An error occurred while loading the file. Please try again.
-
Côme Chilliet authoredThis replaces save_object and execute methods by 3 methods: readPost - Reads POST data update - Update object state render - Render HTML UI The point is to avoid reading POST and rendering HTML when this is not needed (when doing stuff through the webservice for instance). It’s also more consisent across FD with all classes handling some kind of dialog implementing the new interface FusionDirectoryDialog which makes sure these 3 methods are implemented. issue #6072
Unverified94eaa6ba
<?php/* This code is part of FusionDirectory (http://www.fusiondirectory.org/) Copyright (C) 2003-2010 Cajus Pollmeier Copyright (C) 2011-2020 FusionDirectory This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.*//*! * \file class_acl.inc * Source code for Class ACL *//*! * \brief This class contains all the function needed to manage acl */class acl{ static function plInfo () { return [ 'plShortName' => _('ACL'), 'plDescription' => _('Manage access control lists'), 'plCategory' => [ 'acl' => [ 'description' => _('ACL').' & '._('ACL roles'), 'objectClass' => ['gosaAcl','gosaRole'] ] ], 'plObjectType' => [], 'plProvidedAcls' => [] ]; } /*! * \brief Explode a role * * \param string $role ACL role to be exploded */ static function explodeRole ($role) { if (!is_array($role)) { $role = [$role]; } unset($role['count']); $result = []; foreach ($role as $aclTemplate) { $list = explode(':', $aclTemplate, 2); $result[$list[0]] = static::extractACL($list[1]); } ksort($result); return $result; } /*! * \brief Explode an acl7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
*
* \param string $acl ACL to be exploded
*/
static function explodeACL ($acl)
{
$list = explode(':', $acl);
if (count($list) == 6) {
list($index, $type, $role, $members, $userfilter, $targetfilter) = $list;
$userfilter = base64_decode($userfilter);
$targetfilter = base64_decode($targetfilter);
} elseif (count($list) == 5) {
list($index, $type, $role, $members, $userfilter) = $list;
$userfilter = base64_decode($userfilter);
$targetfilter = '';
} else {
list($index, $type, $role, $members) = $list;
$userfilter = '';
$targetfilter = '';
}
$a = [
$index => [
'type' => $type,
'userfilter' => $userfilter,
'targetfilter' => $targetfilter,
'members' => acl::extractMembers($members),
'acl' => base64_decode($role),
]
];
/* Handle unknown types */
if (!in_array($type, ['subtree', 'base'])) {
$error = new FusionDirectoryError(
nl2br(htmlescape(sprintf(
_("Unkown ACL type \"%s\"!\nYou might need to run \"fusiondirectory-setup --migrate-acls\" to migrate your acls to the new format."),
$type
)))
);
$error->display();
$a = [];
}
return $a;
}
/*!
* \brief Extract members of an acl
*
* \param $ms The members part of the ACL
*
* \return an array with members
*/
static function extractMembers (string $ms)
{
global $config;
$a = [];
/* Seperate by ',' and place it in an array */
$ma = explode(',', $ms);
/* Decode dn's, fill with informations from LDAP */
$ldap = $config->get_ldap_link();
foreach ($ma as $memberdn) {
// Check for wildcard here
$dn = base64_decode($memberdn);
if ($dn != '*') {
if (empty($dn)) {
trigger_error('Empty dn found in members of ACL');
continue;
}
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
$ldap->cat($dn, ['cn', 'objectClass', 'description', 'uid']);
/* Found entry... */
if ($ldap->count()) {
$attrs = $ldap->fetch();
if (in_array_ics('inetOrgPerson', $attrs['objectClass'])) {
$a['U:'.$dn] = $attrs['cn'][0].' ['.$attrs['uid'][0].']';
} elseif (in_array_ics('organizationalRole', $attrs['objectClass'])) {
$a['R:'.$dn] = $attrs['cn'][0];
if (isset($attrs['description'][0])) {
$a['R:'.$dn] .= ' ['.$attrs['description'][0].']';
}
} else {
$a['G:'.$dn] = $attrs['cn'][0];
if (isset($attrs['description'][0])) {
$a['G:'.$dn] .= ' ['.$attrs['description'][0].']';
}
}
/* ... or not */
} else {
$a['U:'.$dn] = sprintf(_("Unknown entry '%s'!"), $dn);
}
} else {
$a['G:*'] = sprintf(_("All users"));
}
}
return $a;
}
/*!
* \brief Extract an acl
*
* \param string $acl The acl to be extracted
*/
static function extractACL (string $acl)
{
/* Rip acl off the string, seperate by ',' and place it in an array */
$as = preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
$aa = explode(',', $as);
$a = [];
/* Dis-assemble single ACLs */
foreach ($aa as $sacl) {
/* Dis-assemble field ACLs */
$ao = explode('#', $sacl);
$gobject = "";
foreach ($ao as $idx => $ssacl) {
/* First is department with global acl */
$object = preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
$gacl = preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
if ($idx == 0) {
/* Create hash for this object */
$gobject = $object;
$a[$gobject] = [];
/* Append ACL if set */
if ($gacl != "") {
$a[$gobject] = [new ACLPermissions($gacl)];
}
} else {
/* All other entries get appended... */
list($field, $facl) = explode(';', $ssacl);
$a[$gobject][$field] = new ACLPermissions($facl);
}
}
}
211212213214
return $a;
}
}