From 0a065ac1bf0e5fb2f0b06fd63f53cc187a8895d9 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 24 Nov 2006 08:25:39 +0000
Subject: [PATCH] Several systems acl fixes

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5217 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 plugins/admin/systems/class_divListSystem.inc | 58 ++++++++++++++-----
 .../admin/systems/class_systemManagement.inc  | 36 ++++++++++--
 .../admin/systems/class_terminalGeneric.inc   |  1 +
 .../systems/class_workstationGeneric.inc      |  1 +
 4 files changed, 78 insertions(+), 18 deletions(-)

diff --git a/plugins/admin/systems/class_divListSystem.inc b/plugins/admin/systems/class_divListSystem.inc
index 4332d8c83..9ca7308e3 100644
--- a/plugins/admin/systems/class_divListSystem.inc
+++ b/plugins/admin/systems/class_divListSystem.inc
@@ -142,19 +142,39 @@ class divListSystem extends MultiSelectWindow
     if(preg_match("/(c.*w|w.*c)/",$all_module_acls)){
       $listhead .= $this->get_snapshot_header($this->selectedBase);
     }
-    $listhead .= " <input class='center' type='image' align='middle' src='images/select_new_terminal.png'
-      name='newsystem_terminal'    alt='"._("New Terminal template")."' title='"._("New Terminal")."'>".
-      " <input class='center' type='image' align='middle' src='images/select_new_workstation.png'
-      name='newsystem_workstation' alt='"._("New Workstation template")."' title='"._("New Workstation")."'>".
-      " <input class='center' type='image' align='middle' src='images/select_new_server.png'     name='newsystem_server'      alt='"._("New Server")."'
-      title='"._("New Server")."'>".
-      " <input class='center' type='image' align='middle' src='images/select_new_printer.png'    name='newsystem_printer'     alt='"._("New Printer")."'
-      title='"._("New Printer")."'>".
-      " <input class='center' type='image' align='middle' src='images/select_new_phone.png'      name='newsystem_phone'       alt='"._("New Phone")."'
-      title='"._("New Phone")."'>".
-      " <input class='center' type='image' align='middle' src='images/select_new_component.png'  name='newsystem_component'   alt='"._("New Component")."'
-      title='"._("New Component")."'>".
-      " <img class='center' src='images/list_seperator.png' align='middle' alt='' height='16' width='1'>&nbsp;"._("Base")."&nbsp;".
+
+    
+    if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"terminal/termgeneric"))){
+      $listhead .= "<input class='center' type='image' align='middle' src='images/select_new_terminal.png'
+        name='newsystem_terminal'    alt='"._("New Terminal template")."' title='"._("New Terminal")."'>&nbsp;";
+    }
+
+    if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"workstation/workgeneric"))){
+      $listhead .= "<input class='center' type='image' align='middle' src='images/select_new_workstation.png'
+        name='newsystem_workstation' alt='"._("New Workstation template")."' title='"._("New Workstation")."'>&nbsp;";
+    }
+
+    if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"server/servgeneric"))){
+      $listhead .= "<input class='center' type='image' align='middle' src='images/select_new_server.png'     
+        name='newsystem_server' alt='"._("New Server")."' title='"._("New Server")."'>&nbsp;";
+    }
+
+    if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"printer/printgenric"))){
+      $listhead .= "<input class='center' type='image' align='middle' src='images/select_new_printer.png'    
+        name='newsystem_printer'     alt='"._("New Printer")."' title='"._("New Printer")."'>&nbsp;";
+    }
+
+    if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"phone/phoneGeneric"))){
+      $listhead .= "<input class='center' type='image' align='middle' src='images/select_new_phone.png'      
+        name='newsystem_phone' alt='"._("New Phone")."' title='"._("New Phone")."'>&nbsp;";
+    }
+
+    if(preg_match("/c/",$ui->get_permissions($this->selectedBase,"component/componentGeneric"))){
+      $listhead .= "<input class='center' type='image' align='middle' src='images/select_new_component.png'  
+        name='newsystem_component' alt='"._("New Component")."' title='"._("New Component")."'>&nbsp;";
+    }
+
+    $listhead .= "<img class='center' src='images/list_seperator.png' align='middle' alt='' height='16' width='1'>&nbsp;"._("Base")."&nbsp;".
       " <select name='CurrentMainBase' onChange='mainform.submit()' class='center'>$options</select>".
       " <input class='center' type='image' src='images/list_submit.png' align='middle'
       title='"._("Submit department")."' name='submit_department' alt='".           _("Submit")."'>&nbsp;".
@@ -239,12 +259,22 @@ class divListSystem extends MultiSelectWindow
         $display= $val["cn"][0].$dsc;
       }
 
-      if((in_array("gotoTerminal",$val['objectClass']))||(in_array("gotoWorkstation",$val['objectClass']))){
+     
+      /* Check if this is a terminal/workstation && if we are allowed to change the gotoRootPasswd */
+      $pwd_acl =""; 
+      if(in_array("gotoWorkstation",$val['objectClass'])){
+        $pwd_acl = $ui->get_permissions($val['dn'],"workstation/workgeneric","gotoRootPasswd");
+      }    
+      if(in_array("gotoTerminal",$val['objectClass'])){
+        $pwd_acl = $ui->get_permissions($val['dn'],"terminal/termgeneric","gotoRootPasswd");
+      }    
+      if(preg_match("/w/",$pwd_acl)){
         $action2 = "<input class='center' type='image' src='images/certs.png' alt='"._("Password")."'   name='user_setpwd_%KEY%' title='"._("Set root       password")."'>";
       }else{
         $action2 = "";
       }
 
+
       if(in_array("gotoWorkstation",$val['objectClass'])){
         $action2= "<input class='center' type='image' src='images/cdrom.png' alt='"._("Create CD")."'   
                       name='gen_cd_%KEY%' title='"._("Create FAI CD")."'>".$action2;
diff --git a/plugins/admin/systems/class_systemManagement.inc b/plugins/admin/systems/class_systemManagement.inc
index d20bc1766..6bd56f6b1 100644
--- a/plugins/admin/systems/class_systemManagement.inc
+++ b/plugins/admin/systems/class_systemManagement.inc
@@ -166,10 +166,19 @@ class systems extends plugin
         $tabname  = $tabs[$sw]["TABNAME"];
         $tabclass = $tabs[$sw]["TABCLASS"];
         $acl_cat  = $tabs[$sw]["ACL"];
-        $this->systab= new $tabclass($this->config, $this->config->data['TABS'][$class], $this->dn,$acl_cat);
-        $this->systab->set_acl_base($this->DivListSystem->selectedBase);
-        $this->systab->by_object[$tabname]->base = $this->DivListSystem->selectedBase;
-        $this->systab->base = $this->DivListSystem->selectedBase;
+
+        /* Load permissions for selected 'dn' and check if
+           we're allowed to remove this 'dn' */
+        $ui       = get_userinfo();
+        $tabacl   = $ui->get_permissions($this->DivListSystem->selectedBase,$acl_cat."/".$tabname);
+        if(preg_match("/c/",$tabacl)){
+          $this->systab= new $tabclass($this->config, $this->config->data['TABS'][$class], $this->dn,$sw);
+          $this->systab->set_acl_base($this->DivListSystem->selectedBase);
+          $this->systab->by_object[$tabname]->base = $this->DivListSystem->selectedBase;
+          $this->systab->base = $this->DivListSystem->selectedBase;
+        }else{
+          print_red(_("You are not allowed to create a new object of this type."));
+        }
       }
     }
 
@@ -231,9 +240,28 @@ class systems extends plugin
 
     /* Set terminals root password */
     if ($s_action=="change_pw"){
+      $tabs = array(
+          "terminal"    => array("CLASS"=>"TERMTABS",     "TABNAME"=>"termgeneric",     "TABCLASS" =>"termtabs",      "ACL"=> "terminal"),
+          "workstation" => array("CLASS"=>"WORKTABS",     "TABNAME"=>"workgeneric",     "TABCLASS" =>"worktabs",      "ACL"=> "workstation"));
+
+      $type = $this->get_system_type($this->terminals[$s_entry]['objectClass']);
+
+      $class    = $tabs[$type]["CLASS"];
+      $tabname  = $tabs[$type]["TABNAME"];
+      $acl_cat  = $tabs[$type]["ACL"];
+      $tabclass = $tabs[$type]["TABCLASS"];
+
+      $ui       = get_userinfo();
+      $tabacl   = $ui->get_permissions($this->DivListSystem->selectedBase,$acl_cat."/".$tabname,"gotoRootPasswd");
+      if(preg_match("/w/",$tabacl)){
+
+
       $this->dn= $this->terminals[$s_entry]['dn'];
       $_SESSION['objectinfo']= $this->dn;
       return ($smarty->fetch(get_template_path('password.tpl', TRUE)));
+      }else{
+        print_red(_("You are not allowed to change the password for this object."));
+      }
     }
 
 
diff --git a/plugins/admin/systems/class_terminalGeneric.inc b/plugins/admin/systems/class_terminalGeneric.inc
index ca29ec1e2..a2780325d 100644
--- a/plugins/admin/systems/class_terminalGeneric.inc
+++ b/plugins/admin/systems/class_terminalGeneric.inc
@@ -533,6 +533,7 @@ class termgeneric extends plugin
             "gotoNtpServer"       => _("Ntp server settings"),
             "base"                => _("Base"),
             "cn"                  => _("Name"),
+            "gotoRootPasswd"      => _("Root password"),
             "FAIstate"            => _("Action flag"))
           ));
   }
diff --git a/plugins/admin/systems/class_workstationGeneric.inc b/plugins/admin/systems/class_workstationGeneric.inc
index 8b34d8278..365456b74 100644
--- a/plugins/admin/systems/class_workstationGeneric.inc
+++ b/plugins/admin/systems/class_workstationGeneric.inc
@@ -537,6 +537,7 @@ class workgeneric extends plugin
             "gotoMode"            => _("Goto mode"), 
             "gotoSyslogServer"    => _("Syslog server"), 
             "gotoNtpServer"       => _("Ntp server"), 
+            "gotoRootPasswd"      => _("Root password"),
             "FAIstate"            => _("Action flag"))
           ));
   }
-- 
2.30.2