Added functionality to do strict filtering for administrative units

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@3444 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/FAQ b/FAQ
index 690b07478c22793d22a66b3086bccaf3953773e4..402938da687b27aaef86a436e3658f78b946aafe 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -296,3 +296,7 @@ A: No need to modify anything. Just add a hook the the plugin you'd like to
    to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due
    to technical reasons.
    
    to STDOUT. Note, that the supplied ldif may NOT be the original target ldif due
    to technical reasons.
    

+
+Q: Is there a way to use ACL independet filtering when using administrative units?
+
+A: Yes. Set STRICT_UNITS to TRUE in your gosa.conf's main section.

diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index 5ac469a8434828c5e447cc63276c437259928507..77003f9e706d8bfeb1571e87f51aba54d3808492 100644 (file)
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -27,6 +27,7 @@ class userinfo
   var $gidNumber= -1;
   var $language= "";
   var $config;
   var $gidNumber= -1;
   var $language= "";
   var $config;

+  var $gosaUnitTag= "";

   var $subtreeACL= array();
 
   /* get acl's an put them into the userinfo object
   var $subtreeACL= array();
 
   /* get acl's an put them into the userinfo object


@@ -34,7 +35,7 @@ class userinfo
   function userinfo($config, $userdn){
     $this->config= $config;
     $ldap= $this->config->get_ldap_link();
   function userinfo($config, $userdn){
     $this->config= $config;
     $ldap= $this->config->get_ldap_link();

-    $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage'));
+    $ldap->cat($userdn,array('sn', 'givenName', 'uid', 'gidNumber', 'preferredLanguage', 'gosaUnitTag'));

     $attrs= $ldap->fetch();
 
     if (isset($attrs['givenName'][0]) && isset($attrs['sn'][0])){
     $attrs= $ldap->fetch();
 
     if (isset($attrs['givenName'][0]) && isset($attrs['sn'][0])){


@@ -51,6 +52,10 @@ class userinfo
       $this->language= $attrs['preferredLanguage'][0];
     }
 
       $this->language= $attrs['preferredLanguage'][0];
     }
 

+    if (isset($attrs['gosaUnitTag'][0])){
+      $this->gosaUnitTag= $attrs['gosaUnitTag'][0];
+    }
+

     $this->dn= $userdn;
     $this->ip= $_SERVER['REMOTE_ADDR'];
   }
     $this->dn= $userdn;
     $this->ip= $_SERVER['REMOTE_ADDR'];
   }

diff --git a/include/functions.inc b/include/functions.inc
index c9c50058124e47f6ea7917fbe03e0f95fe42b47c..0cb50d54baef4386113ee88aef4807ff8d92f4bb 100644 (file)
--- a/include/functions.inc
+++ b/include/functions.inc
@@ -492,7 +492,7 @@ function get_lock ($object)
 
 function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
 {
 
 function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags= GL_SUBSEARCH)
 {

-  global $config;
+  global $config, $ui;

 
   /* Get LDAP link */
   $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);
 
   /* Get LDAP link */
   $ldap= $config->get_ldap_link($flags & GL_SIZELIMIT);


@@ -504,6 +504,12 @@ function get_list($filter, $subtreeACL, $base= "", $attributes= array(), $flags=
     $ldap->cd ($base);
   }
 
     $ldap->cd ($base);
   }
 

+  /* Strict filter for administrative units? */
+  if ($ui->gosaUnitTag != "" && isset($config->current['STRICT_UNITS']) &&
+      preg_match('/TRUE/i', $config->current['STRICT_UNITS'])){
+    $filter= "(&(gosaUnitTag=".$ui->gosaUnitTag.")$filter)";
+  }
+

   /* Perform ONE or SUB scope searches? */
   if ($flags & GL_SUBSEARCH) {
     $ldap->search ($filter, $attributes);
   /* Perform ONE or SUB scope searches? */
   if ($flags & GL_SUBSEARCH) {
     $ldap->search ($filter, $attributes);