From cf492d5960206b4556e086e951c4b0b5558d58bd Mon Sep 17 00:00:00 2001 From: hickert Date: Wed, 13 Dec 2006 11:35:59 +0000 Subject: [PATCH] Some additional acl handling for aclManagement git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@5378 594d385d-05f5-0310-b6e9-bd551577e9d8 --- plugins/admin/acl/class_aclManagement.inc | 53 +++++++++++------------ plugins/admin/acl/class_divListACL.inc | 46 +++++++++++++++----- 2 files changed, 61 insertions(+), 38 deletions(-) diff --git a/plugins/admin/acl/class_aclManagement.inc b/plugins/admin/acl/class_aclManagement.inc index d21419fdb..2a849b1c7 100644 --- a/plugins/admin/acl/class_aclManagement.inc +++ b/plugins/admin/acl/class_aclManagement.inc @@ -96,25 +96,31 @@ class aclManagement extends plugin /* Get 'dn' from posted acl, must be unique */ $this->dn= $this->list[trim($s_entry)]['dn']; - /* Check locking, save current plugin in 'back_plugin', so - the dialog knows where to return. */ - if (($acl= get_lock($this->dn)) != ""){ - return(gen_locked_message ($acl, $this->dn)); - } + /* Check permissions */ + if(preg_match("/r/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){ + + /* Check locking, save current plugin in 'back_plugin', so + the dialog knows where to return. */ + if (($acl= get_lock($this->dn)) != ""){ + return(gen_locked_message ($acl, $this->dn)); + } - /* Lock the current entry, so everyone will get the above dialog */ - add_lock ($this->dn, $this->ui->dn); + /* Lock the current entry, so everyone will get the above dialog */ + add_lock ($this->dn, $this->ui->dn); - /* Register acltabs to trigger edit dialog */ - $this->acltabs= new acl($this->config, NULL,$this->dn); - $this->acltabs-> set_acl_base($this->dn); - $this->acltabs-> set_acl_category("acl"); + /* Register acltabs to trigger edit dialog */ + $this->acltabs= new acl($this->config, NULL,$this->dn); + $this->acltabs-> set_acl_base($this->dn); + $this->acltabs-> set_acl_category("acl"); - /* Switch tab, if it was requested by user */ - $this->acltabs->current = $s_tab; + /* Switch tab, if it was requested by user */ + $this->acltabs->current = $s_tab; - /* Set ACL and move DN to the headline */ - $_SESSION['objectinfo']= $this->dn; + /* Set ACL and move DN to the headline */ + $_SESSION['objectinfo']= $this->dn; + }else{ + print_red(_("You are not allowed to edit this acl.")); + } } @@ -147,9 +153,8 @@ class aclManagement extends plugin /* Get 'dn' from posted acl */ $this->dn= $this->list[trim($s_entry)]['dn']; - - # FIXME CHECK ACLs here - if(1 == 1 ){ + /* Check permissions */ + if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){ /* Check locking, save current plugin in 'back_plugin', so the dialog knows where to return. */ if (($acl= get_lock($this->dn)) != ""){ @@ -177,9 +182,8 @@ class aclManagement extends plugin /* Confirmation for deletion has been passed. Acl should be deleted. */ if (isset($_POST['delete_acl_confirmed'])){ - /* Some nice guy may send this as POST, so we've to check - for the permissions again. */ - if (chkacl($this->acl, "delete") == ""){ + /* Check permissions */ + if(preg_match("/d/",$this->ui->get_permissions($this->dn,"acl/aclManagement"))){ /* Delete request is permitted, perform LDAP action */ $this->acltabs= new acl($this->config, NULL,$this->dn); @@ -310,13 +314,6 @@ class aclManagement extends plugin } - /* Return departments, that will be included within snapshot detection */ - function get_used_snapshot_bases() - { - return(array(get_people_ou().$this->DivListACL->selectedBase)); - } - - function reload() { #FIXME Implement regex objectClass and so on ... diff --git a/plugins/admin/acl/class_divListACL.inc b/plugins/admin/acl/class_divListACL.inc index ec12ec856..dbfe2434d 100644 --- a/plugins/admin/acl/class_divListACL.inc +++ b/plugins/admin/acl/class_divListACL.inc @@ -64,18 +64,34 @@ class divListACL extends MultiSelectWindow function GenHeader() { - /* Prepare departments, + /* Prepare departments, which are shown in the listbox on top of the listbox */ $options= ""; - foreach ($this->config->idepartments as $key => $value){ - if ($this->selectedBase == $key){ - $options.= ""; - } else { - $options.= ""; + + /* Get all departments within this subtree */ + $base = $this->config->current['BASE']; + $deps= get_list("(&(|(ou=*)(description=*))(objectClass=gosaDepartment))", "acl", $base, + array("ou", "description"), GL_SIZELIMIT | GL_SUBSEARCH); + + /* Load possible departments */ + $ui = get_userinfo(); + $tdeps = $ui->get_module_departments("acl"); + $ids = $this->config->idepartments; + foreach($deps as $dep){ + if(isset($ids[$dep['dn']]) && in_array_ics($dep['dn'], $tdeps)){ + $value = $ids[$dep['dn']]; + if ($this->selectedBase == $dep['dn']){ + $options.= ""; + } else { + $options.= ""; + } } } + /* Get copy & paste icon */ + $acl = $ui->get_permissions($this->selectedBase,"acl/aclManagement"); + /* Create header with selected base */ $listhead = "
". " $acl_entry){ - $action = ""; - $action.= ""; + /* Get copy & paste icon */ + $acl = $this->ui->get_permissions($acl_entry['dn'],"acl/aclManagement"); + + $action = ""; + + /* Add actions depending on acls */ + if(preg_match("/r/", $acl)){ + $action.= ""; + } + if(preg_match("/d/", $acl)){ + $action.= ""; + } $field1 = array("string" => $list_left_icon, "attach"=> "style='text-align:center;width:20px;'"); $field2 = array("string" => sprintf($editlink,$key,htmlentities(utf8_decode($acl_entry['dn'])))." ","attach" => ""); -- 2.30.2