From 8c9e0af8eba8b7f5a3f0a59a7bc80a3e5e511630 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 5 Nov 2008 08:10:39 +0000
Subject: [PATCH] Updated ACL checks for FAI management

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@12912 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 .../fai/admin/fai/class_divListFai.inc        |  8 +++----
 .../fai/admin/fai/class_faiManagement.inc     | 24 +++++++++++--------
 gosa-plugins/fai/admin/fai/main.inc           |  1 -
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/gosa-plugins/fai/admin/fai/class_divListFai.inc b/gosa-plugins/fai/admin/fai/class_divListFai.inc
index 2fba97966..ebb49b04b 100644
--- a/gosa-plugins/fai/admin/fai/class_divListFai.inc
+++ b/gosa-plugins/fai/admin/fai/class_divListFai.inc
@@ -129,7 +129,7 @@ class divListFai extends MultiSelectWindow
     $add_sep = false;
 
     /* Get complete fai acls, to be able to check if we must show or hide the snapshot abilities */ 
-    $acl_all = $ui->has_complete_category_acls($this->config->current['BASE'],$this->module);
+    $acl_all = $ui->has_complete_category_acls($this->parent->acl_base,$this->module);
 
     /* Add default header */
     $listhead = MultiSelectWindow::get_default_header(false);
@@ -143,7 +143,7 @@ class divListFai extends MultiSelectWindow
     $s .= "..|<img src='images/lists/new.png' alt='' border='0' class='center'>".
       "&nbsp;"._("Create")."|\n";
 
-    $acl = $ui->get_permissions($this->config->current['BASE'],"fai/faiProfile");
+    $acl = $ui->get_permissions($this->parent->acl_base,"fai/faiProfile");
     if($this->parent->lock_type == "freeze" && !$this->parent->allow_freeze_object_attach){
       $s.= "...|<input class='center' type='image' src='plugins/fai/images/freeze.png' alt=''>".
         "&nbsp;"._("Freezed")."|\n";
@@ -169,7 +169,7 @@ class divListFai extends MultiSelectWindow
             "Create_package"   , _("PK") , "faiPackage"));
 
       foreach($arr as $ar){
-        $acl = $ui->get_permissions($this->config->current['BASE'],"fai/".$ar[4]);
+        $acl = $ui->get_permissions($this->parent->acl_base,"fai/".$ar[4]);
         if(preg_match("/c/",$acl)){
           $s.= "...|<input class='center' type='image' src='".$ar[0]."' alt=''>".
             "&nbsp;".$ar[1]."|".$ar[2]."|\n";
@@ -269,7 +269,7 @@ class divListFai extends MultiSelectWindow
        /* Add copy & cut icons */
        $ui = get_userinfo();
        $action ="";
-       $acl_all = $ui->has_complete_category_acls($this->config->current['BASE'],$this->module);
+       $acl_all = $ui->has_complete_category_acls($this->parent->acl_base,$this->module);
 
        if(preg_match("/^opsi_/",$type)){
          $editlink ="<a href='?plug=".$_GET['plug']."&amp;edit_opsi_entry=%KEY%' title='%TITLE%'>%NAME%</a>";
diff --git a/gosa-plugins/fai/admin/fai/class_faiManagement.inc b/gosa-plugins/fai/admin/fai/class_faiManagement.inc
index 35d5cb060..71ab93b09 100644
--- a/gosa-plugins/fai/admin/fai/class_faiManagement.inc
+++ b/gosa-plugins/fai/admin/fai/class_faiManagement.inc
@@ -51,6 +51,7 @@ class faiManagement extends plugin
   var $allow_freeze_object_attach = TRUE;
 
   var $no_save;
+  var $acl_base     ="";
   var $fai_base     ="";
   var $fai_release  ="";
 
@@ -82,9 +83,8 @@ class faiManagement extends plugin
     }
 
     /* Set default release 
-       !! If you change the base here you have to update the base in 
-           class_divListFai.inc too, all ACL checks use ($this->config->current['BASE']).
      */
+    $this->acl_base = $this->config->current['BASE'];
     $this->fai_base = get_ou("faiBaseRDN").$this->config->current['BASE'];
 
     if(!session::is_set("fai_filter")){
@@ -451,7 +451,7 @@ class faiManagement extends plugin
       Delete confirmed 
      ****************/
 
-		/* Deltetion was confirmed, so delete this entry
+		/* Deletion was confirmed, so delete this entry
      */
     if (isset($_POST['delete_terminal_confirm'])){
 
@@ -541,7 +541,7 @@ class faiManagement extends plugin
       if("" != $this->config->search("faiManagement", "POSTREMOVE",array('menu','tabs'))){
         /* Load permissions for selected 'dn' and check if
            we're allowed to remove this 'dn' */
-        if($this->acl_is_removeable()){
+        if(preg_match("/d/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
           $smarty->assign("release_hidden",base64_encode($this->fai_release));
           $smarty->assign("info", msgPool::deleteInfo(LDAP::fix($this->fai_release),_("FAI branch/freeze")));
           return($smarty->fetch(get_template_path('remove_branch.tpl',TRUE)));
@@ -574,7 +574,7 @@ class faiManagement extends plugin
 
           $br = $this->getBranches();
 
-          if(isset($br[$bb]) && $this->acl_is_removeable()){
+          if(isset($br[$bb]) && preg_match("/d/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
             $name = $br[$bb];
 
             $ldap->cd($bb);
@@ -692,7 +692,7 @@ class faiManagement extends plugin
 
     if(isset($_GET['PerformBranch'])){
     
-      if(!$this->acl_is_createable()){
+      if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
         msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
       }else{
 
@@ -853,8 +853,12 @@ class faiManagement extends plugin
      */
     if("" != $this->config->search("faiManagement", "POSTCREATE",array('menu','tabs'))){
       if(($s_action == "branch_branch")||($this->dispNewBranch)){
-        if(!$this->acl_is_createable()){
-        msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
+
+        echo $this->acl_base;
+        echo "->".$this->ui->get_permissions($this->acl_base,"fai/faiManagement");  
+
+        if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
+          msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
         }else{
           $this->dispNewBranch=true;
           $smarty->assign("iframe",false);
@@ -874,7 +878,7 @@ class faiManagement extends plugin
      */
     if("" != $this->config->search("faiManagement", "POSTCREATE",array('menu','tabs'))){
       if(($s_action == "freeze_branch")||($this->dispNewFreeze)){
-        if(!$this->acl_is_createable()){
+        if(!preg_match("/c/",$this->ui->get_permissions($this->acl_base,"fai/faiManagement"))){
           msg_dialog::display(_("Permission error"), msgPool::permCreate(_("Branch")), ERROR_DIALOG);
         }else{
           $this->dispNewFreeze = true;
@@ -1133,7 +1137,7 @@ class faiManagement extends plugin
       }
     }
     $this->base = $base;
-    $this->set_acl_base($this->base);
+    $this->set_acl_base($this->acl_base);
 
     $this->lock_type = FAI::get_release_tag(FAI::get_release_dn($base));
 
diff --git a/gosa-plugins/fai/admin/fai/main.inc b/gosa-plugins/fai/admin/fai/main.inc
index 650515abc..d2543758c 100644
--- a/gosa-plugins/fai/admin/fai/main.inc
+++ b/gosa-plugins/fai/admin/fai/main.inc
@@ -30,7 +30,6 @@ if ($remove_lock){
 	if (!session::is_set('FAI') || (isset($_GET['reset']) && $_GET['reset'] == 1)){
 		$FAI= new faiManagement($config, $ui);
 		$FAI->set_acl_category("fai");
-		$FAI->set_acl_base(session::get('CurrentMainBase'));
 		session::set('FAI',$FAI);
 	}
 	$FAI = session::get('FAI');
-- 
2.30.2