From 21cfbf6d19f4f30eb803d40d19ba0ceecd5e478d Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 7 Aug 2006 11:12:44 +0000 Subject: [PATCH] Fixed acls for samba3 git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4415 594d385d-05f5-0310-b6e9-bd551577e9d8 --- plugins/personal/samba/class_sambaAccount.inc | 41 ++++++++++--------- plugins/personal/samba/main.inc | 7 +++- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/plugins/personal/samba/class_sambaAccount.inc b/plugins/personal/samba/class_sambaAccount.inc index 151607111..edc286e0e 100644 --- a/plugins/personal/samba/class_sambaAccount.inc +++ b/plugins/personal/samba/class_sambaAccount.inc @@ -225,12 +225,14 @@ class sambaAccount extends plugin } } + $SkipWrite = (!isset($this->parent) || !$this->parent) && !isset($_SESSION['edit']); + /* Prepare templating */ $smarty= get_smarty(); $tmp = $this->plInfo(); foreach($tmp['plProvidedAcls'] as $var => $rest){ - $smarty->assign($var."ACL",$this->getacl($var)); + $smarty->assign($var."ACL",$this->getacl($var,$SkipWrite)); } if ($this->sambaPwdMustChange=="0"){ @@ -260,7 +262,7 @@ class sambaAccount extends plugin /* Remove user workstations? */ if (isset($_POST["delete_ws"]) && isset($_POST['workstation_list'])){ - if($this->acl_is_writeable("sambaUserWorkstations")){ + if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){ $tmp= $this->sambaUserWorkstations; foreach($_POST['workstation_list'] as $name){ @@ -274,7 +276,7 @@ class sambaAccount extends plugin /* Add user workstation? */ if (isset($_POST["add_ws"])){ - if($this->acl_is_writeable("sambaUserWorkstations")){ + if($this->acl_is_writeable("sambaUserWorkstations",$SkipWrite)){ $this->show_ws_dialog= TRUE; $this->dialog= TRUE; } @@ -482,7 +484,7 @@ class sambaAccount extends plugin $smarty->assign("tsloginstate", $this->mungedObject->getTsLogin()?"":"disabled"); $smarty->assign("inheritstate", ""); - if($this->acl_is_writeable("AllowLoginOnTerminalServer")){ + if($this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)){ $smarty->assign("inheritstate", $this->mungedObject->getInheritMode()?"disabled":""); } @@ -655,13 +657,14 @@ class sambaAccount extends plugin function save_object() { + $SkipWrite = (!isset($this->parent) || !$this->parent) && !isset($_SESSION['edit']); /* We only care if we are on the sambaTab... */ if (isset($_POST['sambaTab'])){ plugin::save_object(); /* Take care about access options */ - if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){ + if ($this->acl_is_writeable("sambaAcctFlagsL",$SkipWrite) || ($this->acl_is_writeable("sambaAcctFlagsN",$SkipWrite))){ if ($this->samba3){ $attrname= "sambaPwdCanChange"; } else { @@ -730,7 +733,7 @@ class sambaAccount extends plugin $tmp= "[$tmp$fill]"; /* Only save if acl's are set */ - if ($this->acl_is_writeable("sambaAcctFlagsL") || ($this->acl_is_writeable("sambaAcctFlagsN"))){ + if ($this->acl_is_writeable("sambaAcctFlagsL",$SkipWrite) || ($this->acl_is_writeable("sambaAcctFlagsN",$SkipWrite))){ if ($this->samba3){ $attrname= "sambaAcctFlags"; } else { @@ -743,7 +746,7 @@ class sambaAccount extends plugin } /* Save sambaDomain attribute */ - if ($this->acl_is_writeable("sambaDomainName") && $this->samba3 && isset ($_POST['sambaDomainName'])){ + if ($this->acl_is_writeable("sambaDomainName",$SkipWrite) && $this->samba3 && isset ($_POST['sambaDomainName'],$SkipWrite)){ $this->sambaDomainName= validate($_POST['sambaDomainName']); } @@ -752,7 +755,7 @@ class sambaAccount extends plugin /* Save obvious values */ foreach($this->ctxattributes as $val){ - if (isset($_POST[$val]) && $this->acl_is_writeable("AllowLoginOnTerminalServer")){ + if (isset($_POST[$val]) && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)){ if (get_magic_quotes_gpc()) { $this->mungedObject->ctx[$val]= stripcslashes(validate($_POST[$val])); } else { @@ -763,35 +766,35 @@ class sambaAccount extends plugin /* Save checkbox states. */ $this->mungedObject->setTsLogin(!isset($_POST['tslogin']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); // Need to do some index checking to avoid messages like "index ... not found" if(isset($_POST['brokenconn'])) { $this->mungedObject->setBrokenConn($_POST['brokenconn'] == '1' - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); } if(isset($_POST['reconn'])) { $this->mungedObject->setReConn($_POST['reconn'] == '1' - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); } $this->mungedObject->setInheritMode(isset($_POST['inherit']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); $this->mungedObject->setCtxMaxConnectionTimeF(!isset($_POST['CtxMaxConnectionTimeF']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); $this->mungedObject->setCtxMaxDisconnectionTimeF( !isset($_POST['CtxMaxDisconnectionTimeF']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); $this->mungedObject->setCtxMaxIdleTimeF(!isset($_POST['CtxMaxIdleTimeF']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); $this->mungedObject->setConnectClientDrives(isset($_POST['connectclientdrives']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); $this->mungedObject->setConnectClientPrinters(isset($_POST['connectclientprinters']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); $this->mungedObject->setDefaultPrinter(isset($_POST['defaultprinter']) - && $this->acl_is_writeable("AllowLoginOnTerminalServer")); + && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite)); /* Save combo boxes. Takes two values */ if(isset($_POST['reconn'])) { - $this->mungedObject->setShadow(isset($_POST['shadow']) && $this->acl_is_writeable("AllowLoginOnTerminalServer"),$_POST['shadow']); + $this->mungedObject->setShadow(isset($_POST['shadow']) && $this->acl_is_writeable("AllowLoginOnTerminalServer",$SkipWrite),$_POST['shadow']); } /* Check for changes */ diff --git a/plugins/personal/samba/main.inc b/plugins/personal/samba/main.inc index 564dc3cd6..a9ede299b 100644 --- a/plugins/personal/samba/main.inc +++ b/plugins/personal/samba/main.inc @@ -31,6 +31,8 @@ if (!$remove_lock){ /* Create sambaAccount object on demand */ if (!isset($_SESSION['sambaAccount']) || (isset($_GET['reset']) && $_GET['reset'] == 1)){ $_SESSION['sambaAccount']= new sambaAccount ($config, $ui->dn); + $_SESSION['sambaAccount']->set_acl_base($ui->dn); + $_SESSION['sambaAccount']->set_acl_category("users"); } $sambaAccount= $_SESSION['sambaAccount']; @@ -65,7 +67,6 @@ if (!$remove_lock){ if (count ($message) == 0){ $sambaAccount->save (); gosa_log ("User/samba object'".$ui->dn."' has been saved"); - $sambaAccount->acl= "#none#"; del_lock ($ui->dn); sess_del ('edit'); @@ -99,7 +100,9 @@ if (!$remove_lock){ } else { $info= "\"\" ".$ui->dn." "; - if (isset($editacl) && $editacl != "#none#"){ + + if(preg_match("/w/",$ui->get_permissions($ui->dn,"users/sambaAccount"))){ + $info.= "\"\" ". _("Click the 'Edit' button below to change informations in this dialog"); $display.= "\n"; -- 2.30.2