From ffb2f8eb18239a1d48ebd7f89d9d5557d97e6c6c Mon Sep 17 00:00:00 2001 From: cajus Date: Tue, 11 Jul 2006 09:53:44 +0000 Subject: [PATCH] Next load of acl changes git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@4097 594d385d-05f5-0310-b6e9-bd551577e9d8 --- .../themes/default/acl.tpl | 0 {plugins/admin/acl => include}/class_acl.inc | 63 ++++++++++++------- include/class_tabs.inc | 8 +-- include/class_userinfo.inc | 47 ++++++++++++++ include/functions.inc | 10 ++- .../departments/class_departmentGeneric.inc | 2 +- 6 files changed, 99 insertions(+), 31 deletions(-) rename plugins/admin/acl/contents.tpl => ihtml/themes/default/acl.tpl (100%) rename {plugins/admin/acl => include}/class_acl.inc (96%) diff --git a/plugins/admin/acl/contents.tpl b/ihtml/themes/default/acl.tpl similarity index 100% rename from plugins/admin/acl/contents.tpl rename to ihtml/themes/default/acl.tpl diff --git a/plugins/admin/acl/class_acl.inc b/include/class_acl.inc similarity index 96% rename from plugins/admin/acl/class_acl.inc rename to include/class_acl.inc index 1a1539eec..63f507622 100644 --- a/plugins/admin/acl/class_acl.inc +++ b/include/class_acl.inc @@ -30,7 +30,7 @@ class acl extends plugin var $savedAclContents= array(); - function acl ($config, $dn= NULL) + function acl ($config, $parent, $dn= NULL) { /* Include config object */ plugin::plugin($config, $dn); @@ -45,27 +45,14 @@ class acl extends plugin } ksort($this->gosaAclEntry); + /* Save parent - we've to know more about it than other plugins... */ + $this->parent= $parent; + /* Container? */ if (preg_match('/^(ou|c|l|dc)=/i', $dn)){ $this->isContainer= TRUE; } - /* Fill acl types */ - if ($this->isContainer){ - $this->aclTypes= array("reset" => _("Reset ACLs"), - "one" => _("One level"), - "base" => _("Current object"), - "sub" => _("Complete subtree"), - "psub" => _("Complete subtree (permanent)"), - "role" => _("Use ACL defined in role")); - } else { - $this->aclTypes= array("base" => _("Current object"), - "role" => _("Use ACL defined in role")); - } - asort($this->aclTypes); - $this->targets= array("user" => _("Users"), "group" => _("Groups")); - asort($this->targets); - /* Users */ $ui= get_userinfo(); $tag= $ui->gosaUnitTag; @@ -100,6 +87,17 @@ class acl extends plugin /* Objects */ $tmp= get_global('plist'); $plist= $tmp->info; + if (isset($this->parent)){ + $oc= array(); + foreach ($this->parent->by_object as $key => $obj){ + $oc= array_merge($oc, $obj->objectclasses); + } + if (in_array_ics('organizationalUnit', $oc)){ + $this->isContainer= TRUE; + } + } else { + $oc= $this->attrs['objectClass']; + } foreach ($plist as $class => $acls){ if (isset($acls['plDescription'])){ /* Only feed categories */ @@ -108,7 +106,7 @@ class acl extends plugin } /* Additionally filter the classes we're interested in in "self edit" mode */ - if (in_array_ics($acls['plDepends']['objectClass'], $this->attrs['objectClass'])){ + if (in_array_ics($acls['plDepends']['objectClass'], $oc)){ $this->myAclObjects[$class]= $acls['plDescription']; } } @@ -125,6 +123,24 @@ class acl extends plugin $this->ocMapping[$class][]= $oc; } } + + /* Fill acl types */ + if ($this->isContainer){ + $this->aclTypes= array("reset" => _("Reset ACLs"), + "one" => _("One level"), + "base" => _("Current object"), + "sub" => _("Complete subtree"), + "psub" => _("Complete subtree (permanent)"), + "role" => _("Use ACL defined in role")); + } else { + $this->aclTypes= array("base" => _("Current object"), + "role" => _("Use ACL defined in role")); + } + asort($this->aclTypes); + $this->targets= array("user" => _("Users"), "group" => _("Groups")); + asort($this->targets); + + /* Finally - we want to get saved... */ $this->is_account= TRUE; } @@ -405,7 +421,7 @@ class acl extends plugin /* Show main page */ $smarty->assign("dialogState", $this->dialogState); - return ($smarty->fetch (get_template_path('contents.tpl', TRUE, get_base_dir().'/plugins/admin/acl'))); + return ($smarty->fetch (get_template_path('acl.tpl'))); } @@ -517,7 +533,7 @@ class acl extends plugin { list($index, $type)= split(':', $acl); $a= array( $index => array("type" => $type, - "members" => $this->extractMembers($acl))); + "members" => acl::extractMembers($acl))); /* Handle different types */ switch ($type){ @@ -526,7 +542,7 @@ class acl extends plugin case 'sub': case 'one': case 'base': - $a[$index]['acl']= $this->extractACL($acl); + $a[$index]['acl']= acl::extractACL($acl); break; case 'role': @@ -547,6 +563,7 @@ class acl extends plugin function extractMembers($acl) { + global $config; $a= array(); /* Rip acl off the string, seperate by ',' and place it in an array */ @@ -557,7 +574,7 @@ class acl extends plugin $ma= split(',', $ms); /* Decode dn's, fill with informations from LDAP */ - $ldap= $this->config->get_ldap_link(); + $ldap= $config->get_ldap_link(); foreach ($ma as $memberdn){ $dn= base64_decode($memberdn); $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid')); @@ -748,7 +765,7 @@ class acl extends plugin } /* Do LDAP modifications */ - $ldap= $this->config->get_ldap_link(); + $ldap= $config->get_ldap_link(); $ldap->cd($this->dn); $this->cleanup(); $ldap->modify ($this->attrs); diff --git a/include/class_tabs.inc b/include/class_tabs.inc index a4ef265c7..fc1af5227 100644 --- a/include/class_tabs.inc +++ b/include/class_tabs.inc @@ -140,9 +140,9 @@ class tabs $display.= ""; /* Shorten string if its too long for the tab headers*/ - $title= _($name); - if (mb_strlen($title, 'UTF-8') > 14){ - $title= mb_substr($title,0, 12, 'UTF-8')."..."; + $title= ''._($name).''; + if (mb_strlen($title, 'UTF-8') > 28){ + $title= mb_substr($title,0, 25, 'UTF-8')."..."; } if ($_SESSION['js']==FALSE){ @@ -292,7 +292,7 @@ class tabs function addSpecialTabs() { $this->by_name['acl']= _("ACL"); - $this->by_object['acl']= new acl($this->config, $this->dn); + $this->by_object['acl']= new acl($this->config, $this, $this->dn); $this->by_object['acl']->parent= &$this; $this->by_name['reference']= _("References"); $this->by_object['reference']= new reference($this->config, $this->dn); diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc index 77003f9e7..af3103c0c 100644 --- a/include/class_userinfo.inc +++ b/include/class_userinfo.inc @@ -24,11 +24,14 @@ class userinfo var $ip; var $username; var $cn; + var $uid; var $gidNumber= -1; var $language= ""; var $config; var $gosaUnitTag= ""; var $subtreeACL= array(); + var $ACL= array(); + var $groups= array(); /* get acl's an put them into the userinfo object attr subtreeACL (userdn:components, userdn:component1#sub1#sub2,component2,...) */ @@ -57,6 +60,7 @@ class userinfo } $this->dn= $userdn; + $this->uid= $attrs['uid'][0]; $this->ip= $_SERVER['REMOTE_ADDR']; } @@ -84,6 +88,49 @@ class userinfo $this->subtreeACL[$base][]= $attrs["gosaSubtreeACL"][$i]; } } + +# echo "NEW ACL LOADING --------------------------------------------------------------------------------------------
"; + $this->ACL= array(); + $this->groups= array(); + $ldap= $this->config->get_ldap_link(); + $ldap->cd($this->config->current['BASE']); + + /* Get member groups... */ + $ldap->search("(&(objectClass=posixGroup)(memberUid=".$this->uid."))", array('dn')); + while ($attrs= $ldap->fetch()){ + $this->groups[$attrs['dn']]= $attrs['dn']; + } + + /* Crawl through ACLs and move relevant to the tree */ + $ldap->search("(objectClass=gosaACL)", array('dn', 'gosaAclEntry')); + $aclp= array(); + $aclc= array(); + while ($attrs= $ldap->fetch()){ + + /* Insert links in ACL array */ + $tree= split(',', $attrs['dn']); + $tree= array_reverse($tree); + + $interresting= FALSE; + $t= acl::explodeAcl($attrs['gosaAclEntry'][0]); +# print_a($t); + + /* We're interested in ACLs apply for *all* users... */ + + /* ... for groups we're member in... */ + + /* and for our DN as member. */ + + + $aclp[$attrs['dn']]= substr_count($attrs['dn'], ','); + $aclc[$attrs['dn']]= $attrs['gosaAclEntry']; + + } + + /* ACL's read, sort for tree depth */ + asort($aclp); + +#print_a($aclp); } } diff --git a/include/functions.inc b/include/functions.inc index 2ac55c8a4..a4e7b952b 100644 --- a/include/functions.inc +++ b/include/functions.inc @@ -36,12 +36,13 @@ $svn_revision = '$Revision$'; /* Include required files */ require_once ("class_ldap.inc"); require_once ("class_config.inc"); -require_once ("class_userinfo.inc"); require_once ("class_plugin.inc"); +require_once ("class_acl.inc"); +require_once ("class_userinfo.inc"); require_once ("class_pluglist.inc"); require_once ("class_tabs.inc"); require_once ("class_mail-methods.inc"); -require_once("class_password-methods.inc"); +require_once ("class_password-methods.inc"); require_once ("functions_debug.inc"); require_once ("functions_dns.inc"); require_once ("class_MultiSelectWindow.inc"); @@ -367,7 +368,6 @@ function ldap_login_user ($username, $password) function ldap_expired_account($config, $userdn, $username) { - //$this->config= $config; $ldap= $config->get_ldap_link(); $ldap->cat($userdn); $attrs= $ldap->fetch(); @@ -727,9 +727,11 @@ function getMenuCache() } } + function get_permissions ($dn, $subtreeACL) { global $config; +echo "get_permissions() - to be removed
"; $base= $config->current['BASE']; $tmp= "d,".$dn; @@ -765,6 +767,7 @@ function get_permissions ($dn, $subtreeACL) function get_module_permission($acl_array, $module, $dn) { global $ui; +echo "get_module_permissions() - to be removed
"; $final= ""; foreach($acl_array as $acl){ @@ -923,6 +926,7 @@ function get_base_from_people($dn) function chkacl($acl, $name) { + echo "chkacl - to be removed
"; /* Look for attribute in ACL */ if (preg_match("/#$name#/", $acl) || $acl == "#all#"){ return (""); diff --git a/plugins/admin/departments/class_departmentGeneric.inc b/plugins/admin/departments/class_departmentGeneric.inc index 35923c401..9206228a0 100644 --- a/plugins/admin/departments/class_departmentGeneric.inc +++ b/plugins/admin/departments/class_departmentGeneric.inc @@ -341,7 +341,7 @@ class department extends plugin /* Optionally execute a command after we're done */ $this->postcreate(); - return(true); + return(false); } -- 2.30.2