From: hickert Date: Thu, 25 Jan 2007 11:28:57 +0000 (+0000) Subject: Some Acl fixes / updates. X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=f3e9570b6dbc536d4f3b744bf923ec5d3cb429de;p=gosa.git Some Acl fixes / updates. - Acl roles implemented. - Acls will now we openened as tab when editing from acl management. - Roles are not completed yet. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5623 594d385d-05f5-0310-b6e9-bd551577e9d8 --- diff --git a/include/class_acl.inc b/include/class_acl.inc index 0f6f39f88..2d9e72501 100644 --- a/include/class_acl.inc +++ b/include/class_acl.inc @@ -484,7 +484,10 @@ class acl extends plugin foreach($list as $name => $translation){ $na = preg_replace("/^.*\//","",$name); - $prio= $plist[$na]['plPriority'] ; + $prio = 0; + if(isset($plist[$na]['plPriority'])){ + $prio= $plist[$na]['plPriority'] ; + } $newSort[$name] = $prio; } diff --git a/plugins/admin/acl/acl_role.tpl b/plugins/admin/acl/acl_role.tpl new file mode 100644 index 000000000..17a2704b7 --- /dev/null +++ b/plugins/admin/acl/acl_role.tpl @@ -0,0 +1,78 @@ +{if $dialogState eq 'head'} + +

{t}Assigned ACLs for current entry{/t}

+ + + + + + + + + + + + + +
+ {t}Name{/t} + +{render acl=$cnACL} + +{/render} +
+ {t}Description{/t} + +{render acl=$descriptionACL} + +{/render} +
+ {t}Base{/t} + +{render acl=$baseACL} + +{/render} + +{render acl=$baseACL disable_picture='images/folder_gray.png'} + +{/render} + +
+{$aclList} + + +{/if} + +{if $dialogState eq 'create'} +

{t}ACL type{/t}  {if $javascript eq 'false'}{/if}

+ +

 

+ + +

{t}List of available ACL categories{/t}

+{$aclList} + +

 

+
+ +   + +
+{/if} + +{if $dialogState eq 'edit'} + +

{$headline}

+ +{$aclSelector} + +

 

+
+ +   + +
+{/if} + diff --git a/plugins/admin/acl/class_aclManagement.inc b/plugins/admin/acl/class_aclManagement.inc index 9e33b9bb0..429cdeab4 100644 --- a/plugins/admin/acl/class_aclManagement.inc +++ b/plugins/admin/acl/class_aclManagement.inc @@ -18,6 +18,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +require_once("tabs_acl_role.inc"); +require_once("tabs_acl.inc"); class aclManagement extends plugin { @@ -31,6 +33,7 @@ class aclManagement extends plugin var $acl = ""; var $DivListACL = NULL; + var $CopyPasteHandler; function aclManagement($config, $ui) { @@ -38,6 +41,11 @@ class aclManagement extends plugin $this->config = $config; $this->ui = $ui; + /* Copy & Paste enabled ?*/ + if((isset($this->config->data['MAIN']['ENABLECOPYPASTE']))&&(preg_match("/true/i",$this->config->data['MAIN']['ENABLECOPYPASTE']))){ + $this->CopyPasteHandler = new CopyPasteHandler($this->config); + } + /* Creat dialog object */ $this->DivListACL = new divListACL($this->config,$this); } @@ -48,7 +56,7 @@ class aclManagement extends plugin /* Call parent execute */ plugin::execute(); - $_SESSION['LOCK_VARS_TO_USE'] = array("/^list_acl_edit/","/^list_acl_del/","/list_edit_entry/","/^id_/"); + $_SESSION['LOCK_VARS_TO_USE'] = array("/^list/","/^id_/"); $smarty = get_smarty(); // Smarty instance $s_action = ""; // Contains the action to be taken @@ -60,7 +68,21 @@ class aclManagement extends plugin $s_entry= validate($_GET['id']); } - $types = array("del"=>"^list_acl_del","edit"=>"^list_acl_edit"); + /* Edit entry button pressed? */ + if( isset($_GET['act']) && $_GET['act'] == "list_edit_role" ){ + $s_action= "edit_role"; + $s_entry= validate($_GET['id']); + } + + $types = array( + "del" =>"^list_acl_del", + "edit" =>"^list_acl_edit", + "del_role" =>"^list_acl_role_del", + "edit_role" =>"^list_acl_role_edit", + "copy" =>"^copy", + "cut" =>"^cut", + "editPaste" =>"^editPaste", + "addrole" =>"^new_acl_role"); /* Test relevant POST values */ foreach($_POST as $key => $val){ @@ -85,19 +107,52 @@ class aclManagement extends plugin }else{ $s_tab= "generic"; } + + + /******************** + Copy & Paste Handling ... + ********************/ + + /* Only perform copy&paste requests if it is enabled + */ + if($this->CopyPasteHandler){ + if($str = $this->copyPasteHandling($s_action,$s_entry)){ + return $str; + } + } + /******************** + * Add new Role entry + ********************/ + + if(($s_action == "addrole") && (!isset($this->acltabs->config))){ + + /* Get 'dn' from posted acl, must be unique */ + $this->dn= "new"; + + /* Check permissions */ + if(preg_match("/c/",$this->ui->get_permissions($this->DivListACL->selectedBase,"acl/acl"))){ + + /* Register acltabs to trigger edit dialog */ + $this->acltabs= new aclroletab($this->config, NULL,$this->dn); + $this->acltabs->set_acl_base($this->DivListACL->selectedBase); + }else{ + print_red(_("You are not allowed to create a new role.")); + } + } + /******************** Edit existing entry ********************/ - if (($s_action=="edit") && (!isset($this->acltabs->config))){ + if (($s_action=="edit" || $s_action=="edit_role") && (!isset($this->acltabs->config))){ /* Get 'dn' from posted acl, must be unique */ $this->dn= $this->list[trim($s_entry)]['dn']; /* Check permissions */ - if(preg_match("/r/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){ + if(preg_match("/r/",$this->ui->get_permissions($this->dn,"acl/acl"))){ /* Check locking, save current plugin in 'back_plugin', so the dialog knows where to return. */ @@ -109,12 +164,13 @@ class aclManagement extends plugin add_lock ($this->dn, $this->ui->dn); /* Register acltabs to trigger edit dialog */ - $this->acltabs= new acl($this->config, NULL,$this->dn); - $this->acltabs-> set_acl_base($this->dn); - $this->acltabs-> set_acl_category("acl"); - - /* Switch tab, if it was requested by user */ - $this->acltabs->current = $s_tab; + if($s_action=="edit_role"){ + $this->acltabs= new aclroletab($this->config, NULL,$this->dn); + $this->acltabs-> set_acl_base($this->dn); + }else{ + $this->acltabs= new acltab($this->config, NULL,$this->dn); + $this->acltabs-> set_acl_base($this->dn); + } /* Set ACL and move DN to the headline */ $_SESSION['objectinfo']= $this->dn; @@ -154,7 +210,7 @@ class aclManagement extends plugin $this->dn= $this->list[trim($s_entry)]['dn']; /* Check permissions */ - if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){ + if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/acl"))){ /* Check locking, save current plugin in 'back_plugin', so the dialog knows where to return. */ if (($acl= get_lock($this->dn)) != ""){ @@ -183,7 +239,7 @@ class aclManagement extends plugin if (isset($_POST['delete_acl_confirmed'])){ /* Check permissions */ - if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){ + if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/acl"))){ /* Delete request is permitted, perform LDAP action */ $this->acltabs= new acl($this->config, NULL,$this->dn); @@ -227,7 +283,6 @@ class aclManagement extends plugin if ((isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->acltabs->config))){ /* Check tabs, will feed message array */ - $this->acltabs->last= $this->acltabs->current; $this->acltabs->save_object(); $message= $this->acltabs->check(); @@ -264,6 +319,7 @@ class aclManagement extends plugin Display subdialog ********************/ + /* Show tab dialog if object is present */ if(isset($this->acltabs->config)){ @@ -275,9 +331,9 @@ class aclManagement extends plugin if(isset($this->acltabs)){ /* Skip displaying save/cancel if there is a sub dialog open */ - if (!$this->acltabs->dialog){ + if (!isset($this->acltabs->dialog) || !$this->acltabs->dialog){ $display.= "

\n"; - $display.= "\n"; +// $display.= "\n"; $display.= " \n"; /* Skip Apply if it is a new entry */ @@ -286,7 +342,7 @@ class aclManagement extends plugin # $display.= " \n"; #} - $display.= "\n"; + // $display.= "\n"; $display.= "

"; } } @@ -320,11 +376,12 @@ class aclManagement extends plugin $Regex = $this->DivListACL -> Regex; $SubSearch = $this->DivListACL -> SubSearch; $base = $_SESSION['CurrentMainBase']; - $Attrs = array("ou","gosaAclEntry","objectClass"); + $Attrs = array("ou","cn","description","gosaAclEntry","objectClass"); $res = array(); $tmp = array(); // Will contain temporary results $ldap = $this->config->get_ldap_link(); $Filter = "(&(objectClass=gosaACL)(gosaAclEntry=*)(|(cn=".$Regex.")(ou=".$Regex.")))"; + $FilterRoles= "(&(objectClass=gosaRole)(|(cn=".$Regex.")(ou=".$Regex.")))"; /* Fetch following structures, this will be used if !$SubSearch */ $fetch_this = array( @@ -340,13 +397,23 @@ class aclManagement extends plugin /* Get all object in this base */ $Flags = GL_SIZELIMIT | GL_SUBSEARCH; $fetch_base = $base; - $tmp = get_list($Filter, "acl", $fetch_base, $Attrs, $Flags); + $tmp = get_list($Filter, "acl", $fetch_base, $Attrs, $Flags); + $tmp2 = get_list($FilterRoles, "acl", $fetch_base, $Attrs, $Flags); foreach($tmp as $entry){ $res[] = $entry; } + foreach($tmp2 as $entry){ + $res[] = $entry; + } }else{ + $tmp_roles = get_list($FilterRoles, "acl", "ou=aclroles,".$base, $Attrs,GL_SIZELIMIT); + + foreach($tmp_roles as $entry){ + $res[] = $entry; + } + /* Walk through all possible bases */ foreach($fetch_this as $type => $data){ @@ -379,6 +446,64 @@ class aclManagement extends plugin } + /* Perform copy & paste requests + If copy&paste is in progress this returns a dialog to fix required attributes + */ + function copyPasteHandling($s_action,$s_entry) + { + /* Paste copied/cutted object in here + */ + $ui = get_userinfo(); + if(($s_action == "editPaste") || ($this->CopyPasteHandler->stillOpen())){ + $this->CopyPasteHandler->save_object(); + $this->CopyPasteHandler->SetVar("base",$this->DivListGroup->selectedBase); + if($str = $this->CopyPasteHandler->execute()){ + return( $str); + }; + /* Ensure that the new object is shown in the list now */ + $this->reload(); + } + + + /* Copy current object to CopyHandler + */ + if($s_action == "copy"){ + + $dn = $this->list[trim($s_entry)]['dn']; + $acl_all = $ui->has_complete_category_acls($this->DivListACL->selectedBase,"acl") ; + if(preg_match("/(c.*w|w.*c)/",$acl_all)){ + + $this->CopyPasteHandler->Clear(); + $obj = new acl($this->config, NULL, $dn, TRUE); + $obj->set_acl_base($dn); + $objNew = new acl($this->config, NULL,"new", TRUE); + $objNew->set_acl_base($dn); + + $this->CopyPasteHandler->Copy($obj,$objNew); + }else{ + print_red("You are not allowed to copy this entry."); + } + } + + /* Copy current object to CopyHandler + */ + if($s_action == "cut"){ + + $dn = $this->list[trim($s_entry)]['dn']; + $acl_all = $ui->has_complete_category_acls($this->DivListACL->selectedBase,"acl") ; + if(preg_match("/(c.*w|w.*c)/",$acl_all)){ + + $this->CopyPasteHandler->Clear(); + $obj= new acl($this->config,NULL, $dn, TRUE); + $obj->set_acl_base($dn); + $this->CopyPasteHandler->Cut($obj); + }else{ + print_red("You are not allowed to cut this entry."); + } + } + } + + function remove_lock() { /* Remove acl lock if a DN is marked as "currently edited" */ @@ -415,25 +540,6 @@ class aclManagement extends plugin return(array()); } - - /* Return plugin informations for acl handling */ - function plInfo() - { - return (array( - "plShortName" => _("ACL"), - "plDescription" => _("ACL")." - ("._("Access control list").")", - "plSelfModify" => FALSE, - "plDepends" => array(), - "plPriority" => 0, - "plSection" => array("administration"), - "plCategory" => array("acl" => array("description" => _("ACL")." "._("Access control list"), - "objectClass" => "gosaACL")), - "plProvidedAcls"=> array( - "Dummy" => _("I don't know Jack")) - - )); - } - } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: ?> diff --git a/plugins/admin/acl/class_acl_role.inc b/plugins/admin/acl/class_acl_role.inc new file mode 100644 index 000000000..0b318d062 --- /dev/null +++ b/plugins/admin/acl/class_acl_role.inc @@ -0,0 +1,947 @@ +dn == "new"){ + $this->base = $_SESSION['CurrentMainBase']; + }else{ + $this->base = preg_replace("/^[^,]+,[^,]+,/","",$this->dn); + } + + /* Load ACL's */ + $this->gosaAclTemplate= array(); + if (isset($this->attrs["gosaAclTemplate"])){ + for ($i= 0; $i<$this->attrs["gosaAclTemplate"]['count']; $i++){ + $acl= $this->attrs["gosaAclTemplate"][$i]; + $this->gosaAclTemplate= array_merge($this->gosaAclTemplate, $this->explodeACL($acl)); + } + } + ksort($this->gosaAclTemplate); + + /* Extract available categories from plugin info list */ + $tmp= get_global('plist'); + $plist= $tmp->info; + $oc = array(); + foreach ($plist as $class => $acls){ + + /* Only feed categories */ + if (isset($acls['plCategory'])){ + + /* Walk through supplied list and feed only translated categories */ + foreach($acls['plCategory'] as $idx => $data){ + + /* Non numeric index means -> base object containing more informations */ + if (preg_match('/^[0-9]+$/', $idx)){ + if (!isset($this->ocMapping[$data])){ + $this->ocMapping[$data]= array(); + $this->ocMapping[$data][]= '0'; + } + $this->ocMapping[$data][]= $class; + } else { + if (!isset($this->ocMapping[$idx])){ + $this->ocMapping[$idx]= array(); + $this->ocMapping[$idx][]= '0'; + } + $this->ocMapping[$idx][]= $class; + $this->aclObjects[$idx]= $data['description']; + + /* Additionally filter the classes we're interested in in "self edit" mode */ + if (is_array($data['objectClass'])){ + foreach($data['objectClass'] as $objectClass){ + if (in_array_ics($objectClass, $oc)){ + $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; + break; + } + } + } else { + if (in_array_ics($data['objectClass'], $oc)){ + $this->myAclObjects[$idx.'/'.$class]= $acls['plDescription']; + } + } + } + + } + } + } + $this->aclObjects['all']= '* '._("All categories"); + $this->ocMapping['all']= array('0' => 'all'); + + /* Sort categories */ + asort($this->aclObjects); + + /* Fill acl types */ + $this->aclTypes= array( "reset" => _("Reset ACLs"), + "one" => _("One level"), + "base" => _("Current object"), + "sub" => _("Complete subtree"), + "psub" => _("Complete subtree (permanent)")); + asort($this->aclTypes); + + /* Finally - we want to get saved... */ + $this->is_account= TRUE; + } + + + function execute() + { + /* Call parent execute */ + plugin::execute(); + + /* Base select dialog */ + $once = true; + foreach($_POST as $name => $value){ + if((preg_match("/^chooseBase/",$name) && $once) && ($this->acl_is_moveable())){ + $once = false; + $this->dialog = new baseSelectDialog($this->config,$this,$this->get_allowed_bases()); + $this->dialog->setCurrentBase($this->base); + } + } + + /* Dialog handling */ + if(is_object($this->dialog)){ + /* Must be called before save_object */ + $this->dialog->save_object(); + + if($this->dialog->isClosed()){ + $this->dialog = false; + }elseif($this->dialog->isSelected()){ + + /* Check if selected base is valid */ + $tmp = $this->get_allowed_bases(); + if(isset($tmp[$this->dialog->isSelected()])){ + $this->base = $this->dialog->isSelected(); + } + $this->dialog= false; + }else{ + return($this->dialog->execute()); + } + } + + $tmp= get_global('plist'); + $plist= $tmp->info; + + /* Handle posts */ + if (isset($_POST['new_acl'])){ + $this->dialogState= 'create'; + $this->dialog= TRUE; + $this->currentIndex= count($this->gosaAclTemplate); + $this->loadAclEntry(TRUE); + } + + $new_acl= array(); + $aclDialog= FALSE; + $firstedit= FALSE; + foreach($_POST as $name => $post){ + + /* Actions... */ + if (preg_match('/^acl_edit_.*_x/', $name)){ + $this->dialogState= 'create'; + $firstedit= TRUE; + $this->dialog= TRUE; + $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name); + $this->loadAclEntry(); + continue; + } + if (preg_match('/^acl_del_.*_x/', $name)){ + unset($this->gosaAclTemplate[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]); + continue; + } + + if (preg_match('/^cat_edit_.*_x/', $name)){ + $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name); + $this->dialogState= 'edit'; + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->aclContents[$oc])){ + $this->savedAclContents[$oc]= $this->aclContents[$oc]; + } + } + continue; + } + if (preg_match('/^cat_del_.*_x/', $name)){ + $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name); + foreach ($this->ocMapping[$idx] as $key){ + unset($this->aclContents["$idx/$key"]); + } + continue; + } + + /* Sorting... */ + if (preg_match('/^sortup_.*_x/', $name)){ + $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name); + if ($index > 0){ + $tmp= $this->gosaAclTemplate[$index]; + $this->gosaAclTemplate[$index]= $this->gosaAclTemplate[$index-1]; + $this->gosaAclTemplate[$index-1]= $tmp; + } + continue; + } + if (preg_match('/^sortdown_.*_x/', $name)){ + $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name); + if ($index < count($this->gosaAclTemplate)-1){ + $tmp= $this->gosaAclTemplate[$index]; + $this->gosaAclTemplate[$index]= $this->gosaAclTemplate[$index+1]; + $this->gosaAclTemplate[$index+1]= $tmp; + } + continue; + } + + /* ACL saving... */ + if (preg_match('/^acl_.*_[^xy]$/', $name)){ + $aclDialog= TRUE; + list($dummy, $object, $attribute, $value)= split('_', $name); + + /* Skip for detection entry */ + if ($object == 'dummy') { + continue; + } + + /* Ordinary ACLs */ + if (!isset($new_acl[$object])){ + $new_acl[$object]= array(); + } + if (isset($new_acl[$object][$attribute])){ + $new_acl[$object][$attribute].= $value; + } else { + $new_acl[$object][$attribute]= $value; + } + } + } + + /* Only be interested in new acl's, if we're in the right _POST place */ + if ($aclDialog && $this->aclObject != "" && is_array($this->ocMapping[$this->aclObject])){ + + foreach ($this->ocMapping[$this->aclObject] as $oc){ + unset($this->aclContents[$oc]); + unset($this->aclContents[$this->aclObject.'/'.$oc]); + if (isset($new_acl[$oc])){ + $this->aclContents[$oc]= $new_acl[$oc]; + } + if (isset($new_acl[$this->aclObject.'/'.$oc])){ + $this->aclContents[$this->aclObject.'/'.$oc]= $new_acl[$this->aclObject.'/'.$oc]; + } + } + } + + /* Save new acl in case of base edit mode */ + if ($this->aclType == 'base' && !$firstedit){ + $this->aclContents= $new_acl; + } + + /* Cancel new acl? */ + if (isset($_POST['cancel_new_acl'])){ + $this->dialogState= 'head'; + $this->dialog= FALSE; + if ($this->wasNewEntry){ + unset ($this->gosaAclTemplate[$this->currentIndex]); + } + } + + /* Store ACL in main object? */ + if (isset($_POST['submit_new_acl'])){ + $this->gosaAclTemplate[$this->currentIndex]['type']= $this->aclType; + $this->gosaAclTemplate[$this->currentIndex]['members']= $this->recipients; + $this->gosaAclTemplate[$this->currentIndex]['acl']= $this->aclContents; + $this->dialogState= 'head'; + $this->dialog= FALSE; + } + + /* Cancel edit acl? */ + if (isset($_POST['cancel_edit_acl'])){ + $this->dialogState= 'create'; + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->savedAclContents[$oc])){ + $this->aclContents[$oc]= $this->savedAclContents[$oc]; + } + } + } + + /* Save edit acl? */ + if (isset($_POST['submit_edit_acl'])){ + $this->dialogState= 'create'; + } + + /* Add acl? */ + if (isset($_POST['add_acl']) && $_POST['aclObject'] != ""){ + $this->dialogState= 'edit'; + $this->savedAclContents= array(); + foreach ($this->ocMapping[$this->aclObject] as $oc){ + if (isset($this->aclContents[$oc])){ + $this->savedAclContents[$oc]= $this->aclContents[$oc]; + } + } + } + + /* Save common values */ + foreach (array("aclType", "aclObject", "target") as $key){ + if (isset($_POST[$key])){ + $this->$key= validate($_POST[$key]); + } + } + + /* Create templating instance */ + $smarty= get_smarty(); + + $smarty->assign("bases", $this->get_allowed_bases()); + $smarty->assign("base_select", $this->base); + + $tmp = $this->plInfo(); + foreach($tmp['plProvidedAcls'] as $name => $translation){ + $smarty->assign($name."ACL",$this->getacl($name)); + } + + if ($this->dialogState == 'head'){ + /* Draw list */ + $aclList= new DivSelectBox("aclList"); + $aclList->SetHeight(350); + + /* Fill in entries */ + foreach ($this->gosaAclTemplate as $key => $entry){ + $field1= array("string" => $this->aclTypes[$entry['type']], "attach" => "style='width:100px'"); + $field2= array("string" => $this->assembleAclSummary($entry)); + $action= ""; + $action.= ""; + $action.= ""; + $action.= ""; + + $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'"); + $aclList->AddEntry(array($field1, $field2, $field3)); + } + + $smarty->assign("aclList", $aclList->DrawList()); + } + + if ($this->dialogState == 'create'){ + /* Draw list */ + $aclList= new DivSelectBox("aclList"); + $aclList->SetHeight(450); + + /* Add settings for all categories to the (permanent) list */ + foreach ($this->aclObjects as $section => $dsc){ + $summary= ""; + foreach($this->ocMapping[$section] as $oc){ + if (isset($this->aclContents[$oc]) && count($this->aclContents[$oc]) && isset($this->aclContents[$oc][0]) && + $this->aclContents[$oc][0] != ""){ + + $summary.= "$oc, "; + continue; + } + if (isset($this->aclContents["$section/$oc"]) && count($this->aclContents["$section/$oc"]) && isset($this->aclContents["$section/$oc"][0]) && + $this->aclContents["$section/$oc"][0] != ""){ + + $summary.= "$oc, "; + continue; + } + if (isset($this->aclContents[$oc]) && !isset($this->aclContents[$oc][0]) && count($this->aclContents[$oc])){ + $summary.= "$oc, "; + } + } + + /* Set summary... */ + if ($summary == ""){ + $summary= ''._("No ACL settings for this category").''; + } else { + $summary= sprintf(_("Contains ACLs for these objects: %s"), preg_replace('/, $/', '', $summary)); + } + + $field1= array("string" => $dsc, "attach" => "style='width:140px'"); + $field2= array("string" => $summary); + $action= ""; + $action.= ""; + $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px'"); + $aclList->AddEntry(array($field1, $field2, $field3)); + } + + $smarty->assign("aclList", $aclList->DrawList()); + $smarty->assign("aclType", $this->aclType); + $smarty->assign("aclTypes", $this->aclTypes); + $smarty->assign("target", $this->target); + + if ($this->aclType == 'base'){ + $smarty->assign('aclSelector', $this->buildAclSelector($this->myAclObjects)); + } + } + + if ($this->dialogState == 'edit'){ + $smarty->assign('headline', sprintf(_("Edit ACL for '%s', scope is '%s'"), $this->aclObjects[$this->aclObject], $this->aclTypes[$this->aclType])); + + /* Collect objects for selected category */ + foreach ($this->ocMapping[$this->aclObject] as $idx => $class){ + if ($idx == 0){ + continue; + } + $aclObjects[$this->aclObject.'/'.$class]= $plist[$class]['plDescription']; + } + if ($this->aclObject == 'all'){ + $aclObjects['all']= _("All objects in current subtree"); + } + $smarty->assign('aclSelector', $this->buildAclSelector($aclObjects)); + } + + /* Show main page */ + $smarty->assign("dialogState", $this->dialogState); + + /* Assign cn and decription if this is a role */ + foreach(array("cn","description") as $name){ + $smarty->assign($name,$this->$name); + } + return ($smarty->fetch (get_template_path('acl_role.tpl',dirname(__FILE__)))); + } + + function sort_by_priority($list) + { + $tmp= get_global('plist'); + $plist= $tmp->info; + asort($plist); + $newSort = array(); + + foreach($list as $name => $translation){ + $na = preg_replace("/^.*\//","",$name); + $prio= $plist[$na]['plPriority'] ; + + $newSort[$name] = $prio; + } + + asort($newSort); + + $ret = array(); + foreach($newSort as $name => $prio){ + $ret[$name] = $list[$name]; + } + return($ret); + } + + function buildAclSelector($list) + { + $display= ""; + $cols= 3; + $tmp= get_global('plist'); + $plist= $tmp->info; + asort($plist); + + /* Add select all/none buttons */ + $style = "style='width:100px;'"; + + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + + $display .= "
"; + + $style = "style='width:50px;'"; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + $display .= ""; + $display .= ""; + $display .= ""; + $display .= " - "; + + $display .= ""; + $display .= ""; + $display .= ""; + $display .= ""; + + /* Build general objects */ + $list =$this->sort_by_priority($list); + foreach ($list as $key => $name){ + + /* Create sub acl if it does not exist */ + if (!isset($this->aclContents[$key])){ + $this->aclContents[$key]= array(); + $this->aclContents[$key][0]= ''; + } + $currentAcl= $this->aclContents[$key]; + + /* Object header */ + if($_SESSION['js']) { + if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { + $display.= "\n". + "\n ". + "\n ". + "\n ". + "\n "; + } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) { + $display.= "\n
"._("Object").": $name". + "\n
". + "\n ". + "\n ". + "\n ". + "\n "; + } else { + $display.= "\n
"._("Object").": $name". + "\n
". + "\n ". + "\n ". + "\n "; + } + } else { + $display.= "\n
"._("Object").": $name
". + "\n ". + "\n ". + "\n "; + } + + /* Generate options */ + $spc= "  "; + if ($this->isContainer && $this->aclType != 'base'){ + $options= $this->mkchkbx($key."_0_c", _("Create objects"), preg_match('/c/', $currentAcl[0])).$spc; + $options.= $this->mkchkbx($key."_0_m", _("Move objects"), preg_match('/m/', $currentAcl[0])).$spc; + $options.= $this->mkchkbx($key."_0_d", _("Remove objects"), preg_match('/d/', $currentAcl[0])).$spc; + if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ + $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc; + } + } else { + $options= $this->mkchkbx($key."_0_m", _("Move object"), preg_match('/m/', $currentAcl[0])).$spc; + $options.= $this->mkchkbx($key."_0_d", _("Remove object"), preg_match('/d/', $currentAcl[0])).$spc; + if ($plist[preg_replace('%^.*/%', '', $key)]['plSelfModify']){ + $options.= $this->mkchkbx($key."_0_s", _("Modifyable by owner"), preg_match('/s/', $currentAcl[0])).$spc; + } + } + + /* Global options */ + $more_options= $this->mkchkbx($key."_0_r", _("read"), preg_match('/r/', $currentAcl[0])).$spc; + $more_options.= $this->mkchkbx($key."_0_w", _("write"), preg_match('/w/', $currentAcl[0])); + + $display.= "\n ". + "\n ". + "\n ". + "\n "; + + /* Walk through the list of attributes */ + $cnt= 1; + $splist= $plist[preg_replace('%^.*/%', '', $key)]['plProvidedAcls']; + asort($splist); + if($_SESSION['js']) { + if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) { + $display.= "\n ". + "\n
"._("Object").": $name
$options "._("Complete object").": $more_options
". + "\n