Skip to content
GitLab
Select Git revision
  • 6378-orcid-test-method-is-wrong-and-break-orcid-saving
  • dev default
  • core-php8
  • master
  • 6342-update-the-locales-for-1-5
  • 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen
  • 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account
  • 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock
  • fusiondirectory-1.5
  • fusiondirectory-1.4
  • fusiondirectory-1.3.1
  • fusiondirectory-1.3
  • fusiondirectory-1.2.3
  • fusiondirectory-1.2.2
  • fusiondirectory-1.2.1
  • fusiondirectory-1.2
  • fusiondirectory-1.1.1
  • fusiondirectory-1.1
  • fusiondirectory-1.0.20
  • fusiondirectory-1.0.19
  • fusiondirectory-1.0.18
  • fusiondirectory-1.0.17
  • fusiondirectory-1.0.16
  • fusiondirectory-1.0.15
  • fusiondirectory-1.0.14
  • fusiondirectory-1.0.13
  • fusiondirectory-1.0.12
  • fusiondirectory-1.0.11
Find file BlameHistoryPermalink
class_acl.inc 5.89 KiB
1 
<?php
2 
/*
3 
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4 
  Copyright (C) 2003-2010  Cajus Pollmeier
5 
  Copyright (C) 2011-2020  FusionDirectory
6
7 
  This program is free software; you can redistribute it and/or modify
8 
  it under the terms of the GNU General Public License as published by
9 
  the Free Software Foundation; either version 2 of the License, or
10 
  (at your option) any later version.
11
12 
  This program is distributed in the hope that it will be useful,
13 
  but WITHOUT ANY WARRANTY; without even the implied warranty of
14 
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15 
  GNU General Public License for more details.
16
17 
  You should have received a copy of the GNU General Public License
18 
  along with this program; if not, write to the Free Software
19 
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 
*/
21
22 
/*!
23 
 * \file class_acl.inc
24 
 * Source code for Class ACL
25 
 */
26
27 
/*!
28 
 * \brief This class contains all the function needed to manage acl
29 
 */
30 
class acl
31 
{
32 
  static function plInfo ()
33 
  {
34 
    return [
35 
      'plShortName'   => _('ACL'),
36 
      'plDescription' => _('Manage access control lists'),
37 
      'plCategory'    => [
38 
        'acl' => [
39 
          'description'  => _('ACL').'&nbsp;&amp;&nbsp;'._('ACL roles'),
40 
          'objectClass'  => ['gosaAcl','gosaRole']
41 
        ]
42 
      ],
43 
      'plObjectType'  => [],
44
45 
      'plProvidedAcls'  => []
46 
    ];
47 
  }
48
49 
  /*!
50 
   * \brief Explode a role
51 
   *
52 
   * \param string $role ACL role to be exploded
53 
   */
54 
  static function explodeRole ($role)
55 
  {
56 
    if (!is_array($role)) {
57 
      $role = [$role];
58 
    }
59 
    unset($role['count']);
60 
    $result = [];
61 
    foreach ($role as $aclTemplate) {
62 
      $list = explode(':', $aclTemplate, 2);
63 
      $result[$list[0]] = static::extractACL($list[1]);
64 
    }
65 
    ksort($result);
66 
    return $result;
67 
  }
68
69 
  /*!
70 
   * \brief Explode an acl
7172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140
* * \param string $acl ACL to be exploded */ static function explodeACL ($acl) { $list = explode(':', $acl); if (count($list) == 6) { list($index, $type, $role, $members, $userfilter, $targetfilter) = $list; $userfilter = base64_decode($userfilter); $targetfilter = base64_decode($targetfilter); } elseif (count($list) == 5) { list($index, $type, $role, $members, $userfilter) = $list; $userfilter = base64_decode($userfilter); $targetfilter = ''; } else { list($index, $type, $role, $members) = $list; $userfilter = ''; $targetfilter = ''; } $a = [ $index => [ 'type' => $type, 'userfilter' => $userfilter, 'targetfilter' => $targetfilter, 'members' => acl::extractMembers($members), 'acl' => base64_decode($role), ] ]; /* Handle unknown types */ if (!in_array($type, ['subtree', 'base'])) { $error = new FusionDirectoryError( nl2br(htmlescape(sprintf( _("Unkown ACL type \"%s\"!\nYou might need to run \"fusiondirectory-configuration-manager --migrate-acls\" to migrate your acls to the new format."), $type ))) ); $error->display(); $a = []; } return $a; } /*! * \brief Extract members of an acl * * \param $ms The members part of the ACL * * \return an array with members */ static function extractMembers (string $ms) { global $config; $a = []; /* Seperate by ',' and place it in an array */ $ma = explode(',', $ms); /* Decode dn's, fill with informations from LDAP */ $ldap = $config->get_ldap_link(); foreach ($ma as $memberdn) { // Check for wildcard here $dn = base64_decode($memberdn); if ($dn != '*') { if (empty($dn)) { trigger_error('Empty dn found in members of ACL'); continue; }
141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210
$ldap->cat($dn, ['cn', 'objectClass', 'description', 'uid']); /* Found entry... */ if ($ldap->count()) { $attrs = $ldap->fetch(); if (in_array_ics('inetOrgPerson', $attrs['objectClass'])) { $a['U:'.$dn] = $attrs['cn'][0].' ['.$attrs['uid'][0].']'; } elseif (in_array_ics('organizationalRole', $attrs['objectClass'])) { $a['R:'.$dn] = $attrs['cn'][0]; if (isset($attrs['description'][0])) { $a['R:'.$dn] .= ' ['.$attrs['description'][0].']'; } } else { $a['G:'.$dn] = $attrs['cn'][0]; if (isset($attrs['description'][0])) { $a['G:'.$dn] .= ' ['.$attrs['description'][0].']'; } } /* ... or not */ } else { $a['U:'.$dn] = sprintf(_("Unknown entry '%s'!"), $dn); } } else { $a['G:*'] = sprintf(_("All users")); } } return $a; } /*! * \brief Extract an acl * * \param string $acl The acl to be extracted */ static function extractACL (string $acl) { /* Rip acl off the string, seperate by ',' and place it in an array */ $as = preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl); $aa = explode(',', $as); $a = []; /* Dis-assemble single ACLs */ foreach ($aa as $sacl) { /* Dis-assemble field ACLs */ $ao = explode('#', $sacl); $gobject = ""; foreach ($ao as $idx => $ssacl) { /* First is department with global acl */ $object = preg_replace('/^([^;]+);.*$/', '\1', $ssacl); $gacl = preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl); if ($idx == 0) { /* Create hash for this object */ $gobject = $object; $a[$gobject] = []; /* Append ACL if set */ if ($gacl != "") { $a[$gobject] = [new ACLPermissions($gacl)]; } } else { /* All other entries get appended... */ list($field, $facl) = explode(';', $ssacl); $a[$gobject][$field] = new ACLPermissions($facl); } } }
211212213214
return $a; } }