Added functionality to do strict filtering for administrative units

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@3444 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/FAQ b/FAQ
index 690b07478c22793d22a66b3086bccaf3953773e4..402938da687b27aaef86a436e3658f78b946aafe 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -296,3 +296,7 @@ A: No need to modify anything. Just add a hook the the plugin you'd like to
    to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due
    to technical reasons.
    
+
+Q: Is there a way to use ACL independet filtering when using administrative units?
+
+A: Yes. Set STRICT_UNITS to TRUE in your gosa.conf's main section.

diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index 5ac469a8434828c5e447cc63276c437259928507..77003f9e706d8bfeb1571e87f51aba54d3808492 100644 (file)
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -27,6 +27,7 @@ class userinfo
   var $gidNumber= -1;
   var $language= "";
   var $config;
+  var $gosaUnitTag= "";
   var $subtreeACL= array();
 
   /* get acl's an put them into the userinfo object
@@ -34,7 +35,7 @@ class userinfo
   function userinfo($config, $userdn){
     $this->config= $config;
     $ldap= $this->config->get_ldap_link();
-    $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage'));
+    $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag'));
     $attrs= $ldap->fetch();
 
     if (isset($attrs['givenName'][0]) && isset($attrs['sn'][0])){
@@ -51,6 +52,10 @@ class userinfo
       $this->language= $attrs['preferredLanguage'][0];
     }
 
+    if (isset($attrs['gosaUnitTag'][0])){
+      $this->gosaUnitTag= $attrs['gosaUnitTag'][0];
+    }
+
     $this->dn= $userdn;
     $this->ip= $_SERVER['REMOTE_ADDR'];
   }

diff --git a/include/functions.inc b/include/functions.inc
index c9c50058124e47f6ea7917fbe03e0f95fe42b47c..0cb50d54baef4386113ee88aef4807ff8d92f4bb 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -492,7 +492,7 @@ function get_lock ($object)
 
 function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
 {
-  global $config;
+  global $config, $ui;
 
   /* Get LDAP link */
   $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
@@ -504,6 +504,12 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
     $ldap->cd ($base);
   }
 
+  /* Strict filter for administrative units? */
+  if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
+      preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
+    $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)";
+  }
+
   /* Perform ONE or SUB scope searches? */
   if ($flags & GL_SUBSEARCH) {
     $ldap->search ($filter, $attributes);