From 1fdf2b3c34023326be8ce8f4830635af43b66898 Mon Sep 17 00:00:00 2001 From: cajus Date: Fri, 19 May 2006 06:56:15 +0000 Subject: [PATCH] Added functionality to do strict filtering for administrative units git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@3444 594d385d-05f5-0310-b6e9-bd551577e9d8 --- FAQ | 4 ++++ include/class_userinfo.inc | 7 ++++++- include/functions.inc | 8 +++++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/FAQ b/FAQ index 690b07478..402938da6 100644 --- a/FAQ +++ b/FAQ @@ -296,3 +296,7 @@ A: No need to modify anything. Just add a hook the the plugin you'd like to to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due to technical reasons. + +Q: Is there a way to use ACL independet filtering when using administrative units? + +A: Yes. Set STRICT_UNITS to TRUE in your gosa.conf's main section. diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index 5ac469a84..77003f9e7 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -27,6 +27,7 @@ class userinfo var $gidNumber= -1; var $language= ""; var $config; + var $gosaUnitTag= ""; var $subtreeACL= array(); /* get acl's an put them into the userinfo object @@ -34,7 +35,7 @@ class userinfo function userinfo($config, $userdn){ $this->config= $config; $ldap= $this->config->get_ldap_link(); - $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage')); + $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag')); $attrs= $ldap->fetch(); if (isset($attrs['givenName'][0]) && isset($attrs['sn'][0])){ @@ -51,6 +52,10 @@ class userinfo $this->language= $attrs['preferredLanguage'][0]; } + if (isset($attrs['gosaUnitTag'][0])){ + $this->gosaUnitTag= $attrs['gosaUnitTag'][0]; + } + $this->dn= $userdn; $this->ip= $_SERVER['REMOTE_ADDR']; } diff --git a/include/functions.inc b/include/functions.inc index c9c500581..0cb50d54b 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -492,7 +492,7 @@ function get_lock ($object) function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH) { - global $config; + global $config, $ui; /* Get LDAP link */ $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT); @@ -504,6 +504,12 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= $ldap->cd ($base); } + /* Strict filter for administrative units? */ + if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) && + preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){ + $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)"; + } + /* Perform ONE or SUB scope searches? */ if ($flags & GL_SUBSEARCH) { $ldap->search ($filter, $attributes); -- 2.30.2