Skip to content
GitLab
Unverified Commit 7cf8e8bb authored by Côme Chilliet's avatar Côme Chilliet
Browse files

:ambulance: fix(userinfo) Small code fixes 

issue #5531
parent 954351c7
dev 6342-update-the-locales-for-1-5 6344-template-issue-when-creating-a-template-with-empty-password-error-message-should-not-be-seen 6365-core-locking-mechanism-is-not-changing-the-mail-ressource-it-does-lock-the-mail-account 6365-core-when-lock-mechanism-is-trigger-the-user-should-not-be-editable-if-not-unlock 6378-orcid-test-method-is-wrong-and-break-orcid-saving core-php8 master fusiondirectory-1.5 fusiondirectory-1.4
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 20 additions and 15 deletions
+20 -15
include/class_userinfo.inc
+ 20
15
View file @ 7cf8e8bb
...@@ -163,7 +163,6 @@ class userinfo ...@@ -163,7 +163,6 @@ class userinfo
/* Insert links in ACL array */ /* Insert links in ACL array */
$aclp[$attrs['dn']] = substr_count($attrs['dn'], ','); $aclp[$attrs['dn']] = substr_count($attrs['dn'], ',');
$aclc[$attrs['dn']] = [];
$ol = []; $ol = [];
for ($i = 0; $i < $attrs['gosaAclEntry']['count']; $i++) { for ($i = 0; $i < $attrs['gosaAclEntry']['count']; $i++) {
$ol = array_merge($ol, acl::explodeAcl($attrs['gosaAclEntry'][$i])); $ol = array_merge($ol, acl::explodeAcl($attrs['gosaAclEntry'][$i]));
...@@ -171,6 +170,7 @@ class userinfo ...@@ -171,6 +170,7 @@ class userinfo
$aclc[$attrs['dn']] = $ol; $aclc[$attrs['dn']] = $ol;
} }
/* Resolve roles here */ /* Resolve roles here */
foreach ($aclc as $dn => $data) { foreach ($aclc as $dn => $data) {
foreach ($data as $prio => $aclc_value) { foreach ($data as $prio => $aclc_value) {
...@@ -200,37 +200,39 @@ class userinfo ...@@ -200,37 +200,39 @@ class userinfo
foreach ($aclp as $dn => $acl) { foreach ($aclp as $dn => $acl) {
/* Check if we need to keep this ACL */ /* Check if we need to keep this ACL */
foreach ($aclc[$dn] as $idx => $type) { foreach ($aclc[$dn] as $idx => $type) {
$interresting = FALSE; $interesting = FALSE;
/* No members? This ACL rule is deactivated ... */ /* No members? This ACL rule is deactivated ... */
if (!count($type['members'])) { if (count($type['members'])) {
$interresting = FALSE;
} else {
/* Inspect members... */ /* Inspect members... */
foreach (array_keys($type['members']) as $grp) { foreach (array_keys($type['members']) as $grp) {
/* Some group inside the members that is relevant for us? */ /* Some group inside the members that is relevant for us? */
if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)) { if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)) {
$interresting = TRUE; $interesting = TRUE;
break;
} }
/* Some role inside the members that is relevant for us? */ /* Some role inside the members that is relevant for us? */
if (in_array_ics(preg_replace('/^R:/', '', $grp), $this->roles)) { if (in_array_ics(preg_replace('/^R:/', '', $grp), $this->roles)) {
$interresting = TRUE; $interesting = TRUE;
break;
} }
/* User inside the members? */ /* User inside the members? */
if (mb_strtoupper(preg_replace('/^U:/', '', $grp)) == mb_strtoupper($this->dn)) { if (mb_strtoupper(preg_replace('/^U:/', '', $grp)) == mb_strtoupper($this->dn)) {
$interresting = TRUE; $interesting = TRUE;
break;
} }
/* Wildcard? */ /* Wildcard? */
if (preg_match('/^G:\*/', $grp)) { if (preg_match('/^G:\*/', $grp)) {
$interresting = TRUE; $interesting = TRUE;
break;
} }
} }
} }
if ($interresting) { if ($interesting) {
if (!isset($this->ACL[$dn])) { if (!isset($this->ACL[$dn])) {
$this->ACL[$dn] = []; $this->ACL[$dn] = [];
} }
...@@ -250,8 +252,8 @@ class userinfo ...@@ -250,8 +252,8 @@ class userinfo
. ['ou=base'] = array(ACLs); . ['ou=base'] = array(ACLs);
For object located in 'ou=dep1,ou=base' we have to both ACLs, For objects located in 'ou=dep1,ou=base' we have to apply both ACLs,
for objects in 'ou=base' we only have to apply on ACL. for objects in 'ou=base' we only have to apply one ACL.
*/ */
$without_self_acl = $all_acl = []; $without_self_acl = $all_acl = [];
foreach ($this->ACL as $dn => $acl) { foreach ($this->ACL as $dn => $acl) {
...@@ -262,8 +264,8 @@ class userinfo ...@@ -262,8 +264,8 @@ class userinfo
$without_self_acl[$sdn][$dn] = $this->ACL[$dn]; $without_self_acl[$sdn][$dn] = $this->ACL[$dn];
foreach ($without_self_acl[$sdn][$dn] as $acl_id => $acl_set) { foreach ($without_self_acl[$sdn][$dn] as $acl_id => $acl_set) {
/* Remember which ACL set has speicial user filter */ /* Remember which ACL set has special user filter */
if (isset($acl_set['filter']{1})) { if (!empty($acl_set['filter'])) {
$this->ACLperPath_usesFilter[$sdn] = TRUE; $this->ACLperPath_usesFilter[$sdn] = TRUE;
} }
...@@ -271,6 +273,9 @@ class userinfo ...@@ -271,6 +273,9 @@ class userinfo
foreach ($acl_set['acl'] as $object => $object_acls) { foreach ($acl_set['acl'] as $object => $object_acls) {
if (isset($object_acls[0]) && (strpos($object_acls[0], "s") !== FALSE)) { if (isset($object_acls[0]) && (strpos($object_acls[0], "s") !== FALSE)) {
unset($without_self_acl[$sdn][$dn][$acl_id]['acl'][$object]); unset($without_self_acl[$sdn][$dn][$acl_id]['acl'][$object]);
if (empty($without_self_acl[$sdn][$dn][$acl_id]['acl'])) {
unset($without_self_acl[$sdn][$dn][$acl_id]);
}
} }
} }
} }
...@@ -544,7 +549,7 @@ class userinfo ...@@ -544,7 +549,7 @@ class userinfo
} }
/* With user filter */ /* With user filter */
if (isset($subacl['filter']) && !empty($subacl['filter'])) { if (!empty($subacl['filter'])) {
$id = $dn."-".$subacl['filter']; $id = $dn."-".$subacl['filter'];
if (!isset($ACL_CACHE['FILTER'][$id])) { if (!isset($ACL_CACHE['FILTER'][$id])) {
$ACL_CACHE['FILTER'][$id] = $ldap->object_match_filter($dn, $subacl['filter']); $ACL_CACHE['FILTER'][$id] = $ldap->object_match_filter($dn, $subacl['filter']);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment