From b2248ad967aeabe25d88a6b77c8bd8776b88fcdd Mon Sep 17 00:00:00 2001 From: cajus Date: Fri, 14 Aug 2009 08:56:07 +0000 Subject: [PATCH] Added acl handling and clickable actions menus git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@14063 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_listing.inc | 105 ++++++++++++++++++++++++++-- 1 file changed, 101 insertions(+), 4 deletions(-) diff --git a/gosa-core/include/class_listing.inc b/gosa-core/include/class_listing.inc index c8861a82c..0e0ee1641 100644 --- a/gosa-core/include/class_listing.inc +++ b/gosa-core/include/class_listing.inc @@ -345,7 +345,7 @@ echo "filter for images, action menu, sorting, department browsing, filter base } - function filterActions() + function filterActions($row, $dn) { return "TBD"; } @@ -486,6 +486,11 @@ echo "filter for images, action menu, sorting, department browsing, filter base } } + // Filter POST with "act" attributes -> posted from action menu + if (isset($_POST['act']) && $_POST['act'] != '') { + $result['action']= validate($_POST['act']); + } + return $result; } @@ -499,7 +504,8 @@ echo "filter for images, action menu, sorting, department browsing, filter base // Load shortcut $actions= &$this->xmlData['actionmenu']['action']; - $result= ""; @@ -552,6 +579,76 @@ echo "filter for images, action menu, sorting, department browsing, filter base } + function hasActionPermission($action, $dn) + { + $ui= get_userinfo(); + + if (isset($action['acl'])) { + $acls= $action['acl']; + if (!is_array($acls)) { + $acls= array($acls); + } + + // Every ACL has to pass + foreach ($acls as $acl) { + $module= $this->module; + $acllist= array(); + + // Split for category and plugins if needed + // match for "[rw]" style entries + if (preg_match('/^\[([rwcdm]+)\]$/', $acl, $match)){ + $aclList= array($match[1]); + } + + // match for "users[rw]" style entries + if (preg_match('/^([a-zA-Z0-9]+)\[([rwcdm]+)\]$/', $acl, $match)){ + $module= $match[1]; + $aclList= array($match[2]); + } + + // match for "users/user[rw]" style entries + if (preg_match('/^([a-zA-Z0-9]+\/[a-zA-Z0-9]+)\[([rwcdm]+)\]$/', $acl, $match)){ + $module= $match[1]; + $aclList= array($match[2]); + } + + // match "users/user[userPassword:rw(,...)*]" style entries + if (preg_match('/^([a-zA-Z0-9]+\/[a-zA-Z0-9]+)\[([a-zA-Z0-9]+:[rwcdm]+(,[a-zA-Z0-9]+:[rwcdm]+)*)\]$/', $acl, $match)){ + $module= $match[1]; + $aclList= split(',', $match[2]); + } + + // Walk thru prepared ACL by using $module + foreach($aclList as $sAcl) { + $checkAcl= ""; + + // Category or detailed permission? + if (strpos('/', $module) === false) { + if (preg_match('/([a-zA-Z0-9]+):([rwcdm]+)/', $sAcl, $m) ) { + $checkAcl= $ui->get_permissions($dn, $module, $m[1]); + $sAcl= $m[2]; + } else { + $checkAcl= $ui->get_permissions($dn, $module, '0'); + } + } else { + $checkAcl= $ui->get_category_permissions($dn, $module); + } + + // Split up remaining part of the acl and check if it we're + // allowed to do something... + $parts= str_split($sAcl); + foreach ($parts as $part) { + if (strpos($checkAcl, $part) === false){ + return false; + } + } + + } + } + } + + return true; + } } ?> -- 2.30.2