feat(acl) Add ACL userfilter feature to the interface

This was here since GOsa it seems. It allows to assign an ACL to all users and use a filter instead to select which ones actually get the rights issue #5531

feat(acl) Add ACL userfilter feature to the interface
This was here since GOsa it seems. It allows to assign an ACL to all users and use a filter instead to select which ones actually get the rights issue #5531
484cd56e · Côme Chilliet · 7cf8e8bb · 484cd56e
Unverified Commit 484cd56e authored 5 years ago by Côme Chilliet
Hide whitespace changes
Inline Side-by-side

Showing

with 25 additions and 9 deletions
+25 -9
--- a/plugins/admin/acl/class_aclAssignment.inc
+++ b/plugins/admin/acl/class_aclAssignment.inc
 <?php
 /*
  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
-  Copyright (C) 2013-2016  FusionDirectory
+  Copyright (C) 2013-2019  FusionDirectory
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@@ -55,7 +55,16 @@ class aclAssignmentDialogWindow extends simplePlugin
          new UsersGroupsRolesAttribute(
            _('Members'), _('Users or groups to assign this role to.'),
            'aclMembers', TRUE
-          )
+          ),
+        ]
+      ],
+      'advanced' => [
+        'name'  => _('Advanced'),
+        'attrs' => [
+          new StringAttribute(
+            _('Restrict users with filter'), _('LDAP filter which a member must match to actually get the rights'),
+            'aclUserFilter', FALSE
+          ),
        ]
      ],
    ];
@@ -89,6 +98,7 @@ class aclAssignmentDialogWindow extends simplePlugin
      if ($value['members'][0] == '*') {
        $this->allUsers = TRUE;
      }
+      $this->aclUserFilter = $value['userfilter'];
    }
  }
@@ -110,9 +120,10 @@ class aclAssignmentDialogWindow extends simplePlugin
  function getAclEntry ()
  {
    $entry = [
-      'scope'   => $this->aclMode,
+      'scope'       => $this->aclMode,
-      'role'    => $this->aclRole,
+      'role'        => $this->aclRole,
-      'members' => $this->aclMembers,
+      'members'     => $this->aclMembers,
+      'userfilter'  => $this->aclUserFilter,
    ];
    if ($this->allUsers) {
      $entry['members'] = ['*'];
@@ -197,15 +208,20 @@ class ACLsAssignmentAttribute extends DialogOrderedArrayAttribute
  {
    $acl = explode(':', $value);
    return [$acl[0], [
-      'scope'   => $acl[1],
+      'scope'       => $acl[1],
-      'role'    => base64_decode($acl[2]),
+      'role'        => base64_decode($acl[2]),
-      'members' => array_map('base64_decode', explode(',', $acl[3])),
+      'members'     => array_map('base64_decode', explode(',', $acl[3])),
+      'userfilter'  => (isset($acl[4]) ? base64_decode($acl[4]) : ''),
    ]];
  }
  function writeValue ($key, $value)
  {
-    return $key.':'.$value['scope'].':'.base64_encode($value['role']).':'.join(',', array_map('base64_encode', $value['members']));
+    return $key.
+            ':'.$value['scope'].
+            ':'.base64_encode($value['role']).
+            ':'.join(',', array_map('base64_encode', $value['members'])).
+            ':'.base64_encode($value['userfilter']);
  }
  function foreignKeyUpdate ($oldvalue, $newvalue, array $source)