From 75ccab1618b7e180969aa1076aa436cc4be9fc0c Mon Sep 17 00:00:00 2001 From: hickert Date: Tue, 31 Oct 2006 07:04:11 +0000 Subject: [PATCH] Prepared ldapmanager for acls git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4966 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../addons/ldapmanager/class_csvimport.inc | 27 ++-- plugins/addons/ldapmanager/class_export.inc | 119 +++++++++++------- .../addons/ldapmanager/class_exportxls.inc | 17 +++ plugins/addons/ldapmanager/class_import.inc | 16 +++ plugins/addons/ldapmanager/main.inc | 8 +- 5 files changed, 127 insertions(+), 60 deletions(-) diff --git a/plugins/addons/ldapmanager/class_csvimport.inc b/plugins/addons/ldapmanager/class_csvimport.inc index 86fee5fc4..c1bc331e4 100644 --- a/plugins/addons/ldapmanager/class_csvimport.inc +++ b/plugins/addons/ldapmanager/class_csvimport.inc @@ -18,13 +18,6 @@ class csvimport extends plugin { /* Include config object */ $this->config= $config; - - /* set permissions */ - $ui= get_userinfo(); - $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $this->acl= get_module_permission($acl, "ldapmanager", $ui->dn); - - } function execute() @@ -496,6 +489,26 @@ class csvimport extends plugin /* Show main page */ return ($smarty->fetch (get_template_path('contentcsv.tpl', TRUE))); } + + + /* Return plugin informations for acl handling + #FIXME You can only read attributes within this report plugin */ + function plInfo() + { + return (array( + "plShortName" => _("CSV import"), + "plDescription" => _("CSV import"), + "plSelfModify" => FALSE, + "plDepends" => array(), + "plPriority" => 4, + "plSection" => array("addon"), + "plCategory" => array("ldapmanager"), + + "plProvidedAcls" => array() + )); + } + + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/plugins/addons/ldapmanager/class_export.inc b/plugins/addons/ldapmanager/class_export.inc index 8f7dd4d39..82984e6e8 100644 --- a/plugins/addons/ldapmanager/class_export.inc +++ b/plugins/addons/ldapmanager/class_export.inc @@ -14,12 +14,7 @@ class ldifexport extends plugin { /* Include config object */ $this->config= $config; - - /* set permissions */ - $ui= get_userinfo(); - $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $this->acl= get_module_permission($acl, "ldapmanager", $ui->dn); - + $this->ui = get_userinfo(); } function execute() @@ -33,34 +28,36 @@ class ldifexport extends plugin $smarty->assign("type",FALSE); $smarty->assign("depselectivbb",""); - /* Check permissions for export */ - if (chkacl($this->acl,"export")!=""){ - print_red(_("You've no permission to do LDAP exports.")); + // fill in old vars in the Export form + if((isset($_POST['single']))&&(isset($_POST['sfrmgetsingle']))){ + $smarty->assign("single",$_POST['single']); + $smarty->assign("type","single"); + $dn = $_POST['single']; + } + if((isset($_POST['selfull']))&&(isset($_POST['sfrmgetfull']))){ + $smarty->assign("depselectfull",$_POST['selfull']); + $smarty->assign("type","full"); + $dn = $_POST['selfull']; } else { - // fill in old vars in the Export form - if((isset($_POST['single']))&&(isset($_POST['sfrmgetsingle']))){ - $smarty->assign("single",$_POST['single']); - $smarty->assign("type","single"); - $dn = $_POST['single']; - } - if((isset($_POST['selfull']))&&(isset($_POST['sfrmgetfull']))){ - $smarty->assign("depselectfull",$_POST['selfull']); - $smarty->assign("type","full"); - $dn = $_POST['selfull']; - } else { - $smarty->assign("depselectfull", ""); - } - if((isset($_POST['selivbb']))&&(isset($_POST['sfrmgetivbb']))){ - $smarty->assign("depselectivbb",$_POST['selivbb']); - $smarty->assign("type","ivbb"); - $dn = $_POST['selivbb']; - } else { - $smarty->assign("depselectivbb", ""); - } + $smarty->assign("depselectfull", ""); + } + if((isset($_POST['selivbb']))&&(isset($_POST['sfrmgetivbb']))){ + $smarty->assign("depselectivbb",$_POST['selivbb']); + $smarty->assign("type","ivbb"); + $dn = $_POST['selivbb']; + } else { + $smarty->assign("depselectivbb", ""); } // Set values for optionlist in form - $smarty->assign("deplist", $this->config->idepartments); + $bases = array(); + $acl_bases = $this->ui->get_module_departments("ldapmanager"); + foreach($this->config->idepartments as $base_dn => $name){ + if(in_array_ics($base_dn,$acl_bases)){ + $bases[$base_dn] = $name; + } + } + $smarty->assign("deplist", $bases); // Get the LDAP link, to generate the Export $ldap = $this->config->get_ldap_link(); @@ -75,33 +72,63 @@ class ldifexport extends plugin if(isset($dn)) { - if($ldap->dn_exists($dn) && $dn != ""){ - ; - } - else { + if(!($ldap->dn_exists($dn) && $dn != "")){ $smarty->assign("LDIFError",TRUE); print_red (_("Error while exporting the requested entries!")); } } - // Export a single LDAP entry - if(isset($_POST['sfrmgetsingle'])) - { - $smarty->assign("para","?ivbb=2&dn=".base64_encode($_POST['single'])); - } - elseif(isset($_POST['sfrmgetfull'])) - { - $smarty->assign("para","?ivbb=3&dn=".base64_encode($_POST['selfull'])); - } - elseif(isset($_POST['sfrmgetivbb'])) - { - $smarty->assign("para","?ivbb=4&dn=".base64_encode($_POST['selivbb'])); + /* check alcs for given dn */ + $acls =""; + if(isset($dn)){ + $acls = $this->ui->get_permissions($dn,"ldapmanager/ldifexport"); } + if(!preg_match("/r/",$acls)){ + + /* Show error msg */ + print_red(sprintf(_("You are not allowed to export the given ldap entry (%s)"),@LDAP::fix($dn))); + /* Show main page */ + $smarty->assign("LDIFError",TRUE); + $smarty->assign("para",""); + }else{ + + // Export a single LDAP entry + if(isset($_POST['sfrmgetsingle'])) + { + $smarty->assign("para","?ivbb=2&dn=".base64_encode($_POST['single'])); + } + elseif(isset($_POST['sfrmgetfull'])) + { + $smarty->assign("para","?ivbb=3&dn=".base64_encode($_POST['selfull'])); + } + elseif(isset($_POST['sfrmgetivbb'])) + { + $smarty->assign("para","?ivbb=4&dn=".base64_encode($_POST['selivbb'])); + } + } /* Show main page */ return ($smarty->fetch (get_template_path('contentexport.tpl', TRUE))); } + + /* Return plugin informations for acl handling + #FIXME You can only read attributes within this report plugin */ + function plInfo() + { + return (array( + "plShortName" => _("Export"), + "plDescription" => _("Export"), + "plSelfModify" => FALSE, + "plDepends" => array(), + "plPriority" => 1, + "plSection" => array("addon"), + "plCategory" => array("ldapmanager" => array("objectClass" => "none", "description" => _("Ldap manager addon"))), + + "plProvidedAcls" => array() + )); + } + } diff --git a/plugins/addons/ldapmanager/class_exportxls.inc b/plugins/addons/ldapmanager/class_exportxls.inc index ea03de074..69fb99c3b 100644 --- a/plugins/addons/ldapmanager/class_exportxls.inc +++ b/plugins/addons/ldapmanager/class_exportxls.inc @@ -108,6 +108,23 @@ class xlsexport extends plugin /* Show main page */ return ($smarty->fetch (get_template_path('contentexportxls.tpl', TRUE))); } + + /* Return plugin informations for acl handling + #FIXME You can only read attributes within this report plugin */ + function plInfo() + { + return (array( + "plShortName" => _("Export XLS"), + "plDescription" => _("Export XLS"), + "plSelfModify" => FALSE, + "plDepends" => array(), + "plPriority" => 2, + "plSection" => array("addon"), + "plCategory" => array("ldapmanager"), + + "plProvidedAcls" => array() + )); + } } diff --git a/plugins/addons/ldapmanager/class_import.inc b/plugins/addons/ldapmanager/class_import.inc index ec5662c8a..5421ec364 100644 --- a/plugins/addons/ldapmanager/class_import.inc +++ b/plugins/addons/ldapmanager/class_import.inc @@ -114,6 +114,22 @@ class ldifimport extends plugin } + /* Return plugin informations for acl handling + #FIXME You can only read attributes within this report plugin */ + function plInfo() + { + return (array( + "plShortName" => _("Import"), + "plDescription" => _("Import"), + "plSelfModify" => FALSE, + "plDepends" => array(), + "plPriority" => 3, + "plSection" => array("addon"), + "plCategory" => array("ldapmanager"), + + "plProvidedAcls" => array() + )); + } } diff --git a/plugins/addons/ldapmanager/main.inc b/plugins/addons/ldapmanager/main.inc index 9c529f2a2..696c14add 100644 --- a/plugins/addons/ldapmanager/main.inc +++ b/plugins/addons/ldapmanager/main.inc @@ -22,18 +22,12 @@ if (!$remove_lock){ /* Create phonelist object on demand */ if (!isset($_SESSION['ldif']) || (isset($_GET['reset']) && $_GET['reset'] == 1)){ $_SESSION['ldif']= new ldif ($config); + $_SESSION['ldif']->set_acl_category("logview"); } $ldif= $_SESSION['ldif']; - #print_red(_("Warning: Please check the SIZELIMIT option set on your LDAP server. You may not get all entries, if this value is to low!")); - - /* set permissions */ - $acl= get_permissions ($ui->dn, $ui->subtreeACL); - $ldif->acl= get_module_permission($acl, "ldapmanager", $ui->dn); - /* Execute formular */ $display= $ldif->execute (); - $display.= "\n"; /* Page header*/ -- 2.30.2