From 67e44a429513277ebac406b546dff663d8634b0c Mon Sep 17 00:00:00 2001 From: hickert Date: Tue, 24 Oct 2006 03:58:59 +0000 Subject: [PATCH] Added acls to fai Profile git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4918 594d385d-05f5-0310-b6e9-bd551577e9d8 --- plugins/admin/fai/class_faiManagement.inc | 4 +- plugins/admin/fai/class_faiProfile.inc | 98 +++++++++++---------- plugins/admin/fai/class_faiProfileEntry.inc | 27 +++++- plugins/admin/fai/faiProfile.tpl | 12 ++- 4 files changed, 88 insertions(+), 53 deletions(-) diff --git a/plugins/admin/fai/class_faiManagement.inc b/plugins/admin/fai/class_faiManagement.inc index 63ffb647f..1afeec431 100644 --- a/plugins/admin/fai/class_faiManagement.inc +++ b/plugins/admin/fai/class_faiManagement.inc @@ -514,7 +514,9 @@ class faiManagement extends plugin $acl = $this->ui->get_permissions($this->DivListFai->selectedBase,"fai/faiProfile"); if(preg_match("/c/",$acl)){ $a_setup= $this->get_type(array("objectClass"=>array("FAIprofile"))); - $this->dialog = new $a_setup[0]($this->config,$this->config->data['TABS'][$a_setup[2]],$this->dn); + $this->dialog = new $a_setup[0]($this->config,$this->config->data['TABS'][$a_setup[2]],$this->dn,"faiProfile"); + $this->dialog->set_acl_base($_SESSION['CurrentMainBase']); + $this->is_dialog = false; }else{ print_red(sprintf(_("You are not allowed to create a new '%s' object."),"FAIprofile")); diff --git a/plugins/admin/fai/class_faiProfile.inc b/plugins/admin/fai/class_faiProfile.inc index 2641a0b5f..a4ae41356 100644 --- a/plugins/admin/fai/class_faiProfile.inc +++ b/plugins/admin/fai/class_faiProfile.inc @@ -25,7 +25,7 @@ class faiProfile extends plugin var $FAIclass = ""; // Classnames used for this profile var $FAIclasses = array(); // Contains classname seperated in an array var $FAIAllclasses = array(); // Contains all possible Classnames - + var $ui ; var $FAIstate = ""; function faiProfile($config, $dn= NULL) @@ -34,16 +34,7 @@ class faiProfile extends plugin plugin::plugin ($config, $dn); $ldap=$this->config->get_ldap_link(); - $this->acl = "#all#"; - - if($this->dn != "new"){ - /* Set acls - */ - $ui = get_userinfo(); - $acl = get_permissions ($this->dn, $ui->subtreeACL); - $acli = get_module_permission($acl, "FAIclass", $this->dn); - $this->acl=$acli; - } + $this->ui = get_userinfo(); /* Parse ldap attribute to get all assigned classes */ $tmp = split(" ",$this->FAIclass); @@ -133,6 +124,20 @@ class faiProfile extends plugin return($ret); } + + function acl_base_for_current_object($dn) + { + if($dn == "new"){ + if($this->dn == "new"){ + $dn= $_SESSION['CurrentMainBase']; + }else{ + $dn = $this->dn; + } + } + return($dn); + } + + /* returns position in array */ function getpos($atr,$attrs) { @@ -209,21 +214,21 @@ class faiProfile extends plugin /* Remove class name From list */ $sort_once = false; foreach($_POST as $name => $post){ - if(preg_match("/DEL_/i",$name)){ + if(preg_match("/DEL_/i",$name) && $this->acl_is_writeable("FAIclass")){ $s_action = "delete"; $s_entry = preg_replace("/DEL_/","",$name); $s_entry = base64_decode(preg_replace("/_.*$/","",$s_entry)); - }elseif(preg_match("/Add_class/i",$name)){ + }elseif(preg_match("/Add_class/i",$name)&& $this->acl_is_writeable("FAIclass")){ $s_action = "add"; - }elseif(preg_match("/DelClass/i",$name)){ + }elseif(preg_match("/DelClass/i",$name) && $this->acl_is_writeable("FAIclass")){ $s_action = "delete"; $s_entry = $_POST['FAIclass']; - }elseif(preg_match("/AddClass/i",$name)){ + }elseif(preg_match("/AddClass/i",$name) && $this->acl_is_writeable("FAIclass")){ $s_action = "add"; } /* Check if a list element should be pushed one position up */ - if((preg_match("/sortup_/",$name))&&(!$sort_once)){ + if((preg_match("/sortup_/",$name))&&(!$sort_once) && $this->acl_is_writeable("FAIclass")){ $sort_once = true; $val = preg_replace("/sortup_/","",$name); $val = preg_replace("/_.*$/","",$val); @@ -232,7 +237,7 @@ class faiProfile extends plugin } /* Check if a list element should be pushed one position down */ - if((preg_match("/sortdown_/",$name))&&(!$sort_once)){ + if((preg_match("/sortdown_/",$name))&&(!$sort_once) && $this->acl_is_writeable("FAIclass")){ $sort_once = true; $val = preg_replace("/sortdown_/","",$name); $val = preg_replace("/_.*$/","",$val); @@ -242,11 +247,11 @@ class faiProfile extends plugin } - if($s_action == "delete"){ + if($s_action == "delete" && $this->acl_is_writeable("FAIclass")){ unset($this->FAIclasses[$s_entry]); } - if($s_action == "add"){ + if($s_action == "add" && $this->acl_is_writeable("FAIclass")){ $this->dialog = new faiProfileEntry($this->config,$this->dn,$this->FAIclasses); $this->is_dialog =true; } @@ -300,25 +305,28 @@ class faiProfile extends plugin $linkupdown.= ""; /* Append fai classes to divlist */ - foreach($this->FAIclasses as $usedClass){ - $str = " "; + if($this->acl_is_readable("FAIclass")){ + foreach($this->FAIclasses as $usedClass){ + $str = " "; + $act = ""; + + if(isset($this->FAIAllclasses[$usedClass])){ + foreach($this->FAIAllclasses[$usedClass] as $class => $obj){ + $str.= $objTypes[$class]; + } + } - if(isset($this->FAIAllclasses[$usedClass])){ - foreach($this->FAIAllclasses[$usedClass] as $class => $obj){ - $str.= $objTypes[$class]; + $field1 = array("string"=> $usedClass,"attach"=>""); + $field2 = array("string"=> $str,"attach"=>""); + if(($this->FAIstate != "freeze") && $this->acl_is_writeable("FAIclass")){ + $field3 = array("string"=> preg_replace("/%KEY%/",base64_encode($usedClass),$actions). + preg_replace("/%s/",base64_encode($usedClass),$linkupdown), + "attach"=>"style='border-right:none;'"); + }else{ + $field3 = array("string"=>" ", "attach"=>"style='border-right:none;'"); } + $divlist->AddEntry(array($field1,$field2,$field3)); } - - $field1 = array("string"=> $usedClass,"attach"=>""); - $field2 = array("string"=> $str,"attach"=>""); - if($this->FAIstate != "freeze"){ - $field3 = array("string"=> preg_replace("/%KEY%/",base64_encode($usedClass),$actions). - preg_replace("/%s/",base64_encode($usedClass),$linkupdown), - "attach"=>"style='border-right:none;'"); - }else{ - $field3 = array("string"=>" ", "attach"=>"style='border-right:none;'"); - } - $divlist->AddEntry(array($field1,$field2,$field3)); } $smarty->assign("FAIclasses" ,$this->FAIclasses); @@ -335,12 +343,15 @@ class faiProfile extends plugin } } - foreach($this->attributes as $attr){ - if(($this->FAIstate == "freeze") || (chkacl($this->acl,$attr)!= "")){ - $smarty->assign($attr."ACL"," disabled "); - }else{ - $smarty->assign($attr."ACL"," "); - } + + $dn = $this->acl_base_for_current_object($this->dn); + $smarty->assign("sub_object_is_addable", + preg_match("/c/",$this->ui->get_permissions($dn,"fai/faiScriptEntry")) && + !preg_match("/freeze/",$this->FAIstate)); + + $tmp = $this->plInfo(); + foreach($tmp['plProvidedAcls'] as $name => $translated){ + $smarty->assign($name."ACL",$this->getacl($name)); } $display.= $smarty->fetch(get_template_path('faiProfile.tpl', TRUE)); @@ -368,11 +379,6 @@ class faiProfile extends plugin function save_object() { plugin::save_object(); - foreach($this->attributes as $attrs){ - if(isset($_POST[$attrs])){ - $this->$attrs = $_POST[$attrs]; - } - } } diff --git a/plugins/admin/fai/class_faiProfileEntry.inc b/plugins/admin/fai/class_faiProfileEntry.inc index 3729141b8..3f968dc9f 100644 --- a/plugins/admin/fai/class_faiProfileEntry.inc +++ b/plugins/admin/fai/class_faiProfileEntry.inc @@ -14,6 +14,7 @@ class faiProfileEntry extends plugin /* Array with available class names */ var $FAIAllclasses = array(); + var $ui; function faiProfileEntry ($config, $dn= NULL,$used=array(),$objects=false) { @@ -22,8 +23,15 @@ class faiProfileEntry extends plugin /* Search only in fai tree */ $base = "ou=fai,ou=configs,ou=systems,".$_SESSION['CurrentMainBase']; + $this->ui = get_userinfo(); + /* Create array with categories to be able to sort different types of objects */ - $categories = array("FAIscript","FAItemplate","FAIhook","FAIvariable","FAIpartitionTable","FAIpackageList"); + $categories = array("FAIscript" => "faiScript", + "FAItemplate" => "faiTemplate", + "FAIhook" => "faiHook", + "FAIvariable" => "faiVariable", + "FAIpartitionTable" => "faiPartitionTable", + "FAIpackageList" => "faiPackageList"); /* Read out all objects from fai tree */ $ldap= $this->config->get_ldap_link(); @@ -36,11 +44,18 @@ class faiProfileEntry extends plugin /* Only use objects which have cn set */ if((isset($attrs['cn'][0]))&&(!in_array($attrs['cn'][0],$used))){ - foreach($categories as $cat){ + foreach($categories as $cat => $acl){ if(in_array($cat,$attrs['objectClass'])){ + $acl = $this->ui->get_permissions($attrs['dn'],"fai/".$acl); + /* Append different types of objects */ $this->FAIAllclasses[$attrs['cn'][0]]['objects'][$cat]=$cat; + + if(!isset($this->FAIAllclasses[$attrs['cn'][0]]['acl'])){ + $this->FAIAllclasses[$attrs['cn'][0]]['acl']=""; + } + $this->FAIAllclasses[$attrs['cn'][0]]['acl'].=$acl; /* Set selected status to false */ $this->FAIAllclasses[$attrs['cn'][0]]['status']=false; @@ -50,6 +65,8 @@ class faiProfileEntry extends plugin } } } + + $tmp = array(); ksort($sort); foreach($sort as $name){ @@ -58,7 +75,6 @@ class faiProfileEntry extends plugin $this->FAIAllclasses = array(); $this->FAIAllclasses = $tmp; - /* If no search filter is set, create one */ if (!is_global("SUBfaifilter")){ $SUBfaifilter= array("base" => "ou=fai,ou=configs,ou=systems,".$_SESSION['CurrentMainBase'], "Sregex" => "*"); @@ -161,6 +177,11 @@ class faiProfileEntry extends plugin /* Check every single class name to match the current search filter */ foreach($this->FAIAllclasses as $usedClass => $classes){ + /* Skip those entries that we are not allowed to read. */ + if(!preg_match("/r/",$classes['acl'])){ + continue; + } + $fi = str_replace("*",".*",$SUBfaifilter['Sregex']); $abort = true; diff --git a/plugins/admin/fai/faiProfile.tpl b/plugins/admin/fai/faiProfile.tpl index 5020bc745..54431ff39 100644 --- a/plugins/admin/fai/faiProfile.tpl +++ b/plugins/admin/fai/faiProfile.tpl @@ -10,7 +10,9 @@ - +{render acl=$cnACL} + +{/render} @@ -20,7 +22,9 @@ - +{render acl=$descriptionACL} + +{/render} @@ -35,7 +39,9 @@ --> {$divlist}
- +{render acl=$FAIclassACL} + +{/render} -- 2.30.2