Commit 8c188424 authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes: #1922 Improved and fixed foreignKey handling for ACLs

parent 9ceab0aa
......@@ -113,7 +113,7 @@ sub ask_user_input {
my ($ldap,$base,$prefix) = @_;
my ($cn,$dn,$mesg);
do {
$cn = $prefix.'_'.$indice;
$cn = $prefix.'-'.$indice;
$dn = "cn=$cn,$rolesou,$base";
$indice++;
$mesg = $ldap->search(
......@@ -1122,7 +1122,7 @@ sub migrate_acls {
next ACL;
}
} else {
my $cn = find_free_role_dn($ldap,$base,'migrated_acl');
my $cn = find_free_role_dn($ldap,$base,'migrated-acl');
$role_dn = create_role($ldap,$base,$cn,$part2);
$members = $part1;
if ($scope =~ m/sub$/) {
......
......@@ -1313,6 +1313,9 @@ class config {
if (isset($plInfo['plManages'])) {
foreach ($plInfo['plManages'] as $type) {
$obj = strtoupper($type);
if (!isset($this->data['OBJECTS'][$obj])) {
continue;
}
$cat = $this->data['OBJECTS'][$obj]['aclCategory'];
$acl[] = $cat;
......@@ -1366,7 +1369,7 @@ class config {
foreach ($this->data['CATEGORIES'] as $name => &$infos) {
$infos['classes'] = array_unique($infos['classes']);
if (!isset($infos['description'])) {
trigger_error("ACL category '$name' has no definition");
trigger_error("ACL category '$name' for classes ".join(',',$infos['classes'])." has no definition");
$infos['description'] = $name;
$infos['objectClass'] = array();
}
......
......@@ -192,7 +192,11 @@ class objects
$ldap = $config->get_ldap_link();
$ldap->cat($dn, array($infos['mainAttr']));
if ($attrs = $ldap->fetch()) {
$text = $attrs[$infos['mainAttr']][0];
if (isset($attrs[$infos['mainAttr']][0])) {
$text = $attrs[$infos['mainAttr']][0];
} else {
$text = $dn;
}
} else {
throw new Exception('Dn '.$dn.' not found in LDAP');
}
......@@ -200,8 +204,8 @@ class objects
$text = $text[$infos['mainAttr']][0];
}
if ($icon) {
$text = '<img alt="'.$infos['name'].' '.$dn.'" src="'.$infos['icon'].'" class="center"/>'.$text;
if ($icon && isset($infos['icon'])) {
$text = '<img alt="'.$infos['name'].'" title="'.$dn.'" src="'.$infos['icon'].'" class="center"/>&nbsp;'.$text;
}
return '<a href="'.$href.'">'.$text.'</a>';
......
......@@ -554,6 +554,11 @@ class plugin
} else {
return array(join($str));
}
case 'b': // base64
if (isset($args[0]) && ($args[0] == 'd')) {
return array(base64_decode($str));
}
return array(base64_encode($str));
case 'u': // uppercase
return array(mb_strtoupper($str, 'UTF-8'));
case 'l': // lowercase
......
......@@ -96,30 +96,40 @@ class pluglist {
$depends_infos[] = $cname;
}
if (isset($infos['plForeignKeys'])) {
foreach ($infos['plForeignKeys'] as $ofield => $pfk) {
$filter = NULL;
if (!is_array($pfk)) {
$class = $pfk;
$field = 'dn';
} else {
foreach ($infos['plForeignKeys'] as $ofield => &$pfks) {
if (!is_array($pfks)) {
$pfks = array($pfks);
}
if (!is_array($pfks[0])) {
$pfks = array($pfks);
}
foreach ($pfks as &$pfk) {
$class = $pfk[0];
$field = $pfk[1];
if (isset($pfk[1])) {
$field = $pfk[1];
} else {
$field = 'dn';
$pfk[1] = $field;
}
$filter = NULL;
if (isset($pfk[2])) {
$filter = $pfk[2];
}
if ($filter === NULL) {
$filter = "$ofield=%oldvalue%";
}
$pfk[2] = $filter;
if (!isset($foreign_refs[$class])) {
$foreign_refs[$class] = array();
}
if (!isset($foreign_refs[$class][$field])) {
$foreign_refs[$class][$field] = array();
}
$foreign_refs[$class][$field][] = array($cname, $ofield, $filter);
}
if ($filter === NULL) {
$filter = "$ofield=%oldvalue%";
}
$infos['plForeignKeys'][$ofield] = array($class, $field, $filter);
if (!isset($foreign_refs[$class])) {
$foreign_refs[$class] = array();
}
if (!isset($foreign_refs[$class][$field])) {
$foreign_refs[$class][$field] = array();
}
$foreign_refs[$class][$field][] = array($cname, $ofield, $filter);
unset($pfk);
}
unset($pfks);
} else {
$infos['plForeignKeys'] = array();
}
......
......@@ -52,8 +52,7 @@ class aclAssignmentDialogWindow extends simplePlugin
),
new BooleanAttribute(
_('For all users'), _('Apply this ACL for all LDAP users'),
'allUsers', FALSE,
FALSE
'allUsers', FALSE
),
new UsersGroupsAttribute(
_('Members'), _('Users or groups to assign this role to.'),
......@@ -82,6 +81,9 @@ class aclAssignmentDialogWindow extends simplePlugin
$this->aclMode = $value['scope'];
$this->aclRole = $value['role'];
$this->aclMembers = $value['members'];
if ($value['members'][0] == '*') {
$this->allUsers = TRUE;
}
}
}
......@@ -108,8 +110,9 @@ class aclAssignmentDialogWindow extends simplePlugin
'members' => $this->aclMembers,
);
if ($this->allUsers) {
$entry['members'] = '*';
$entry['members'] = array('*');
}
return $entry;
}
}
......@@ -136,6 +139,7 @@ class ACLsAssignmentDialog extends GenericDialog
function handle_finish ()
{
$this->dialog->save_object();
$this->attribute->addValue($this->dialog->getAclEntry());
return FALSE;
}
......@@ -176,6 +180,31 @@ class ACLsAssignmentAttribute extends DialogOrderedArrayAttribute
{
return $key.':'.$value['scope'].':'.base64_encode($value['role']).':'.join(',', array_map('base64_encode', $value['members']));
}
function foreignKeyUpdate($oldvalue, $newvalue, $source)
{
foreach ($this->value as $key => &$value) {
list ($key,$acl) = $this->readValue($value);
if (($source[0] == 'role') && ($acl['role'] == $oldvalue)) {
if ($newvalue === NULL) {
unset($this->value[$key]);
} else {
$acl['role'] = $newvalue;
$value = $this->writeValue($key,$acl);
}
} elseif (($source[0] == 'user' || $source[0] == 'group') && (($member_key = array_search($oldvalue, $acl['members'])) !== FALSE)) {
if ($newvalue === NULL) {
unset($acl['members'][$member_key]);
} else {
$acl['members'][$member_key] = $newvalue;
}
$value = $this->writeValue($key,$acl);
} else {
trigger_error('unknown source '.$source[0]);
}
}
unset($value);
}
}
class aclAssignment extends simplePlugin
......@@ -199,6 +228,13 @@ class aclAssignment extends simplePlugin
'name' => 'special'
),
),
'plForeignKeys' => array(
'gosaAclEntry' => array(
array('aclRole', 'dn', 'gosaAclEntry=*:*:%b|oldvalue%:*'),
array('user', 'dn', 'gosaAclEntry=*:*:*:*%b|oldvalue%*'),
array('group', 'dn', 'gosaAclEntry=*:*:*:*%b|oldvalue%*'),
)
),
'plProvidedAcls' => parent::generatePlProvidedAcls(self::getAttributesInfo())
);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment