From 15acc8c8f0e5c0a7c177799fe328d86a1d8bcbab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Bernigaud?= <come.bernigaud@opensides.be>
Date: Thu, 28 May 2015 09:19:45 +0200
Subject: [PATCH] =?UTF-8?q?Fixes=20#3584=20Give=20ACL=C2=A0rights=20based?=
 =?UTF-8?q?=20on=20role?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 include/class_acl.inc      |  9 +++++++--
 include/class_userinfo.inc | 10 ++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/include/class_acl.inc b/include/class_acl.inc
index 77d7f9bdf..21c00d93f 100644
--- a/include/class_acl.inc
+++ b/include/class_acl.inc
@@ -199,11 +199,16 @@ class acl extends plugin
         if ($ldap->count()) {
           $attrs = $ldap->fetch();
           if (in_array_ics('gosaAccount', $attrs['objectClass'])) {
-            $a['U:'.$dn] = $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+            $a['U:'.$dn] = $attrs['cn'][0].' ['.$attrs['uid'][0].']';
+          } elseif (in_array_ics('organizationalRole', $attrs['objectClass'])) {
+            $a['R:'.$dn] = $attrs['cn'][0];
+            if (isset($attrs['description'][0])) {
+              $a['R:'.$dn] .= ' ['.$attrs['description'][0].']';
+            }
           } else {
             $a['G:'.$dn] = $attrs['cn'][0];
             if (isset($attrs['description'][0])) {
-              $a['G:'.$dn] .= " [".$attrs['description'][0]."]";
+              $a['G:'.$dn] .= ' ['.$attrs['description'][0].']';
             }
           }
           /* ... or not */
diff --git a/include/class_userinfo.inc b/include/class_userinfo.inc
index 31e25b6e2..76f4cf310 100644
--- a/include/class_userinfo.inc
+++ b/include/class_userinfo.inc
@@ -44,6 +44,7 @@ class userinfo
   var $subtreeACL   = array();
   var $ACL          = array();
   var $groups       = array();
+  var $roles        = array();
   var $result_cache = array();
   var $ignoreACL    = FALSE;
 
@@ -105,6 +106,7 @@ class userinfo
   {
     $this->ACL          = array();
     $this->groups       = array();
+    $this->roles        = array();
     $this->result_cache = array();
     $this->reset_acl_cache();
     $ldap = $this->config->get_ldap_link();
@@ -116,6 +118,9 @@ class userinfo
       $this->groups[$attrs['dn']] = $attrs['dn'];
     }
 
+    /* Get member roles... */
+    $this->roles = objects::ls('role', array('dn' => 'raw'), NULL, '(roleOccupant='.$this->dn.')');
+
     /* Crawl through ACLs and move relevant to the tree */
     $ldap->search("(objectClass=gosaACL)", array('dn', 'gosaAclEntry'));
     $aclp = array();
@@ -174,6 +179,11 @@ class userinfo
               $interresting = TRUE;
             }
 
+            /* Some role inside the members that is relevant for us? */
+            if (in_array_ics(@LDAP::convert(preg_replace('/^R:/', '', $grp)), $this->roles)) {
+              $interresting = TRUE;
+            }
+
             /* User inside the members? */
             if (mb_strtoupper(preg_replace('/^U:/', '', $grp)) == mb_strtoupper($this->dn)) {
               $interresting = TRUE;
-- 
GitLab