From e8306ac120542ef92c265021fdaa3cacaa55ac4d Mon Sep 17 00:00:00 2001 From: hickert Date: Mon, 7 Jan 2008 10:26:45 +0000 Subject: [PATCH] Updated groupMail account. -Fixed read & write of ldap acls. -Not tested yet git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8232 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../plugins/admin/groups/class_groupMail.inc | 290 ++++++++++-------- 1 file changed, 169 insertions(+), 121 deletions(-) diff --git a/gosa-core/plugins/admin/groups/class_groupMail.inc b/gosa-core/plugins/admin/groups/class_groupMail.inc index 43baee578..cf8bb77da 100644 --- a/gosa-core/plugins/admin/groups/class_groupMail.inc +++ b/gosa-core/plugins/admin/groups/class_groupMail.inc @@ -104,7 +104,7 @@ class mailgroup extends plugin } } - /* If this ins't new mailgroup, read all required data from ldap + /* If this isn't a new mailgroup, read all required data from ldap */ if (($dn != "new")&&($dn !== NULL)){ @@ -126,13 +126,13 @@ class mailgroup extends plugin /* Create new instance of our defined mailclass */ $method= new $this->method($this->config); - if ($method->connect($this->attrs["gosaMailServer"][0])){ - - /* Maybe the entry is not saved in new style, get - permissions from IMAP and convert them to acl attributes */ - if (!isset($this->attrs['acl'])){ + /* If we do NOT use kolab or equal methods, + read imap the acls from the mail method class. + They will be merged later with the ldap specified acls. + */ + if(!preg_match("/olab/i",$this->mmethod)){ $this->imapacl= $method->getSharedFolderPermissions($this->uid); /* Need to filter what a member acl could be... */ @@ -152,9 +152,7 @@ class mailgroup extends plugin $peek= $vote[$acl]; } } - } - /* Highest count wins as %members%, remove all members with the same acl */ if(!empty($leader)){ @@ -165,12 +163,11 @@ class mailgroup extends plugin unset($this->imapacl[$user]); } } + } - } // ENDE ! isset ($this->attrs['acl']) - /* Adapt attributes if needed */ $method->fixAttributesOnLoad($this); - + /* get Quota */ $quota= $method->getQuota($this->uid); @@ -186,13 +183,10 @@ class mailgroup extends plugin }else{ $this->quotaUsage = ""; $this->gosaMailQuota = ""; -// print_red(sprintf(_("Can't get quota information for '%s'."),$this->uid)); } $method->disconnect(); } // ENDE $method->connect($this->attrs["gosaMailServer"][0])){ - } // ENDE gosaMailServer - } // ENDE dn != "new" @@ -208,104 +202,111 @@ class mailgroup extends plugin /* Load permissions */ $tmp = array(); - if(preg_match("/olab/i",$this->mmethod)){ - $ldap = $this->config->get_ldap_link(); + $ldap = $this->config->get_ldap_link(); - if (isset($this->attrs['acl'])){ + /* Read acls from ldap and merge them with + * acls read from mail method. + */ + if (isset($this->attrs['acl'])){ - for ($i= 0; $i<$this->attrs['acl']['count']; $i++){ - list($user, $permission)= split(' ', $this->attrs['acl'][$i]); + for ($i= 0; $i<$this->attrs['acl']['count']; $i++){ + list($user, $permission)= split(' ', $this->attrs['acl'][$i]); - /* Add to list */ - $this->imapacl[$user]= $permission; + /* Add to list */ + $this->imapacl[$user]= $permission; - /* Get all user permissions sorted by acl, to detect the most used acl - This acl is then used for %members% - */ - if ($user != "anyone" && $user != "%members%"){ - $tmp[$permission][] = $user; - } + /* Get all user permissions sorted by acl, to detect the most used acl + This acl is then used for %members% + */ + if ($user != "anyone" && $user != "%members%"){ + $tmp[$permission][] = $user; + } - /* There is an entry in $this->imapacl like this this ... - $this->attrs['imapacl']['anyone'] = "p"; - $this->attrs['imapacl']['%members%'] = "lprs"; - $this->attrs['imapacl'][''] = ""; <------ This is used to diplay an empty - Field for special acls in our template. - If there is at least one special acl in out imapacl, - we don't need this entry anymore, because it is already displayed. - */ - if ($user != "anyone" && $user != "%members%"){ - unset($this->imapacl['']); - } + /* There is an entry in $this->imapacl like this this ... + $this->attrs['imapacl']['anyone'] = "p"; + $this->attrs['imapacl']['%members%'] = "lprs"; + $this->attrs['imapacl'][''] = ""; <------ This is used to diplay an empty + Field for special acls in our template. + If there is at least one special acl in out imapacl, + we don't need this entry anymore, because it is already displayed. + */ + if ($user != "anyone" && $user != "%members%"){ + unset($this->imapacl['']); } } + } - /* In this section we dectect which acl is tho most used - This will be used as %members% acl - */ - $tmp2 = array(); - foreach($tmp as $acl => $user){ - $tmp2[count($tmp[$acl])]=$acl; - } - /* Most used at last - */ - ksort($tmp2); - - /* Assign last (most used acl) to %members% acl - */ - $str = array_pop($tmp2); - if(!empty($str)) { - $this->imapacl['%members%']=$str; - } + /** + * Detect group members which use the same acl + * as used for %members% and remove them. + **/ - /* Open ldap connection - */ - $ldap = $this->config->get_ldap_link(); - $ldap->cd($this->config->current['BASE']); - - /* Remove those users, that use %members% acl && are member of this group. */ - foreach($this->imapacl as $mail => $permission){ - $ldap->search("(&(objectClass=person)(mail=".$mail."))",array("uid")); - $atr = $ldap->fetch(); - if((isset($this->attrs['memberUid'])) && (is_array($this->attrs['memberUid']))){ - if((isset($atr['uid'][0]))&&(in_array($atr['uid'][0],$this->attrs['memberUid']))&&($permission == $this->imapacl['%members%'])){ - unset($this->imapacl[$mail]); - } - } - } - /* Append an empty entry, for special acl handling */ - if(count($this->imapacl)==2){ - $this->imapacl[''] =""; - } - - }else{ // Not kolab - /* Load permissions */ - if (isset($this->attrs['acl'])){ - for ($i= 0; $i<$this->attrs['acl']['count']; $i++){ - list($user, $permission)= split(' ', $this->attrs['acl'][$i]); - $this->imapacl[$user]= $permission; - if ($user != "anyone" && $user != "%members%"){ - unset($this->imapacl['']); - } + /* In this section we detect which acl is the most used. + This will be used as %members% acl. + */ + $tmp2 = array(); + foreach($tmp as $acl => $user){ + $tmp2[count($tmp[$acl])]=$acl; + } + /* Most used at last + */ + ksort($tmp2); + + /* Assign last (most used acl) to %members% acl + */ + $str = array_pop($tmp2); + if(!empty($str)) { + $this->imapacl['%members%']=$str; + } + if(!isset($this->imapacl['%members%'])){ + $this->imapacl['%members%'] = "lrspw"; + } + + + /* Open ldap connection + */ + $ldap = $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + + /* Remove those users, that use %members% acl && are member of this group. */ + foreach($this->imapacl as $mail => $permission){ + $ldap->search("(&(objectClass=person)(|(mail=".$mail.")(uid=".$mail.")))",array("uid")); + $atr = $ldap->fetch(); + if((isset($this->attrs['memberUid'])) && (is_array($this->attrs['memberUid']))){ + if((isset($atr['uid'][0]))&&(in_array($atr['uid'][0],$this->attrs['memberUid']))&&($permission == $this->imapacl['%members%'])){ + unset($this->imapacl[$mail]); } } } - /* Load Mailserver + /** + * ENDE: Detect group member with same acl and replace them with %members% + **/ + $this->indexed_user = array("%members%","anyone"); + + /* Append an empty entry, for special acl handling */ + if(count($this->imapacl)==2){ + $this->imapacl[''] ="lrsw"; + $this->indexed_user[] = ''; + } + + /* Load Mailserver */ if(isset($this->attrs['gosaMailServer'][0])){ $this->gosaMailServer = $this->attrs['gosaMailServer'][0]; } /* Fill translations */ $this->perms["lrsw"]= _("read"); - $this->perms["lrspw"]= _("post"); + $this->perms["lrswp"]= _("post"); $this->perms["p"]= _("external post"); - $this->perms["lrsipw"]= _("append"); + $this->perms["lrswip"]= _("append"); $this->perms["lrswipcd"]= _("write"); $this->perms["lrswipcda"]= _("admin"); $this->perms[""]= _("none"); } + + function execute() { /* Call parent execute */ @@ -825,7 +826,6 @@ I: Only insider delivery */ } - /* Save data to LDAP, depending on is_account we save or delete */ function save() { @@ -839,8 +839,9 @@ I: Only insider delivery */ $this->attrs['gosaMailAlternateAddress'] = $this->gosaMailAlternateAddress; $this->attrs['gosaMailForwardingAddress'] = $this->gosaMailForwardingAddress; $this->attrs['gosaSharedFolderTarget'] = "share+".$this->uid; + $this->attrs['acl']= array(); - /* Only do IMAP actions if we are not a template */ + /* Prepare Mail server attribute */ if(preg_match("/olab/i",$this->mmethod)){ if (empty($this->gosaMailServer)||is_array($this->gosaMailServer)){ if(isset($this->attrs['gosaMailServer'][0])){ @@ -848,60 +849,105 @@ I: Only insider delivery */ } } } - - /* Exchange '%member%' pseudo entry */ + /* Exchange '%member%' pseudo entry */ $memberacl= $this->imapacl['%members%']; - foreach ($this->members as $user){ if (!isset($this->imapacl[$user])){ $this->imapacl[$user]= $memberacl; } } - - if(preg_match("/olab/i",$this->mmethod)){ - /* Save acl's */ - $this->attrs['acl']= array(); - foreach ($this->imapacl as $user => $acl){ - if ($user == "" || preg_match("/%members%/",$user)){ - continue; - } - $ldap->search("(&(objectClass=person)(|(uid=".$user.")(mail=".$user.")))",array("mail")); - $mail = $ldap->fetch(); - if(isset($mail['mail'][0])){ - $sacl = $mail['mail'][0]." ".$acl; - }else{ - $sacl= "$user $acl"; - } - if(!in_array($sacl,$this->attrs['acl'])){ - $this->attrs['acl'][]= $sacl; - } - } - - if(!empty($this->kolabFolderType_Type)){ + /* Prepare kolab attributes to be written */ + if(preg_match("/olab/i",$this->mmethod)){ + if(!empty($this->kolabFolderType_Type)){ $this->attrs['kolabFolderType'] = $this->kolabFolderType_Type.".".$this->kolabFolderType_SubType; }else{ $this->attrs['kolabFolderType'] = array(); } - }else{ + } - /* Save acl's */ - $this->attrs['acl']= array(); - foreach ($this->imapacl as $user => $acl){ - if ($user == "" || preg_match("/%members%/",$user)){ - continue; + /* Get naming attribute for mail accounts */ + $tmp = new $this->method($this->config); + $uattrib = $tmp->uattrib; + + /* Create ACL array + What is done here. + + 1. Do not write acl entries for empty entries. + 2. Check if given user is a valid GOsa user. + - If he is one, check if he has a valid mail extension + -If this is true, add the user to the ACL entry. + -If this is NOT true, skip ACL entries for this user. + - He is not a GOsa Account, so write the ACL. (Manually entered ACL) + 3. In case of "olab" mail method, remove the entry from the $this->imapacl array + because the kolab deamon will set the acls for us. + + */ + foreach ($this->imapacl as $user => $acl){ + + /* Skip empty entries */ + if (empty($user) || $user == ""){ + unset($this->imapacl[$user]); + } + + /* Skip placeholder */ + if (empty($user) || $user == "" || preg_match("/%members%/",$user)){ + continue; + } + + /* Check if your is a real GOsa user + * If user is a real GOsa user but do not have an email address - SKIP adding acls + * If user is a real GOsa user with an email address - add acls + */ + $ldap->search("(&(objectClass=person)(|(uid=".$user.")(mail=".$user.")))",array("mail","uid")); + if($ldap->count()){ + + /* Has the user a valid mail account? */ + $attrs = $ldap->fetch(); + if(isset($attrs['mail'][0])){ + + $name = $attrs[$uattrib][0]; + $this->attrs['acl'][]= $name." ".$acl; + + /* Do not write imap acl directly i nkolab mode, let the kolab deamon do this. */ + unset($this->imapacl[$user]); + if(!preg_match("/olab/i",$this->mmethod)){ + $this->imapacl[$name] = $acl; + } + + }else{ + + /* User is a valid GOsa account, but he has no mail extension. Skip ACLs */ + unset($this->imapacl[$user]); + } + }else{ + + /* Seems to be a manually a added acl + * Write this acl. + */ + $this->attrs['acl'][]= $user." ".$acl; + + /* In case of kolab methods, let the deamon add the imap acls */ + if(preg_match("/olab/i",$this->mmethod)){ + unset($this->imapacl[$user]); } - $this->attrs['acl'][]= "$user $acl"; } } + /* Handle mail method actions, set acls, quota ...*/ if ((!$this->is_template)&&(!empty($this->gosaMailServer))){ $method= new $this->method($this->config); $method->fixAttributesOnStore($this); if (($method->connect($this->gosaMailServer))){ $method->updateMailbox($this->uid); $method->setQuota($this->uid, $this->gosaMailQuota); - $method->setSharedFolderPermissions($this->uid, $this->imapacl); + + /* Only write imap acls directly if we are not + * using a kolab like mail method. + */ + if(!preg_match("/olab/i",$this->mmethod)){ + $method->setSharedFolderPermissions($this->uid, $this->imapacl); + } $method->disconnect(); } } @@ -929,6 +975,8 @@ I: Only insider delivery */ } } + + /* Check formular input */ function check() { -- 2.30.2