From bb68056b0d054f62fd3ebd2addb96374faa44be8 Mon Sep 17 00:00:00 2001 From: hickert Date: Fri, 24 Nov 2006 06:06:27 +0000 Subject: [PATCH] Added initial content fot the "has_complete_category_acls" function. Fixed system Management object remove, copy & paste / snapshot icons & acls git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5212 594d385d-05f5-0310-b6e9-bd551577e9d8 --- include/class_userinfo.inc | 46 ++++++++++++- plugins/admin/systems/class_divListSystem.inc | 30 ++++++-- .../admin/systems/class_systemManagement.inc | 68 ++++++++++++------- 3 files changed, 112 insertions(+), 32 deletions(-) diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index b057fd066..85417cdb1 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -33,6 +33,7 @@ class userinfo var $ACL= array(); var $ocMapping= array(); var $groups= array(); + var $result_cache =array(); /* get acl's an put them into the userinfo object attr subtreeACL (userdn:components, userdn:component1#sub1#sub2,component2,...) */ @@ -95,6 +96,7 @@ class userinfo $this->ACL= array(); $this->groups= array(); + $this->result_cache =array(); $ldap= $this->config->get_ldap_link(); $ldap->cd($this->config->current['BASE']); @@ -410,11 +412,49 @@ class userinfo return ($acl); } - function has_complete_category_acls($base,$category) + + /* #FIXME This could be logical wrong or could be optimized in the future + Return combined acls for a given category. + All acls will be combined like boolean AND + As example ('rwcdm' + 'rcd' + 'wrm'= 'r') + + Results will be cached in $this->result_cache. + $this->result_cache will be resetted if load_acls is called. + */ + function has_complete_category_acls($dn,$category) { - return($this->get_permissions($base,"all/all")); + $acl = "rwcdm"; + $types = "rwcdm"; + + + if(!is_string($category)){ + trigger_error("category must be string"); + $acl = ""; + }else{ + if(!isset($this->result_cache['has_complete_category_acls'][$dn][$category])) { + if (isset($this->ocMapping[$category])){ + foreach($this->ocMapping[$category] as $oc){ + + /* Skip objectClass '0' (e.g. users/0) get_permissions will ever return '' ?? */ + if($oc == "0") continue; + $tmp = $this->get_permissions($dn, $category."/".$oc); + for($i = 0 ; $i < strlen($types); $i++) { + if(!preg_match("/".$types[$i]."/",$tmp)){ + $acl = preg_replace("/".$types[$i]."/","",$acl); + } + } + } + }else{ + trigger_error("Invalid type of category ".$category); + $acl = ""; + } + $this->result_cache['has_complete_category_acls'][$dn][$category] = $acl; + }else{ + $acl = $this->result_cache['has_complete_category_acls'][$dn][$category]; + } + } + return($acl); } - } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: diff --git a/plugins/admin/systems/class_divListSystem.inc b/plugins/admin/systems/class_divListSystem.inc index 7544aceae..4332d8c83 100644 --- a/plugins/admin/systems/class_divListSystem.inc +++ b/plugins/admin/systems/class_divListSystem.inc @@ -102,7 +102,6 @@ class divListSystem extends MultiSelectWindow $ui= get_userinfo(); $department = array(); foreach($this->module as $module){ - $d = $ui->get_module_departments($module); foreach($d as $department){ $departments[$department] = $department; @@ -123,6 +122,13 @@ class divListSystem extends MultiSelectWindow } } + /* If there is at least one c (Create) and one w (Write) acl in this combination + display the snapshot paste icon. BUT check the correct acls in the management plugin */ + $all_module_acls = ""; + foreach($this->module as $module){ + $all_module_acls .= $ui->has_complete_category_acls($this->selectedBase,$module)." | ".$module."
"; + } + $listhead = "
". "  ". @@ -132,7 +138,10 @@ class divListSystem extends MultiSelectWindow title='"._("Go to users department")."' alt='"._("Home")."' name='dep_home'> ". "  ". "  "; - $listhead .= $this->get_snapshot_header($this->selectedBase); + + if(preg_match("/(c.*w|w.*c)/",$all_module_acls)){ + $listhead .= $this->get_snapshot_header($this->selectedBase); + } $listhead .= " ". " %s"; + /* ACL mapping */ + $acl_type = array("server" => "ser"); + $ui = get_userinfo(); + // Test Every Entry and generate divlist Array foreach($terminals as $key => $val){ - $action= ""; - $action.= $this->GetSnapShotActions($val['dn']); - $action.= ""; + $type = $this->parent->get_system_type($val['objectClass']); + $acl_all = $ui->has_complete_category_acls($val['dn'],$type) ; + + $action= ""; + if(preg_match("/(c.*w|w.*c)/",$acl_all)){ + $action.= $this->GetSnapShotActions($val['dn']); + } + $action.= ""; /* Generate picture list, which is currently disabled */ if(in_array("goCupsServer" ,$val['objectClass'])) $cups = $img1; else $cups =$empty; diff --git a/plugins/admin/systems/class_systemManagement.inc b/plugins/admin/systems/class_systemManagement.inc index 5d655f75e..d20bc1766 100644 --- a/plugins/admin/systems/class_systemManagement.inc +++ b/plugins/admin/systems/class_systemManagement.inc @@ -299,13 +299,34 @@ class systems extends plugin if ($s_action=="del"){ /* Get 'dn' from posted termlinst */ - $this->dn= $this->terminals[$s_entry]['dn']; + $this->dn = $this->terminals[$s_entry]['dn']; + $attrs = $this->terminals[$s_entry]; + + $type= $this->get_system_type($attrs['objectClass']); + $ui = get_userinfo(); + $tabs = array( + "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal/termgeneric"), + "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation/workgeneric"), + "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server/servgeneric"), + "printer" => array("CLASS"=>"PRINTTABS", "TABCLASS" =>"printtabs", "ACL"=> "printer/printgenric"), + "phone" => array("CLASS"=>"PHONETABS", "TABCLASS" =>"phonetabs", "ACL"=> "phone/phoneGeneric"), + "winstation" => array("CLASS"=>"WINTABS", "TABCLASS" =>"wintabs", "ACL"=> "winworkstation/wingeneric"), + "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component/componentGeneric")); + + + /* get object type */ + $tabtype = "termtabs"; + $tabobj = "TERMTABS"; + $tabacl = ""; + if(isset($tabs[$type])){ + $tabtype = $tabs[$type]['TABCLASS']; + $tabobj = $tabs[$type]['CLASS']; + $tabacl = $ui->get_permissions($this->dn,$tabs[$type]['ACL']); + } /* Load permissions for selected 'dn' and check if we're allowed to remove this 'dn' */ - $ui = get_userinfo(); - $acl = $ui -> get_category_permissions($this->dn,"terminal"); - if(preg_match("/w/",$acl)){ + if(preg_match("/d/",$tabacl)){ /* Check locking, save current plugin in 'back_plugin', so the dialog knows where to return. */ @@ -341,35 +362,34 @@ class systems extends plugin $ui = get_userinfo(); $tabs = array( - "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal"), - "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation"), - "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server"), - "printer" => array("CLASS"=>"PRINTTABS", "TABCLASS" =>"printtabs", "ACL"=> "printer"), - "phone" => array("CLASS"=>"PHONETABS", "TABCLASS" =>"phonetabs", "ACL"=> "phone"), - "winstation" => array("CLASS"=>"WINTABS", "TABCLASS" =>"wintabs", "ACL"=> "winworkstation"), - "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component")); - - - /* get object type */ - $tabtype = "termtabs"; - $tabobj = "TERMTABS"; - $tabacl = ""; - if(isset($tabs[$type])){ - $tabtype = $tabs[$type]['TABCLASS']; - $tabobj = $tabs[$type]['CLASS']; - $tabacl = $ui->get_permissions($this->dn,$tabs[$type]['ACL']); - } + "terminal" => array("CLASS"=>"TERMTABS", "TABCLASS" =>"termtabs", "ACL"=> "terminal/termgeneric"), + "workstation" => array("CLASS"=>"WORKTABS", "TABCLASS" =>"worktabs", "ACL"=> "workstation/workgeneric"), + "server" => array("CLASS"=>"SERVTABS", "TABCLASS" =>"servtabs", "ACL"=> "server/servgeneric"), + "printer" => array("CLASS"=>"PRINTTABS", "TABCLASS" =>"printtabs", "ACL"=> "printer/printgenric"), + "phone" => array("CLASS"=>"PHONETABS", "TABCLASS" =>"phonetabs", "ACL"=> "phone/phoneGeneric"), + "winstation" => array("CLASS"=>"WINTABS", "TABCLASS" =>"wintabs", "ACL"=> "winworkstation/wingeneric"), + "component" => array("CLASS"=>"COMPONENTTABS","TABCLASS" =>"componenttabs", "ACL"=> "component/componentGeneric")); + + /* get object type */ + $tabtype = "termtabs"; + $tabobj = "TERMTABS"; + $tabacl = ""; + if(isset($tabs[$type])){ + $tabtype = $tabs[$type]['TABCLASS']; + $tabobj = $tabs[$type]['CLASS']; + $tabacl = $ui->get_permissions($this->dn,$tabs[$type]['ACL']); + } /* Check if we are allowed to remove this object */ if(preg_match("/d/",$tabacl)){ /* Delete request is permitted, perform LDAP action */ if($tabtype=="phonetabs"){ - $this->systab= new $tabtype($this->config, $this->config->data['TABS'][$tabobj], $this->dn,$tabs[$type]['ACL']); + $this->systab= new $tabtype($this->config, $this->config->data['TABS'][$tabobj], $this->dn,$type); $this->systab->set_acl_base($this->dn); $this->systab->by_object['phonegeneric']->remove_from_parent (); }else{ - $this->systab= new $tabtype($this->config,$this->config->data['TABS'][$tabobj], $this->dn,$tabs[$type]['ACL']); + $this->systab= new $tabtype($this->config,$this->config->data['TABS'][$tabobj], $this->dn,$type); $this->systab->set_acl_base($this->dn); $this->systab->delete(); } -- 2.30.2