From 1a11621378ea24169b00de03696f20d8f8a5e98c Mon Sep 17 00:00:00 2001 From: hickert Date: Thu, 22 Apr 2010 11:59:03 +0000 Subject: [PATCH] Updated acl resolver git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@17789 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../generic/references/class_aclResolver.inc | 203 +++++++++++++----- 1 file changed, 145 insertions(+), 58 deletions(-) diff --git a/gosa-core/plugins/generic/references/class_aclResolver.inc b/gosa-core/plugins/generic/references/class_aclResolver.inc index dff16b794..a77f75be5 100644 --- a/gosa-core/plugins/generic/references/class_aclResolver.inc +++ b/gosa-core/plugins/generic/references/class_aclResolver.inc @@ -2,11 +2,12 @@ class aclResolver { - private $classMapping = array(); private $aclTypes = array(); private $affectingACLs = array(); + private $renderedList = ""; + function __construct($config, $dn, $parent) { $this->config = &$config; @@ -17,7 +18,7 @@ class aclResolver $this->acl_category = preg_replace("/\/$/","",$parent->acl_category); } - // Build class mapping + // Build class mapping - only once, will not change during session. if(!session::is_set('aclConverter::classMapping')){ $tmp= session::global_get('plist'); $plist= $tmp->info; @@ -48,20 +49,38 @@ class aclResolver } $this->classMapping = session::get('aclConverter::classMapping'); + // Define ACL type translations + $this->aclTypes= array("reset" => _("Reset ACLs"), + "one" => _("One level"), + "base" => _("Current object"), + "sub" => _("Complete subtree"), + "psub" => _("Complete subtree (permanent)"), + "role" => _("Use ACL defined in role")); + + $this->reload(); + } + + + function reload() + { + // Go through all ACLs and get those matching out DN. $ui = get_userinfo(); + $ui->reset_acl_cache(); + $ui->loadACL(); + foreach($ui->allACLs as $dn => $acls){ if(preg_match("/".preg_quote($dn,'/')."$/i", $this->dn)){ foreach($acls as $prio => $acl){ if($acl['type'] == "reset"){ $this->affectingACLs[$dn][$prio] = $acl; - break; + continue; }else{ foreach($acl['acl'] as $category => $attributes){ if(preg_match("/^all($|\/)/", $category) || preg_match("/^".$this->acl_category."($|\/)/", $category)){ $this->affectingACLs[$dn][$prio] = $acl; - break; + continue; } } } @@ -69,73 +88,141 @@ class aclResolver } } - // Define ACL type translations - $this->aclTypes= array("reset" => _("Reset ACLs"), - "one" => _("One level"), - "base" => _("Current object"), - "sub" => _("Complete subtree"), - "psub" => _("Complete subtree (permanent)"), - "role" => _("Use ACL defined in role")); + // Enforce to reload acl result + $this->renderedList = ""; } + /*! \brief Create a human readable HTML result */ function getReadableACL() { - $tpl = - "\n ". - "\n %s". - "\n %s". - "\n %s". - "\n ". - "\n ". - "\n ". - "\n "._("Group members")."". - "\n ". - "\n ". - "\n ". - "\n "._("Members")."". - "\n ". - "\n ". - "\n ". - "\n "._("Acls")."". - "\n ". - "\n ". - "\n
". - "\n "; - - - $str = ""; - foreach($this->affectingACLs as $dn => $acls){ - foreach($acls as $acl){ - $gmem = $umem = $defs = ""; - $image = (isset($this->config->idepartments[$dn]))? "images/select_department.png":"images/lists/element.png"; - $aclType = $this->aclTypes[$acl['type']]; - - foreach($acl['members'] as $type => $name){ - if(preg_match("/^G/", $type)) - $gmem .= "\n
  • ".$name."
  • "; - } - foreach($acl['members'] as $type => $name){ - if(!preg_match("/^G/", $type)) - $umem .= "\n
  • ".$name."
  • "; - } + if(empty($this->renderedList)){ + + $tpl = + "\n ". + "\n ". + "\n ". + "\n ". + "\n %s". + "\n ". + "\n ". + "\n "; + + $filter_tpl = + "\n ". + "\n ". + "\n ". + "\n ". + "\n "; + + $gmem_tpl = + "\n ". + "\n ". + "\n ". + "\n ". + "\n "; + + $umem_tpl = + "\n ". + "\n ". + "\n ". + "\n ". + "\n "; + + $acl_tpl = + "\n ". + "\n ". + "\n ". + "\n ". + "\n "; + + + $str = "
    %s%s - %s

    "._("Filter")."
    • %s
    "._("Group members")."
      %s
    "._("Members")."
      %s
    "._("Acls")."
      %s
    "; + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + $ui = get_userinfo(); + foreach($this->affectingACLs as $dn => $acls){ + foreach($acls as $acl){ + $gmem = $umem = $defs = ""; + $image = (isset($this->config->idepartments[$dn]))? "images/select_department.png":"images/lists/element.png"; + $aclType = $this->aclTypes[$acl['type']]; + + // Does the filter match for us? + $filter =""; + $match = TRUE; + if(!empty($acl['filter'])){ + $match = $ldap->object_match_filter($ui->dn,$acl['filter']); + $filter= $acl['filter']; + if(!$match){ + $filter= "".$filter.""; + } + } - if($acl['type']!='reset'){ - foreach($acl['acl'] as $type => $acl){ - if(isset($this->classMapping[$type])){ - $defs .= "
  • ".$this->classMapping[$type].": ".$this->aclToString($acl)."
  • "; - }else{ - $defs .= "
  • ".$type.": ".$this->aclToString($acl)."
  • "; + // Check if we are part of the member list + if($match){ + $found = FALSE; + foreach($acl['members'] as $mem => $desc){ + if($mem == "U:{$ui->dn}"){ + $found = TRUE; + break; + } + if($mem == "G:*"){ + $found = TRUE; + break; + } + if(preg_match("/^G:/", $mem)){ + $gdn = preg_replace("/^G:/","",$mem); + $ldap->cat($gdn,array('memberUid')); + if($ldap->count()){ + $attrs = $ldap->fetch(); + if(isset($attrs['memberUid']) && in_array($ui->uid, $attrs['memberUid'])){ + $found = TRUE; + } + } + break; + } + } + $match = $found; + } + + $class = ""; + if(!$match){ + $class = "acl-viewer-blocked"; + } + + if(!empty($filter)) $filter =sprintf($filter_tpl,$class,$filter); + + foreach($acl['members'] as $type => $name){ + if(preg_match("/^G/", $type)) + $gmem .= "\n
  • ".$name."
  • "; + } + if(!empty($gmem)) $gmem =sprintf($gmem_tpl,$class,$gmem); + + foreach($acl['members'] as $type => $name){ + if(!preg_match("/^G/", $type)) + $umem .= "\n
  • ".$name."
  • "; + } + if(!empty($umem)) $umem = sprintf($umem_tpl,$class,$umem); + + if($acl['type']!='reset'){ + foreach($acl['acl'] as $type => $acl){ + if(isset($this->classMapping[$type])){ + $defs .= "
  • ".$this->classMapping[$type].": ".$this->aclToString($acl)."
  • "; + }else{ + $defs .= "
  • ".$type.": ".$this->aclToString($acl)."
  • "; + } } + if(!empty($defs)) $defs = sprintf($acl_tpl, $class,$defs); } + $str.= sprintf($tpl,$class, image($image), $dn, $aclType, $filter.$gmem.$umem.$defs); } - $str.= sprintf($tpl, image($image), $dn, $aclType, $gmem, $umem, $defs); } + $str .= "
    "; + $this->renderedList = $str; } - $str .= ""; - return($str); + return($this->renderedList); } function aclToString($acls) -- 2.30.2