From c5849fe4df3ee6b875d778c8cff862b2bf31eeb3 Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 14 May 2008 09:11:03 +0000 Subject: [PATCH] Added ignore_acl option for gosa.conf. git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@10884 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-core/include/class_userinfo.inc | 32 ++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc index bba185e0a..c1263330c 100644 --- a/gosa-core/include/class_userinfo.inc +++ b/gosa-core/include/class_userinfo.inc @@ -178,6 +178,13 @@ class userinfo function get_category_permissions($dn, $category) { + /* If we are forced to skip ACLs checks for the current user + then return all permissions. + */ + if($this->ignore_acl_for_current_user()){ + return("rwcdm"); + } + /* Get list of objectClasses and get the permissions for it */ $acl= ""; if (isset($this->ocMapping[$category])){ @@ -194,6 +201,13 @@ class userinfo function get_permissions($dn, $object, $attribute= "", $skip_write= FALSE) { + /* If we are forced to skip ACLs checks for the current user + then return all permissions. + */ + if($this->ignore_acl_for_current_user()){ + return("rwcdm"); + } + /* Push cache answer? */ $ACL_CACHE = &session::get('ACL_CACHE'); if (isset($ACL_CACHE["$dn+$object+$attribute"])){ @@ -293,6 +307,14 @@ class userinfo accessible department) */ function get_module_departments($module) { + + /* If we are forced to skip ACLs checks for the current user + then return all departments as valid. + */ + if($this->ignore_acl_for_current_user()){ + return(array_keys($this->config->idepartments)); + } + /* Use cached results if possilbe */ $ACL_CACHE = session::get('ACL_CACHE'); if(isset($ACL_CACHE['MODULE_DEPARTMENTS'][serialize($module)])){ @@ -505,6 +527,16 @@ class userinfo } return($acl); } + + + /*! \brief Returns TRUE if the current user is configured in IGNORE_ACL=".." in your gosa.conf + @param Return Boolean TRUE if we have to skip ACL checks else FALSE. + */ + function ignore_acl_for_current_user() + { + return(isset($this->config->current['IGNORE_ACL']) && $this->config->current['IGNORE_ACL'] == $this->dn); + } + } // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler: -- 2.30.2