diff --git a/include/password-methods/class_password-methods.inc b/include/password-methods/class_password-methods.inc
index b8d11ebe8963449642691c52bf059fc00b30016a..2af280ce42152ea21614887e75234da58ce87fb7 100644
--- a/include/password-methods/class_password-methods.inc
+++ b/include/password-methods/class_password-methods.inc
@@ -246,15 +246,6 @@ class passwordMethod
return "";
}
-
- /*!
- * \brief Method to let password backends remove additional information besides
- * the userPassword attribute
- */
- function remove_from_parent()
- {
- }
-
/*!
* \brief Method to check if a password matches a hash
*/
diff --git a/include/simpleplugin/class_multiPlugin.inc b/include/simpleplugin/class_multiPlugin.inc
index eda8457c8f9e33889f818a86134e1f4216963de0..23727954cef700101508b896e578adcf73f0a82d 100644
--- a/include/simpleplugin/class_multiPlugin.inc
+++ b/include/simpleplugin/class_multiPlugin.inc
@@ -163,7 +163,7 @@ class multiPlugin extends simplePlugin
if ($plug->is_account || $plug->ignore_account) {
$result = $plug->save();
} else {
- $result = $plug->remove_from_parent();
+ $result = $plug->remove(FALSE);
}
if (!empty($result)) {
$errors = array_merge($errors, $result);
@@ -173,13 +173,13 @@ class multiPlugin extends simplePlugin
return $errors;
}
- function remove_from_parent()
+ function remove($fulldelete = FALSE)
{
$errors = array();
/* Remove objects */
foreach ($this->plugin as &$plug) {
$plug->dn = $this->dn;
- $result = $plug->remove_from_parent();
+ $result = $plug->remove($fulldelete);
if (!empty($result)) {
$errors = array_merge($errors, $result);
}
diff --git a/include/simpleplugin/class_simpleManagement.inc b/include/simpleplugin/class_simpleManagement.inc
index 9670bf57d75f44b3c81e2542ec844686d2aec454..2980c169c714dbed2aab94aaeec834ad4e374fef 100644
--- a/include/simpleplugin/class_simpleManagement.inc
+++ b/include/simpleplugin/class_simpleManagement.inc
@@ -1095,7 +1095,7 @@ class simpleManagement
// Remove the lock for the current object.
del_lock($this->dn);
} else {
- msg_dialog::display(_('Permission error'), msgPool::permDelete(), ERROR_DIALOG);
+ msg_dialog::display(_('Permission error'), msgPool::permDelete($dn), ERROR_DIALOG);
logging::log('security', 'simpleManagement/'.get_class($this), $dn, array(), 'Tried to trick deletion.');
}
}
diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index ca36da71a451a0fe2779e0bef6f0bac811aaa692..c61cb04c982d514b096760a2bd448f0860a103cf 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -962,11 +962,17 @@ class simplePlugin
/*! \brief This function removes the object from LDAP
*/
- function remove_from_parent()
+ function remove($fulldelete = FALSE)
{
- if (!$this->initially_was_account || !$this->acl_is_removeable()) {
+ if (!$this->initially_was_account) {
return array();
}
+
+ if (!$fulldelete && !$this->acl_is_removeable()) {
+ trigger_error('remove was called on a tab without enough ACL rights');
+ return array();
+ }
+
$this->prepare_remove();
if ($this->is_template && (!defined('_OLD_TEMPLATES_') || !_OLD_TEMPLATES_)) {
$this->attrs = $this->templateSaveAttrs();
diff --git a/include/simpleplugin/class_simpleTabs.inc b/include/simpleplugin/class_simpleTabs.inc
index fd42f6838747653c0dcb8498140e7d0f7c84d0b7..54f6246036c9ac650aadf5695cd75b2f4a6a8ee0 100644
--- a/include/simpleplugin/class_simpleTabs.inc
+++ b/include/simpleplugin/class_simpleTabs.inc
@@ -299,17 +299,24 @@ class simpleTabs
}
/*!
- * \brief Remove object from parent
+ * \brief Remove object from LDAP
*/
function delete()
{
- /* Delete for all plugins */
+ if (!$this->getBaseObject()->acl_is_removeable()) {
+ msg_dialog::display(_('Permission'), msgPool::permDelete($this->getBaseObject()->dn), ERROR_DIALOG);
+ return FALSE;
+ }
+
+ /* Delete all tabs in reverse order */
foreach (array_reverse($this->by_object) as $obj) {
- $errors = $obj->remove_from_parent();
+ $errors = $obj->remove(TRUE);
if (!empty($errors)) {
msg_dialog::displayChecks($errors);
+ return FALSE;
}
}
+ return TRUE;
}
/*!
@@ -408,11 +415,11 @@ class simpleTabs
if ($obj->is_account || $obj->ignore_account) {
$result = $obj->save();
} else {
- $result = $obj->remove_from_parent();
+ $result = $obj->remove(FALSE);
}
if (!empty($result)) {
if ($creation && $first) {
- /* If the fail of main tab fails for a creation, cancel the save of other tabs */
+ /* If the save of main tab fails for a creation, cancel the save of other tabs */
$this->dn = $old_dn;
$obj->dn = $this->dn;
return $result;
diff --git a/plugins/admin/acl/class_aclAssignment.inc b/plugins/admin/acl/class_aclAssignment.inc
index 04e799e2ddd6f9d9e48ac6fdf81d08c3b06666c7..19c59043b41bb47965a77e90ec8bc424ce5edad3 100644
--- a/plugins/admin/acl/class_aclAssignment.inc
+++ b/plugins/admin/acl/class_aclAssignment.inc
@@ -320,7 +320,7 @@ class aclAssignment extends simplePlugin
if ($this->is_account) {
return parent::save();
} else {
- return $this->remove_from_parent();
+ return $this->remove(FALSE);
}
}
diff --git a/plugins/admin/groups/tabs_ogroups.inc b/plugins/admin/groups/tabs_ogroups.inc
index 5e941e61485ef61f03567413145ed2bf899fd199..0b1c6e160a53e4d001581eac3b23c1e881a2a2e8 100644
--- a/plugins/admin/groups/tabs_ogroups.inc
+++ b/plugins/admin/groups/tabs_ogroups.inc
@@ -150,7 +150,7 @@ class ogrouptabs extends simpleTabs_noSpecial
@DEBUG (DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $key, "Removing");
$obj->dn = $this->dn;
- $errors = $obj->remove_from_parent();
+ $errors = $obj->remove(FALSE);
if (!empty($errors)) {
msg_dialog::displayChecks($errors);
}
diff --git a/plugins/personal/roles/class_userRoles.inc b/plugins/personal/roles/class_userRoles.inc
index 18d90b4661ececc62185b45c2975c6a8926a7077..ebf1a0448e8b5d54c4456913db0904102e920587 100644
--- a/plugins/personal/roles/class_userRoles.inc
+++ b/plugins/personal/roles/class_userRoles.inc
@@ -167,10 +167,10 @@ class userRoles extends simplePlugin
return FALSE;
}
- function remove_from_parent()
+ protected function ldap_remove()
{
if ($this->is_template) {
- parent::remove_from_parent();
+ return parent::ldap_remove();
} elseif (($this->dn != '') && ($this->dn != 'new')) {
/* Remove all groups */
foreach ($this->savedGroupsMembership as $ogroupdn) {
@@ -185,6 +185,7 @@ class userRoles extends simplePlugin
$r->save();
}
}
+ return array();
}
function save_object()