From b2e9fd7d69ddc3d473f1b5225e24fe95310a06b8 Mon Sep 17 00:00:00 2001 From: hickert Date: Fri, 2 Dec 2005 13:20:07 +0000 Subject: [PATCH] Checked and fixed department acl git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@2208 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../departments/class_departmentGeneric.inc | 121 +++++++++--------- .../class_departmentManagement.inc | 5 +- plugins/admin/groups/acl_definition.inc | 6 +- 3 files changed, 70 insertions(+), 62 deletions(-) diff --git a/plugins/admin/departments/class_departmentGeneric.inc b/plugins/admin/departments/class_departmentGeneric.inc index 74e871a5b..afa6e2744 100644 --- a/plugins/admin/departments/class_departmentGeneric.inc +++ b/plugins/admin/departments/class_departmentGeneric.inc @@ -43,75 +43,84 @@ class department extends plugin function department ($config, $dn) { - plugin::plugin($config, $dn); - $this->is_account= TRUE; - $this->ui= get_userinfo(); - $this->dn= $dn; - $this->orig_dn= $dn; - $this->config= $config; - - /* Set base */ - if ($this->dn == "new"){ - $ui= get_userinfo(); - if(isset($_SESSION['depfilter']['depselect'])){ - $this->base = $_SESSION['depfilter']['depselect']; - }else{ - $this->base= dn2base($ui->dn); - } - } else { - $this->base= preg_replace ("/^[^,]+,/", "", $this->dn); - } + + plugin::plugin($config, $dn); + $this->is_account= TRUE; + $this->ui= get_userinfo(); + $this->dn= $dn; + $this->orig_dn= $dn; + $this->config= $config; + + /* Set base */ + if ($this->dn == "new"){ + $ui= get_userinfo(); + if(isset($_SESSION['depfilter']['depselect'])){ + $this->base = $_SESSION['depfilter']['depselect']; + }else{ + $this->base= dn2base($ui->dn); + } + } else { + $this->base= preg_replace ("/^[^,]+,/", "", $this->dn); + } + /* set permissions */ + $ui= get_userinfo(); + $acl= get_permissions ($ui->dn, $ui->subtreeACL); + $this->acl= get_module_permission($acl, "department", $ui->dn); } function execute() { - /* Call parent execute */ - plugin::execute(); - - /* Reload departments */ - $this->config->departments= get_departments($this->dn); - $this->config->make_idepartments(); - $smarty= get_smarty(); - - /* Hide all departments, that are subtrees of this department */ - $bases = $this->config->idepartments; - $tmp = array(); - foreach($bases as $dn=>$base){ - $fixed = str_replace("/","\\",$this->dn); - /* Only attach departments which are not a subtree of this one */ - if(!preg_match("/".$fixed."/",$dn)){ - $tmp[$dn]=$base; + /* Call parent execute */ + plugin::execute(); + + /* Reload departments */ + $this->config->departments= get_departments($this->dn); + $this->config->make_idepartments(); + $smarty= get_smarty(); + + /* Hide all departments, that are subtrees of this department */ + $bases = $this->config->idepartments; + if(($this->dn == "new")||($this->dn == "")){ + $tmp = $bases; + }else{ + $tmp = array(); + foreach($bases as $dn=>$base){ + $fixed = str_replace("/","\\",$this->dn); + /* Only attach departments which are not a subtree of this one */ + if(!preg_match("/".$fixed."/",$dn)){ + $tmp[$dn]=$base; + } + } } - } - $smarty->assign("bases", $tmp); - - foreach ($this->attributes as $val){ - $smarty->assign("$val", $this->$val); - $smarty->assign("$val"."ACL", chkacl($this->acl, "$val")); - } - $smarty->assign("base_select", $this->base); - return($smarty->fetch (get_template_path('generic.tpl', TRUE))); + $smarty->assign("bases", $tmp); + + foreach ($this->attributes as $val){ + $smarty->assign("$val", $this->$val); + $smarty->assign("$val"."ACL", chkacl($this->acl, "$val")); + } + $smarty->assign("base_select", $this->base); + return($smarty->fetch (get_template_path('generic.tpl', TRUE))); } function clear_fields() { - $this->dn= ""; - $this->base= ""; - $this->acl= "#none#"; + $this->dn= ""; + $this->base= ""; + $this->acl= "#none#"; - foreach ($this->attributes as $val){ - $this->$val= ""; - } + foreach ($this->attributes as $val){ + $this->$val= ""; + } } function remove_from_parent() { - $ldap= $this->config->get_ldap_link(); - $ldap->cd ($this->dn); - $ldap->recursive_remove(); + $ldap= $this->config->get_ldap_link(); + $ldap->cd ($this->dn); + $ldap->recursive_remove(); - /* Optionally execute a command after we're done */ + /* Optionally execute a command after we're done */ $this->handle_post_events('remove'); } @@ -136,10 +145,8 @@ class department extends plugin $message= array(); /* Permissions for that base? */ - $this->dn= "ou=$this->ou,".$this->base; - $acl= get_permissions ($this->dn, $this->ui->subtreeACL); - $acl= get_module_permission($acl, "department", $this->dn); - if (chkacl($acl, "create") != ""){ +// $this->dn= "ou=$this->ou,".$this->base; + if (chkacl($this->acl, "create") != ""){ $message[]= _("You have no permissions to create a department on this 'Base'."); } diff --git a/plugins/admin/departments/class_departmentManagement.inc b/plugins/admin/departments/class_departmentManagement.inc index 0575c45fe..52ff0768c 100644 --- a/plugins/admin/departments/class_departmentManagement.inc +++ b/plugins/admin/departments/class_departmentManagement.inc @@ -142,12 +142,9 @@ class departmentManagement extends plugin /* New Entry if Posted action (s_action) == new */ if ($s_action=="new"){ - $this->acl= array(":all"); $this->dn= "new"; - $this->deptabs= new deptabs($this->config, $this->config->data['TABS']['DEPTABS'], $this->dn); - $this->deptabs->set_acl($this->acl); } /* Edit Entry if Posted action (s_action) == edit @@ -197,7 +194,7 @@ class departmentManagement extends plugin if (isset($_POST['delete_department_confirm'])){ $acl= get_permissions ($this->dn, $this->ui->subtreeACL); $acl= get_module_permission($acl, "department", $this->dn); - if (chkacl($acl, "all") == ""){ + if (chkacl($acl, "delete") == ""){ $this->remove_from_parent(); gosa_log ("Department object'".$this->dn."' has been removed"); $this->reload (); diff --git a/plugins/admin/groups/acl_definition.inc b/plugins/admin/groups/acl_definition.inc index 02c8004ae..deafb3eb8 100644 --- a/plugins/admin/groups/acl_definition.inc +++ b/plugins/admin/groups/acl_definition.inc @@ -8,11 +8,15 @@ $ACLD['application']=array("cn" => "LDAP name", "gosaApplicationExecute" => "Execute", "gosaApplicationFlags" => "Modify flags", "gosaApplicationName" => "Visible name"); -$ACLD['department']= array("businessCategory", +$ACLD['department']= array( + "businessCategory", "description", "facsimileTelephoneNumber", "l", "ou", + "create", + "delete", + "base", "postalAddress", "st", "telephoneNumber"); -- 2.30.2