), "plPriority" => 0, "plSection" => array("admin"), - "plCategory" => array("aclroles" => array("objectClass" => "gosaRole", "description" => _("Access control roles"))), - + "plCategory" => array("acl"), "plProvidedAcls" => array( "cn" => _("Name"), "base" => _("Base"), - "description" => _("Description")) + "description" => _("Description"), + "gosaAclEntry" => _("Permissions")) )); } diff --git a/gosa-core/plugins/admin/acl/class_divListACL.inc b/gosa-core/plugins/admin/acl/class_divListACL.inc index a78d1c4e6..d2af617e0 100644 --- a/gosa-core/plugins/admin/acl/class_divListACL.inc +++ b/gosa-core/plugins/admin/acl/class_divListACL.inc @@ -42,7 +42,7 @@ class divListACL extends MultiSelectWindow function divListACL (&$config, &$parent) { - MultiSelectWindow::MultiSelectWindow($config, "ACL", array("acl","aclroles")); + MultiSelectWindow::MultiSelectWindow($config, "ACL", array("acl","acl")); $this->parent = &$parent; $this->ui = get_userinfo(); @@ -145,8 +145,8 @@ class divListACL extends MultiSelectWindow */ if(in_array("gosaRole",$acl_entry['objectClass'])){ - $acl = $this->ui->get_permissions($acl_entry['dn'],"aclroles/aclRole"); - $acl_all = $this->ui->has_complete_category_acls($acl_entry['dn'],"aclroles"); + $acl = $this->ui->get_permissions($acl_entry['dn'],"acl/aclrole"); + $acl_all = $this->ui->has_complete_category_acls($acl_entry['dn'],"acl"); $editlink = "%s"; $list_left_icon = ""._("Role").""; @@ -157,7 +157,7 @@ class divListACL extends MultiSelectWindow } /* Add copy & cut functionality */ - $action.= $this->parent->get_copypaste_action($acl_entry['dn'],"aclroles","aclRole"); + $action.= $this->parent->get_copypaste_action($acl_entry['dn'],"acl","aclRole"); /* Add actions depending on acls */ if(preg_match("/r/", $acl)){ @@ -166,7 +166,7 @@ class divListACL extends MultiSelectWindow } /* Add snapshot functionality */ - $action.= $this->parent->get_snapshot_action($acl_entry['dn'],"aclroles"); + $action.= $this->parent->get_snapshot_action($acl_entry['dn'],"acl"); }else{