From 27ce20a52476037e26cc02fa6c90044add04c79a Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Thu, 20 Jul 2006 11:41:54 +0000
Subject: [PATCH] ACLs for posixAccount. NOT finished yet

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4258 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 plugins/personal/posix/class_posixAccount.inc | 163 +++++++++---------
 plugins/personal/posix/generic.tpl            |  26 ++-
 plugins/personal/posix/posix_shadow.tpl       |   6 +-
 3 files changed, 96 insertions(+), 99 deletions(-)

diff --git a/plugins/personal/posix/class_posixAccount.inc b/plugins/personal/posix/class_posixAccount.inc
index c56e30502..2d4bc797e 100644
--- a/plugins/personal/posix/class_posixAccount.inc
+++ b/plugins/personal/posix/class_posixAccount.inc
@@ -50,7 +50,7 @@ class posixAccount extends plugin
   var $use_shadowWarning= "0";
   var $use_shadowInactive= "0";
   var $use_shadowExpire= "0";
-  var $must_change_password= "0";
+  var $mustchangepassword= "0";
   var $force_ids= 0;
   var $printerList= array();
   var $group_dialog= FALSE;
@@ -68,7 +68,7 @@ class posixAccount extends plugin
 
   /* attribute list for save action */
   var $CopyPasteVars  = array("grouplist","groupMembership","use_shadowMin","use_shadowMax",
-      "use_shadowWarning","use_shadowInactive","use_shadowExpire","must_change_password",
+      "use_shadowWarning","use_shadowInactive","use_shadowExpire","mustchangepassword",
       "force_ids","printerList","grouplist","savedGidNumber","savedUidNumber","savedGroupMembership");
 
   var $attributes     = array("homeDirectory", "loginShell", "uidNumber", "gidNumber", "gecos",
@@ -294,20 +294,22 @@ class posixAccount extends plugin
     if (isset($_POST['add_groups_finish']) && isset($_POST['groups']) &&
         count($_POST['groups'])){
 
-      if (chkacl ($this->acl, "memberUid") == ""){
-        $this->addGroup ($_POST['groups']);
-        $this->is_modified= TRUE;
-      }
+      /* FIX ME  put the acl check into addGroup function*/
+      #if (chk acl ($this->acl, "memberUid") == ""){
+      #  $this->addGroup ($_POST['groups']);
+      #  $this->is_modified= TRUE;
+      #}
     }
 
     /* Delete selected groups */
     if (isset($_POST['delete_groupmembership']) && 
         isset($_POST['group_list']) && count($_POST['group_list'])){
 
-      if (chkacl ($this->acl, "memberUid") == ""){
-        $this->delGroup ($_POST['group_list']);
-        $this->is_modified= TRUE;
-      }
+      /* FIX ME  put the acl check into addGroup function*/
+      #if (chk acl ($this->acl, "memberUid") == ""){
+      #  $this->delGroup ($_POST['group_list']);
+      #  $this->is_modified= TRUE;
+      #}
     }
 
     /* Add user workstation? */
@@ -434,24 +436,39 @@ class posixAccount extends plugin
     /* Depending on pwmode, currently hardcoded because there are no other methods */
     if ( 1 == 1 ){
       $smarty->assign("pwmode", dirname(__FILE__)."/posix_shadow");
-      $shadowMinACL= chkacl($this->acl, "shadowMin");
-      $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"), "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
-      $shadowMaxACL= chkacl($this->acl, "shadowMax");
-      $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"), "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
-      $shadowInactiveACL= chkacl($this->acl, "shadowInactive");
-      $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"), "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
-      $shadowWarningACL= chkacl($this->acl, "shadowWarning");
-      $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"), "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
-      foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
-            "use_shadowExpire", "use_shadowInactive",
-            "use_shadowWarning") as $val){
+
+      $shadowMinACL     =  $this->getacl("shadowMin");
+      $smarty->assign("shadowmins", sprintf(_("Password can't be changed up to %s days after last change"), 
+                                              "<input name=\"shadowMin\" size=3 maxlength=4 $shadowMinACL value=\"".$this->shadowMin."\">"));
+
+      $shadowMaxACL     =  $this->getacl("shadowMax");
+      $smarty->assign("shadowmaxs", sprintf(_("Password must be changed after %s days"), 
+                                              "<input name=\"shadowMax\" size=3 maxlength=4 $shadowMaxACL value=\"".$this->shadowMax."\">"));
+
+      $shadowInactiveACL=  $this->getacl("shadowInactive");
+      $smarty->assign("shadowinactives", sprintf(_("Disable account after %s days of inactivity after password expiery"), 
+                                              "<input name=\"shadowInactive\" size=3 maxlength=4 $shadowInactiveACL value=\"".$this->shadowInactive."\">"));
+
+      $shadowWarningACL =  $this->getacl("shadowWarning");
+      $smarty->assign("shadowwarnings", sprintf(_("Warn user %s days before password expiery"), 
+                                              "<input name=\"shadowWarning\" size=3 maxlength=4 $shadowWarningACL value=\"".$this->shadowWarning."\">"));
+
+      foreach( array("use_shadowMin", "use_shadowMax",
+                     "use_shadowExpire", "use_shadowInactive","use_shadowWarning") as $val){
         if ($this->$val == 1){
           $smarty->assign("$val", "checked");
         } else {
           $smarty->assign("$val", "");
         }
-        $smarty->assign("$val"."ACL", chkacl($this->acl, $val));
+        $smarty->assign("$val"."ACL", $this->getacl($val));
       }
+
+      if($this->mustchangepassword){
+        $smarty->assign("mustchangepassword", "checked");
+      } else {
+        $smarty->assign("mustchangepassword", "");
+      }
+      $smarty->assign("mustchangepasswordACL", $this->getacl("mustchangepassword"));
     }
 
     /* Fill calendar */
@@ -508,44 +525,38 @@ class posixAccount extends plugin
       }
       $smarty->assign("force_ids", "");
     }
-    $smarty->assign("force_idsACL", chkacl($this->acl, "force_ids"));
+
+    
+
+    $smarty->assign("force_idsACL", $this->getacl("uidNumber").$this->getacl("gidNumber"));
 
     /* Load attributes and acl's */
     foreach($this->attributes as $val){
-      if((chkacl($this->acl,$val)=="")&&(($_SESSION["js"])&&(($val=="uidNumber")||($val=="gidNumber"))))
+      if(($_SESSION["js"])&&(($val=="uidNumber")||($val=="gidNumber")))
       {
-        $smarty->assign("$val"."ACL","");
+        $smarty->assign("$val"."ACL",$this->getacl($val));
         $smarty->assign("$val", $this->$val);
         continue;
       }
       $smarty->assign("$val", $this->$val);
-      $smarty->assign("$val"."ACL", chkacl($this->acl,$val));
+      $smarty->assign("$val"."ACL", $this->getacl($val));
     }
-    $smarty->assign("groupMembershipACL", chkacl($this->acl, "groupMembership"));
+    $smarty->assign("groupMembershipACL","rw");//  $this->getacl("groupMembership"));
     $smarty->assign("status", $this->status);
 
     /* Work on trust modes */
-    $smarty->assign("trustmodeACL", chkacl($this->acl, "trustmode"));
+    $smarty->assign("trustmodeACL",  $this->getacl("trustModel"));
     if ($this->trustModel == "fullaccess"){
       $trustmode= 1;
       // pervent double disable tag in html code, this will disturb our clean w3c html
-
-      if(chkacl($this->acl, "trustmode")==""){
-        $smarty->assign("trusthide", "disabled");
-      }else{
-        $smarty->assign("trusthide", "");
-      }
+      $smarty->assign("trustmode",  $this->getacl("trustModel"));
 
     } elseif ($this->trustModel == "byhost"){
       $trustmode= 2;
       $smarty->assign("trusthide", "");
     } else {
       // pervent double disable tag in html code, this will disturb our clean w3c html
-      if(chkacl($this->acl, "trustmode")==""){
-        $smarty->assign("trusthide", "disabled");
-      }else{
-        $smarty->assign("trusthide", "");
-      }
+      $smarty->assign("trustmode",  $this->getacl("trustModel"));
       $trustmode= 0;
     }
     $smarty->assign("trustmode", $trustmode);
@@ -622,41 +633,34 @@ class posixAccount extends plugin
       /* Save values to object */
       plugin::save_object();
 
-      /* Save force GID attribute */
-      if (chkacl ($this->acl, "force_ids") == ""){
-        if (isset ($_POST['force_ids'])){
-          $data= 1;
-        } else {
-          $data= 0;
-        }
-        if ($this->force_ids != $data){
-          $this->is_modified= TRUE;
-        }
-        $this->force_ids= $data;
-
-        $data= $_POST['primaryGroup'];
-        if ($this->primaryGroup != $data){
-          $this->is_modified= TRUE;
-        }
-        $this->primaryGroup= $_POST['primaryGroup'];
+      /* Save force GID checkbox */
+      if (isset ($_POST['force_ids'])){
+        $data= 1;
+      } else {
+        $data= 0;
       }
+      if ($this->force_ids != $data){
+        $this->is_modified= TRUE;
+      }
+      $this->force_ids= $data;
+
 
-      /* Save pwmode dependent attributes, curently hardcoded because there're
-         no alternatives */
-      if (1 == 1){
-        foreach( array("must_change_password", "use_shadowMin", "use_shadowMax",
-              "use_shadowExpire", "use_shadowInactive",
-              "use_shadowWarning") as $val){
-          if (chkacl($this->acl, "$val") == ""){
-            if (isset ($_POST[$val])){
-              $data= 1;
-            } else {
-              $data= 0;
-            }
-            if ($data != $this->$val){
-              $this->is_modified= TRUE;
-            }
-            $this->$val= $data;
+      /*Save primary group settings */
+      $data= $_POST['primaryGroup'];
+      if ($this->primaryGroup != $data){
+        $this->is_modified= TRUE;
+      }
+      $this->primaryGroup= $_POST['primaryGroup'];
+
+      foreach(array("shadowMin","shadowMax","shadowExpire","shadowInactive","shadowWarning","mustchangepassword") as $var) {
+        if($this->acl_is_writeable($var)){
+          $use_var = "use_".$var;
+          if(isset($_POST['use_'.$var])){
+            $this->$use_var  = true;
+            $this->$var      = $_POST['shadowMin'];
+          }else{
+            $this->$use_var  = false;
+            $this->$var      = 0;
           }
         }
       }
@@ -719,7 +723,7 @@ class posixAccount extends plugin
     if (!$this->use_shadowMax){
       $this->shadowMax= "0";
     }
-    if ($this->must_change_password){
+    if ($this->mustchangepassword){
       $this->shadowLastChange= (int)(date("U") / 86400) - $this->shadowMax - 1;
     } else {
       $this->shadowLastChange= (int)(date("U") / 86400);
@@ -768,7 +772,7 @@ class posixAccount extends plugin
       $this->shadowMin = "";
     }
 
-    if (($this->use_shadowMax != "1") && ($this->must_change_password != "1")) {
+    if (($this->use_shadowMax != "1") && ($this->mustchangepassword != "1")) {
       $this->shadowMax = "";
     }
 
@@ -1231,23 +1235,20 @@ class posixAccount extends plugin
           "plOptions"         => array(),
 
           "plProvidedAcls"  => array(
+
             "homeDirectory"       =>  _("Home directory"), 
+            "loginShell"          =>  _("Shell"),
             "uidNumber"           =>  _("User ID"),
             "gidNumber"           =>  _("Group ID"),
-            "homeDirectory"       =>  _("Home directory"),
-            "primaryGroup"        =>  _("Primary group"),
 
-            "loginShell"          =>  _("Shell"),
+            "mustchangepassword"=>  _("Force password change on login"),
             "shadowMin"           =>  _("Shadow min"),
             "shadowMax"           =>  _("Shadow max"),
             "shadowWarning"       =>  _("Shadow warning"),
             "shadowInactive"      =>  _("Shadow inactive"),
-            "shadowLastChange"    =>  _("Shadow last change"),
-
             "shadowExpire"        =>  _("Shadow expire"),
-            "accessTo"            =>  _("System trust"),
             "trustModel"          =>  _("System trust model")))
-              ) ;
+            );
   }
 }
 
diff --git a/plugins/personal/posix/generic.tpl b/plugins/personal/posix/generic.tpl
index d765e9c62..27ec82fbd 100644
--- a/plugins/personal/posix/generic.tpl
+++ b/plugins/personal/posix/generic.tpl
@@ -39,7 +39,7 @@
    <table summary="">
     <tr>
      <td>
-	{render acl=$gidNumberACL}
+	{render acl=$force_idsACL}
       <input id="force_ids" type=checkbox name="force_ids" value="1" {$force_ids} onclick="changeState('uidNumber'); changeState('gidNumber');">
 	{/render}
 					</td>
@@ -51,7 +51,7 @@
 						<label for="uidNumber">{t}UID{/t}</label>
 					</td>
 					<td>
-	{render acl=$gidNumberACL}
+	{render acl=$uidNumberACL}
 						<input id="uidNumber" name="uidNumber" size=5 maxlength=5 {$forceMode} value="{$uidNumber}">
 	{/render}
 					</td>
@@ -78,16 +78,16 @@
     <b style="color:red">{t}(Warning: more than 16 groups are not supported by NFS!){/t}</b>
     <br>
    {/if}
-	{render acl=$gidNumberACL}
+	{render acl=$groupMembershipACL}
    <select style="width:100%; height:130px;" name="group_list[]" size=16 multiple >
     {html_options options=$groupMembership}
    </select>
 	{/render}
    <br>
-	{render acl=$gidNumberACL}
+	{render acl=$groupMembershipACL}
    <input type=submit value="{t}Add{/t}" name="edit_groupmembership" >&nbsp;
 	{/render}
-	{render acl=$gidNumberACL}
+	{render acl=$groupMembershipACL}
    <input type=submit value="{t}Delete{/t}" name="delete_groupmembership" >
 	{/render}
   </td>
@@ -108,13 +108,13 @@
   <td style="vertical-align:top;">
    <h2><img alt="" class="center" align="middle" src="images/closedlock.png" /> {t}System trust{/t}</h2>
     {t}Trust mode{/t}&nbsp;
-	{render acl=$gidNumberACL}
+	{render acl=$trustmodeACL}
 	<select name="trustmode" id="trustmode" size=1 onchange="changeSelectState('trustmode', 'wslist'); changeSelectState('trustmode', 'add_ws'); changeSelectState('trustmode', 'del_ws');">
       {html_options options=$trustmodes selected=$trustmode}
     </select>
 	{/render}
-	{render acl=$gidNumberACL}
-   <select style="width:100%" id="wslist" name="workstation_list[]" size=8 multiple {$trusthide}>
+	{render acl=$trustmodeACL}
+   <select style="width:100%" id="wslist" name="workstation_list[]" size=8 multiple>
     {html_options values=$workstations output=$workstations}
 	{if $emptyArrAccess}
 		<option disabled>&nbsp;</option>
@@ -122,13 +122,11 @@
    </select>
 	{/render}
    <br>
-	{render acl=$gidNumberACL}
-   <input type="submit" id="add_ws" value="{t}Add{/t}" name="add_ws"
-        {$trusthide}>&nbsp;
+	{render acl=$trustmodeACL}
+   <input type="submit" id="add_ws" value="{t}Add{/t}" name="add_ws">&nbsp;
 	{/render}
-	{render acl=$gidNumberACL}
-   <input type="submit" id="del_ws" value="{t}Delete{/t}" name="delete_ws"
-       {$trusthide}>
+	{render acl=$trustmodeACL}
+   <input type="submit" id="del_ws" value="{t}Delete{/t}" name="delete_ws">
 	{/render}
   </td>
  </tr>
diff --git a/plugins/personal/posix/posix_shadow.tpl b/plugins/personal/posix/posix_shadow.tpl
index c489d2116..bd7862c6d 100644
--- a/plugins/personal/posix/posix_shadow.tpl
+++ b/plugins/personal/posix/posix_shadow.tpl
@@ -3,8 +3,8 @@
   <td style="width:50%; vertical-align:top;">
 
 <!-- must_change_password  -->
-{render acl=$must_change_passwordACL}
-   <input type=checkbox name="must_change_password" value="1" {$must_change_password}>
+{render acl=$mustchangepasswordACL}
+   <input type=checkbox name="mustchangepassword" value="1" {$mustchangepassword}>
 {/render}
    {t}User must change password on first login{/t}
    <br>
@@ -46,8 +46,6 @@
    <select name=year onChange="populate(this.form,this.form.shadowExpire);">
     {html_options values=$years output=$years selected=$year}
    </select>
-{/render}
-{render acl=$must_change_passwordACL}
    <input type="hidden" name="shadowExpire" value="{$shadowExpire}">
 {/render}
    <br>
-- 
2.30.2