From 931174208a9a6252e16dd4c4ece40947ee635faa Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 12 Jul 2006 04:13:29 +0000 Subject: [PATCH] Added divlist for acl git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4107 594d385d-05f5-0310-b6e9-bd551577e9d8 --- plugins/admin/acl/class_aclManagement.inc | 375 ++++++++++++++++++++++ plugins/admin/acl/class_divListACL.inc | 131 ++++++++ plugins/admin/acl/main.inc | 50 +-- plugins/admin/acl/remove.tpl | 17 + 4 files changed, 548 insertions(+), 25 deletions(-) create mode 100644 plugins/admin/acl/class_aclManagement.inc create mode 100644 plugins/admin/acl/class_divListACL.inc create mode 100755 plugins/admin/acl/remove.tpl diff --git a/plugins/admin/acl/class_aclManagement.inc b/plugins/admin/acl/class_aclManagement.inc new file mode 100644 index 000000000..0dcc48b7e --- /dev/null +++ b/plugins/admin/acl/class_aclManagement.inc @@ -0,0 +1,375 @@ + + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +class aclManagement extends plugin +{ + /* Plugin definitions */ + var $plHeadline = "ACLs"; + var $plDescription = "This does something"; + + /* Dialog attributes */ + var $acltabs = NULL; + var $ui = NULL; + var $acl = ""; + var $DivListACL = NULL; + + function aclManagement($config, $ui) + { + /* Save configuration for internal use */ + $this->config = $config; + $this->ui = $ui; + + /* Creat dialog object */ + $this->DivListACL = new divListACL($this->config,$this); + } + + + function execute() + { + /* Call parent execute */ + plugin::execute(); + + $smarty = get_smarty(); // Smarty instance + $s_action = ""; // Contains the action to be taken + $s_entry = ""; // The value for s_action + + /* Edit entry button pressed? */ + if( isset($_GET['act']) && $_GET['act'] == "edit_entry" ){ + $s_action= "edit"; + $s_entry= validate($_GET['id']); + } + + $types = array("del"=>"acl_del","edit"=>"acl_edit"); + + /* Test relevant POST values */ + foreach($_POST as $key => $val){ + + /* Get every possible POST combination and set s_action/s_entry accordingly */ + foreach($types as $act => $name){ + + if (preg_match("/".$name.".*/", $key)){ + $s_action= $act; + $s_entry= preg_replace("/".$name."_/i", "", $key); + } + } + } + + /* Remove coordinate prefix from POST, required by some browsers */ + $s_entry= preg_replace("/_.$/", "", $s_entry); + + /* Seperate possibly encoded tab and entry, default to tab "acl" */ + if(preg_match("/.*-.*/", $s_entry)){ + $s_tab= preg_replace("/^[^-]*-/i", "" ,$s_entry); + $s_entry= preg_replace("/-[^-]*$/i", "", $s_entry); + }else{ + $s_tab= "generic"; + } + + /******************** + Edit existing entry + ********************/ + + if (($s_action=="edit") && (!isset($this->acltabs->config))){ + + /* Get 'dn' from posted acl, must be unique */ + $this->dn= $this->list[trim($s_entry)]['dn']; + + /* Check locking, save current plugin in 'back_plugin', so + the dialog knows where to return. */ + if (($acl= get_lock($this->dn)) != ""){ + $_SESSION['LOCK_VARS_TO_USE'] = array("/^acl_edit/","/^acl_del/","/^id_/"); + return(gen_locked_message ($acl, $this->dn)); + } + + /* Lock the current entry, so everyone will get the above dialog */ + add_lock ($this->dn, $this->ui->dn); + + /* Set up the ACL's for this 'dn' */ + $acl= get_permissions ($this->dn, $this->ui->subtreeACL); + + /* Register acltabs to trigger edit dialog */ + $this->acltabs= new acl($this->config, $this->dn); + + /* Switch tab, if it was requested by user */ + $this->acltabs->current = $s_tab; + + /* Set ACL and move DN to the headline */ + $_SESSION['objectinfo']= $this->dn; + } + + + /******************** + Edit canceled + ********************/ + + /* Reset all relevant data, if we get a _cancel request */ + if (isset($_POST['edit_cancel']) || isset($_POST['cancel_new_acl'])){ + if (isset($this->acltabs)){ + del_lock ($this->dn); + unset ($this->acltabs); + } + $this->acltabs= NULL; + unset ($_SESSION['objectinfo']); + } + + + /******************** + Delete entry requested, display confirm dialog + ********************/ + + /* Remove acl was requested */ + if ($s_action=="del"){ + + /* Get 'dn' from posted acl */ + $this->dn= $this->list[trim($s_entry)]['dn']; + + /* Load permissions for selected 'dn' and check if + we're allowed to remove this 'dn' */ + $acl = get_permissions ($this->dn, $this->ui->subtreeACL); + $this->acl= get_module_permission($acl, "acl", $this->dn); + if (chkacl($this->acl, "delete") == ""){ + + /* Check locking, save current plugin in 'back_plugin', so + the dialog knows where to return. */ + if (($acl= get_lock($this->dn)) != ""){ + $_SESSION['LOCK_VARS_TO_USE'] = array("/^acl_edit/","/^acl_del/","/^id_/"); + return(gen_locked_message ($acl, $this->dn)); + } + + /* Lock the current entry, so nobody will edit it during deletion */ + add_lock ($this->dn, $this->ui->dn); + $smarty->assign("info", sprintf(_("You're about to delete the acl %s."), @LDAP::fix($this->dn))); + return($smarty->fetch(get_template_path('remove.tpl', TRUE))); + } else { + + /* Obviously the acl isn't allowed to delete. Show message and + clean session. */ + print_red (_("You are not allowed to delete this acl!")); + } + } + + + /******************** + Delete entry confirmed + ********************/ + + /* Confirmation for deletion has been passed. Acl should be deleted. */ + if (isset($_POST['delete_acl_confirmed'])){ + + /* Some nice guy may send this as POST, so we've to check + for the permissions again. */ + if (chkacl($this->acl, "delete") == ""){ + + /* Delete request is permitted, perform LDAP action */ + $this->acltabs= new acl($this->config, $this->dn); + $this->acltabs->delete (); + gosa_log ("ACL object '".$this->dn."' has been removed"); + unset ($this->acltabs); + $this->acltabs= NULL; + } else { + + /* Normally this shouldn't be reached, send some extra + logs to notify the administrator */ + print_red (_("You are not allowed to delete this acl!")); + + if(isset($this->ui->uid)){ + gosa_log ("Warning: '".$this->ui->uid."' tried to trick acl deletion."); + } + } + + /* Remove lock file after successfull deletion */ + del_lock ($this->dn); + } + + + /******************** + Delete entry Canceled + ********************/ + + /* Delete acl canceled? */ + if (isset($_POST['delete_cancel'])){ + del_lock ($this->dn); + } + + + /******************** + Edit entry finished (Save) + ********************/ + + /* Finish acl edit is triggered by the tabulator dialog, so + the acl wants to save edited data. Check and save at this + point. */ + if ((isset($_POST['submit_new_acl']) || isset($_POST['edit_finish']) || isset($_POST['edit_apply'])) && (isset($this->acltabs->config))){ + + /* Check tabs, will feed message array */ + $this->acltabs->last= $this->acltabs->current; + $this->acltabs->save_object(); + $message= $this->acltabs->check(); + + /* Save, or display error message? */ + if (count($message) == 0){ + + /* No errors. Go ahead and prepare to ask for a password + in case we're creating a new acl. 'dn' will be 'new' + in this case. It is set to the correct value later. */ + if ($this->dn == "new"){ + $set_pass= 1; + } else { + $set_pass= 0; + } + + /* Save acl data to ldap */ + if($this->acltabs->save() == 1){ + gosa_log ("ACL object '".$this->dn."' saving failed."); + return; + } + gosa_log ("ACL object '".$this->dn."' has been saved"); + + if (!isset($_POST['edit_apply'])){ + + /* ACl has been saved successfully, remove lock from LDAP. */ + if ($this->dn != "new"){ + del_lock ($this->dn); + } + + unset ($this->acltabs); + $this->acltabs= NULL; + unset ($_SESSION['objectinfo']); + } + } else { + /* Ok. There seem to be errors regarding to the tab data, + show message and continue as usual. */ + show_errors($message); + } + } + + + /******************** + Display subdialog + ********************/ + + /* Show tab dialog if object is present */ + if(isset($this->acltabs->config)){ + $display= $this->acltabs->execute(); + + /* Don't show buttons if tab dialog requests this */ +# if(isset($this->acltabs->by_object)){ +# if (!$this->acltabs->dialog){ +# $display.= "

\n"; +# $display.= "\n"; +# $display.= " \n"; +# if ($this->dn != "new"){ +# $display.= "\n"; +# $display.= " \n"; +# } +# $display.= "\n"; +# $display.= "

"; +# } +# } + return ($display); + } + + /* Check if there is a snapshot dialog open */ + $base = $this->DivListACL->selectedBase; + if($str = $this->showSnapshotDialog($base,$this->get_used_snapshot_bases())){ + return($str); + } + + /* Return rendered main page */ + /* Display dialog with system list */ + $this->DivListACL->parent = $this; + $this->DivListACL->execute(); + + /* Add departments if subsearch is disabled */ + if(!$this->DivListACL->SubSearch){ + $this->DivListACL->AddDepartments($this->DivListACL->selectedBase,3); + } + $this->reload(); + $this->DivListACL->setEntries($this->list); + return($this->DivListACL->Draw()); + } + + + /* Return departments, that will be included within snapshot detection */ + function get_used_snapshot_bases() + { + return(array(get_people_ou().$this->DivListACL->selectedBase)); + } + + + function reload() + { + #FIXME Implement regex objectClass and so on ... + /* Get divlist informations from filter part */ + $Regex = $this->DivListACL -> Regex; + $SubSearch = $this->DivListACL -> SubSearch; + $base = $_SESSION['CurrentMainBase']; + $Attrs = array("ou","gosaAclEntry","objectClass"); + + /* Get ldap connection */ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($base); + + /* Create filter */ + $Filter = "objectClass=gosaACL"; + $Flags = GL_SIZELIMIT; + + /* Subserach ? */ + if($SubSearch){ + $Flags |= GL_SUBSEARCH; + } + + /* Get objects */ + $res= get_list($Filter, $this->ui->subtreeACL,$base, $Attrs, $Flags); + + $this->list = $res; + } + + + function remove_lock() + { + /* Remove acl lock if a DN is marked as "currently edited" */ + if (isset($this->acltabs->dn)){ + del_lock ($this->acltabs->dn); + } + } + + + function save_object() + { + /* Handle divlist filter && department selection*/ + if(!is_object($this->acltabs)){ + $this->DivListACL->save_object(); + } + } + + /* A set of disabled and therefore overloaded functions. They are + not needed in this class. */ + function remove_from_parent() { } + function check() { } + function save() { } + function adapt_from_template($dn) { } + function password_change_needed() { } + function show_header($button_text, $text, $disabled= FALSE) { } + +} +// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: +?> diff --git a/plugins/admin/acl/class_divListACL.inc b/plugins/admin/acl/class_divListACL.inc new file mode 100644 index 000000000..2e0e3c1c6 --- /dev/null +++ b/plugins/admin/acl/class_divListACL.inc @@ -0,0 +1,131 @@ +parent = $parent; + $this->ui = get_userinfo(); + + /* Set list strings */ + $this->SetTitle(_("List of acl")); + $this->SetSummary(_("List of acls")); + + /* Result page will look like a headpage */ + $this->SetHeadpageMode(); + $this->SetInformation(_("This menu allows you to edit and delete selected acls.")); + + $this->EnableAplhabet (true); + + /* Disable buttonsm */ + $this->EnableCloseButton(false); + $this->EnableSaveButton (false); + + /* Dynamic action col, depending on snapshot icons */ + $action_col_size = 80; + + /* set Page header */ + $this->AddHeader(array("string"=>" ", "attach"=>"style='width:20px;'")); + $this->AddHeader(array("string"=>_("Summary"))); + $this->AddHeader(array("string"=>_("Actions"), "attach" => "style='width:".$action_col_size."px;border-right:0px;text-align:right;'")); + + /* Add SubSearch checkbox */ +// $this->AddCheckBox(SEPERATOR); + $this->AddCheckBox("SubSearch", _("Select to search within subtrees"), _("Ignore subtrees"), false); + + /* Name ,Text ,Default , Connect with alphabet */ + $this->AddRegex ("Regex", _("Display acls matching"),"Not implemented yet" , true); + } + + + function GenHeader() + { + /* Prepare departments, + which are shown in the listbox on top of the listbox + */ + $options= ""; + foreach ($this->config->idepartments as $key => $value){ + if ($this->selectedBase == $key){ + $options.= ""; + } else { + $options.= ""; + } + } + + /* Create header with selected base */ + $listhead = "
". + "  ". + "  ". + "  ". + "  ". + "  "; + $listhead .= $this->get_snapshot_header($this->selectedBase); + $listhead .= + _("Base")." ". + "  ". + "
"; + + $this->SetListHeader($listhead); + } + + /* so some basic settings */ + function execute() + { + $this->ClearElementsList(); + $this->GenHeader(); + } + + function setEntries($list) + { + $list_left_icon = ""._("Acl").""; + + foreach($list as $key => $acl_entry){ + + $action = ""; + $action.= $this->GetSnapShotActions($acl_entry['dn']); + $action.= ""; + + $field1 = array("string" => $list_left_icon, "attach"=> "style='text-align:center;width:20px;'"); + $field2 = array("string" => htmlentities(utf8_decode($acl_entry['dn'])),"attach" => ""); + $field3 = array("string" => preg_replace("/%KEY%/",$key,$action), "attach"=> "style='text-align:center;width:80px;border-right:0px;'"); + + $this->AddElement(array($field1,$field2,$field3)); + } + } + + function Save() + { + MultiSelectWindow :: Save(); + } + + function save_object() + { + /* Save automatic created POSTs like regex, checkboxes */ + MultiSelectWindow::save_object(); + } +} +// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: +?> diff --git a/plugins/admin/acl/main.inc b/plugins/admin/acl/main.inc index a1c2296f6..b02543c41 100644 --- a/plugins/admin/acl/main.inc +++ b/plugins/admin/acl/main.inc @@ -28,31 +28,31 @@ if ($remove_lock){ } else { $display= "No headpage yet for this module"; -# /* Create usermanagement object on demand */ -# if (!isset($_SESSION['macl']) || (isset($_GET['reset']) && $_GET['reset'] == 1)){ -# $_SESSION['macl']= new aclManagement($config, $ui); -# } -# $macl= $_SESSION['macl']; -# -# /* Show and save dialog */ -# $macl->save_object(); -# $output= $macl->execute(); -# -# /* Page header*/ -# if (isset($_SESSION['objectinfo'])){ -# $display= print_header(get_template_path('images/acl.png'), _("ACL management"), "\"\" ".@LDAP::fix($_SESSION['objectinfo'])); -# } else { -# $display= print_header(get_template_path('images/acl.png'), _("ACL management")); -# } -# -# /* Reset requested? */ -# if (isset($_GET['reset']) && $_GET['reset'] == 1){ -# del_lock ($ui->dn); -# sess_del ('macl'); -# } -# -# $display.= $output; -# $_SESSION['macl']= $macl; + /* Create usermanagement object on demand */ +if (!isset($_SESSION['macl']) || (isset($_GET['reset']) && $_GET['reset'] == 1)){ + $_SESSION['macl']= new aclManagement($config, $ui); + } + $macl= $_SESSION['macl']; + + /* Show and save dialog */ + $macl->save_object(); + $output= $macl->execute(); + + /* Page header*/ + if (isset($_SESSION['objectinfo'])){ + $display= print_header(get_template_path('images/acl.png'), _("ACL management"), "\"\" ".@LDAP::fix($_SESSION['objectinfo'])); + } else { + $display= print_header(get_template_path('images/acl.png'), _("ACL management")); + } + + /* Reset requested? */ + if (isset($_GET['reset']) && $_GET['reset'] == 1){ + del_lock ($ui->dn); + sess_del ('macl'); + } + + $display.= $output; + $_SESSION['macl']= $macl; } ?> diff --git a/plugins/admin/acl/remove.tpl b/plugins/admin/acl/remove.tpl new file mode 100755 index 000000000..dd2160e34 --- /dev/null +++ b/plugins/admin/acl/remove.tpl @@ -0,0 +1,17 @@ +
+ {t}Warning{/t} +
+

+ {$info} + {t}This includes all system and setup informations. Please double check if your really want to do this since there is no way for GOsa to get your data back.{/t} +

+ +

+ {t}Best thing to do before performing this action would be to save the current contents of your LDAP tree in a file. So - if you've done so - press 'Delete' to continue or 'Cancel' to abort.{/t} +

+ +

+ +   + +

-- 2.30.2