Skip to content
GitLab
Select Git revision
  • dev default
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_acl.inc 6.09 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2003-2010  Cajus Pollmeier
5 
  Copyright (C) 2011-2016  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
/*!
23 
 * \file class_acl.inc
24 
 * Source code for Class ACL
25 
 */
26
27 
/*!
28 
 * \brief This class contains all the function needed to manage acl
29 
 */
30 
class acl
31 
{
32 
  static function plInfo()
33 
  {
34 
    return array(
35 
      'plShortName'   => _('ACL'),
36 
      'plDescription' => _('Manage access control lists'),
37 
      'plCategory'    => array(
38 
        'acl' => array(
39 
          'description'  => _('ACL').'&nbsp;&amp;&nbsp;'._('ACL roles'),
40 
          'objectClass'  => array('gosaAcl','gosaRole')
41 
        )
42 
      ),
43 
      'plObjectType'  => array(),
44
45 
      'plProvidedAcls'  => array()
46 
    );
47 
  }
48
49 
  /*!
50 
   *  \brief Function sort an array by elements priority
51 
   *
52 
   *  \param Array $list Array to be sorted
53 
   */
54 
  static function sort_by_priority($list)
55 
  {
56 
    uksort($list,
57 
      function ($a, $b)
58 
      {
59 
        $infos_a = pluglist::pluginInfos(preg_replace('|^[^/]*/|', '', $a));
60 
        $infos_b = pluglist::pluginInfos(preg_replace('|^[^/]*/|', '', $b));
61 
        $pa = (isset($infos_a['plPriority'])?$infos_a['plPriority']:0);
62 
        $pb = (isset($infos_b['plPriority'])?$infos_b['plPriority']:0);
63 
        if ($pa == $pb) {
64 
          return 0;
65 
        }
66 
        return ($pa < $pb ? -1 : 1);
67 
      }
68 
    );
69
70 
    return $list;
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
} /*! * \brief Explode a role * * \param string $acl ACL to be exploded */ static function explodeRole($role) { if (!is_array($role)) { $role = array($role); } unset($role['count']); $result = array(); foreach ($role as $aclTemplate) { $list = explode(':', $aclTemplate, 2); $result[$list[0]] = static::extractACL($list[1]); } ksort($result); return $result; } /*! * \brief Explode an acl * * \param string $acl ACL to be exploded */ static function explodeACL($acl) { $list = explode(':', $acl); if (count($list) == 5) { list($index, $type,$role,$members,$filter) = $list; $filter = base64_decode($filter); } else { $filter = ""; list($index, $type,$role,$members) = $list; } $a = array( $index => array( 'type' => $type, 'filter' => $filter, 'members' => acl::extractMembers($members), 'acl' => base64_decode($role), )); /* Handle unknown types */ if (!in_array($type, array('subtree', 'base'))) { msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!\nYou might need to run \"fusiondirectory-setup --migrate-acls\" to migrate your acls to the new format."), $type), ERROR_DIALOG); $a = array(); } return $a; } /*! * \brief Extract members of an acl * * \param $acl The acl to be extracted members part * * \return an array with members */ static function extractMembers($ms) { global $config; $a = array(); /* Seperate by ',' and place it in an array */ $ma = explode(',', $ms); /* Decode dn's, fill with informations from LDAP */ $ldap = $config->get_ldap_link();
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
foreach ($ma as $memberdn) { // Check for wildcard here $dn = base64_decode($memberdn); if ($dn != '*') { if (empty($dn)) { trigger_error('Empty dn found in members of ACL'); continue; } $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid')); /* Found entry... */ if ($ldap->count()) { $attrs = $ldap->fetch(); if (in_array_ics('inetOrgPerson', $attrs['objectClass'])) { $a['U:'.$dn] = $attrs['cn'][0].' ['.$attrs['uid'][0].']'; } elseif (in_array_ics('organizationalRole', $attrs['objectClass'])) { $a['R:'.$dn] = $attrs['cn'][0]; if (isset($attrs['description'][0])) { $a['R:'.$dn] .= ' ['.$attrs['description'][0].']'; } } else { $a['G:'.$dn] = $attrs['cn'][0]; if (isset($attrs['description'][0])) { $a['G:'.$dn] .= ' ['.$attrs['description'][0].']'; } } /* ... or not */ } else { $a['U:'.$dn] = sprintf(_("Unknown entry '%s'!"), $dn); } } else { $a['G:*'] = sprintf(_("All users")); } } return $a; } /*! * \brief Extract an acl * * \param string $acl The acl to be extracted */ static function extractACL($acl) { /* Rip acl off the string, seperate by ',' and place it in an array */ $as = preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl); $aa = explode(',', $as); $a = array(); /* Dis-assemble single ACLs */ foreach ($aa as $sacl) { /* Dis-assemble field ACLs */ $ao = explode('#', $sacl); $gobject = ""; foreach ($ao as $idx => $ssacl) { /* First is department with global acl */ $object = preg_replace('/^([^;]+);.*$/', '\1', $ssacl); $gacl = preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl); if ($idx == 0) { /* Create hash for this object */ $gobject = $object; $a[$gobject] = array(); /* Append ACL if set */ if ($gacl != "") { $a[$gobject] = array($gacl);
211212213214215216217218219220221222223224225
} } else { /* All other entries get appended... */ list($field, $facl) = explode(';', $ssacl); $a[$gobject][$field] = $facl; } } } return $a; } } ?>