Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
fusiondirectory
fusiondirectory
Commits
8c188424
Commit
8c188424
authored
Dec 05, 2013
by
Côme Bernigaud
Committed by
Benoit Mortier
Dec 05, 2013
Browse files
Fixes:
#1922
Improved and fixed foreignKey handling for ACLs
parent
9ceab0aa
Changes
6
Hide whitespace changes
Inline
Side-by-side
contrib/bin/fusiondirectory-setup
View file @
8c188424
...
...
@@ -113,7 +113,7 @@ sub ask_user_input {
my
(
$ldap
,
$base
,
$prefix
)
=
@_
;
my
(
$cn
,
$dn
,
$mesg
);
do
{
$cn
=
$prefix
.
'
_
'
.
$indice
;
$cn
=
$prefix
.
'
-
'
.
$indice
;
$dn
=
"
cn=
$cn
,
$rolesou
,
$base
";
$indice
++
;
$mesg
=
$ldap
->
search
(
...
...
@@ -1122,7 +1122,7 @@ sub migrate_acls {
next
ACL
;
}
}
else
{
my
$cn
=
find_free_role_dn
(
$ldap
,
$base
,'
migrated
_
acl
');
my
$cn
=
find_free_role_dn
(
$ldap
,
$base
,'
migrated
-
acl
');
$role_dn
=
create_role
(
$ldap
,
$base
,
$cn
,
$part2
);
$members
=
$part1
;
if
(
$scope
=~
m/sub$/
)
{
...
...
include/class_config.inc
View file @
8c188424
...
...
@@ -1313,6 +1313,9 @@ class config {
if
(
isset
(
$plInfo
[
'plManages'
]))
{
foreach
(
$plInfo
[
'plManages'
]
as
$type
)
{
$obj
=
strtoupper
(
$type
);
if
(
!
isset
(
$this
->
data
[
'OBJECTS'
][
$obj
]))
{
continue
;
}
$cat
=
$this
->
data
[
'OBJECTS'
][
$obj
][
'aclCategory'
];
$acl
[]
=
$cat
;
...
...
@@ -1366,7 +1369,7 @@ class config {
foreach
(
$this
->
data
[
'CATEGORIES'
]
as
$name
=>
&
$infos
)
{
$infos
[
'classes'
]
=
array_unique
(
$infos
[
'classes'
]);
if
(
!
isset
(
$infos
[
'description'
]))
{
trigger_error
(
"ACL category '
$name
' has no definition"
);
trigger_error
(
"ACL category '
$name
'
for classes "
.
join
(
','
,
$infos
[
'classes'
])
.
"
has no definition"
);
$infos
[
'description'
]
=
$name
;
$infos
[
'objectClass'
]
=
array
();
}
...
...
include/class_objects.inc
View file @
8c188424
...
...
@@ -192,7 +192,11 @@ class objects
$ldap
=
$config
->
get_ldap_link
();
$ldap
->
cat
(
$dn
,
array
(
$infos
[
'mainAttr'
]));
if
(
$attrs
=
$ldap
->
fetch
())
{
$text
=
$attrs
[
$infos
[
'mainAttr'
]][
0
];
if
(
isset
(
$attrs
[
$infos
[
'mainAttr'
]][
0
]))
{
$text
=
$attrs
[
$infos
[
'mainAttr'
]][
0
];
}
else
{
$text
=
$dn
;
}
}
else
{
throw
new
Exception
(
'Dn '
.
$dn
.
' not found in LDAP'
);
}
...
...
@@ -200,8 +204,8 @@ class objects
$text
=
$text
[
$infos
[
'mainAttr'
]][
0
];
}
if
(
$icon
)
{
$text
=
'<img alt="'
.
$infos
[
'name'
]
.
'
'
.
$dn
.
'" src="'
.
$infos
[
'icon'
]
.
'" class="center"/>'
.
$text
;
if
(
$icon
&&
isset
(
$infos
[
'icon'
])
)
{
$text
=
'<img alt="'
.
$infos
[
'name'
]
.
'
" title="
'
.
$dn
.
'" src="'
.
$infos
[
'icon'
]
.
'" class="center"/>
'
.
$text
;
}
return
'<a href="'
.
$href
.
'">'
.
$text
.
'</a>'
;
...
...
include/class_plugin.inc
View file @
8c188424
...
...
@@ -554,6 +554,11 @@ class plugin
}
else
{
return
array
(
join
(
$str
));
}
case
'b'
:
// base64
if
(
isset
(
$args
[
0
])
&&
(
$args
[
0
]
==
'd'
))
{
return
array
(
base64_decode
(
$str
));
}
return
array
(
base64_encode
(
$str
));
case
'u'
:
// uppercase
return
array
(
mb_strtoupper
(
$str
,
'UTF-8'
));
case
'l'
:
// lowercase
...
...
include/class_pluglist.inc
View file @
8c188424
...
...
@@ -96,30 +96,40 @@ class pluglist {
$depends_infos
[]
=
$cname
;
}
if
(
isset
(
$infos
[
'plForeignKeys'
]))
{
foreach
(
$infos
[
'plForeignKeys'
]
as
$ofield
=>
$pfk
)
{
$filter
=
NULL
;
if
(
!
is_array
(
$pfk
))
{
$class
=
$pfk
;
$field
=
'dn'
;
}
else
{
foreach
(
$infos
[
'plForeignKeys'
]
as
$ofield
=>
&
$pfks
)
{
if
(
!
is_array
(
$pfks
))
{
$pfks
=
array
(
$pfks
);
}
if
(
!
is_array
(
$pfks
[
0
]))
{
$pfks
=
array
(
$pfks
);
}
foreach
(
$pfks
as
&
$pfk
)
{
$class
=
$pfk
[
0
];
$field
=
$pfk
[
1
];
if
(
isset
(
$pfk
[
1
]))
{
$field
=
$pfk
[
1
];
}
else
{
$field
=
'dn'
;
$pfk
[
1
]
=
$field
;
}
$filter
=
NULL
;
if
(
isset
(
$pfk
[
2
]))
{
$filter
=
$pfk
[
2
];
}
if
(
$filter
===
NULL
)
{
$filter
=
"
$ofield
=%oldvalue%"
;
}
$pfk
[
2
]
=
$filter
;
if
(
!
isset
(
$foreign_refs
[
$class
]))
{
$foreign_refs
[
$class
]
=
array
();
}
if
(
!
isset
(
$foreign_refs
[
$class
][
$field
]))
{
$foreign_refs
[
$class
][
$field
]
=
array
();
}
$foreign_refs
[
$class
][
$field
][]
=
array
(
$cname
,
$ofield
,
$filter
);
}
if
(
$filter
===
NULL
)
{
$filter
=
"
$ofield
=%oldvalue%"
;
}
$infos
[
'plForeignKeys'
][
$ofield
]
=
array
(
$class
,
$field
,
$filter
);
if
(
!
isset
(
$foreign_refs
[
$class
]))
{
$foreign_refs
[
$class
]
=
array
();
}
if
(
!
isset
(
$foreign_refs
[
$class
][
$field
]))
{
$foreign_refs
[
$class
][
$field
]
=
array
();
}
$foreign_refs
[
$class
][
$field
][]
=
array
(
$cname
,
$ofield
,
$filter
);
unset
(
$pfk
);
}
unset
(
$pfks
);
}
else
{
$infos
[
'plForeignKeys'
]
=
array
();
}
...
...
plugins/admin/acl/class_aclAssignment.inc
View file @
8c188424
...
...
@@ -52,8 +52,7 @@ class aclAssignmentDialogWindow extends simplePlugin
),
new
BooleanAttribute
(
_
(
'For all users'
),
_
(
'Apply this ACL for all LDAP users'
),
'allUsers'
,
FALSE
,
FALSE
'allUsers'
,
FALSE
),
new
UsersGroupsAttribute
(
_
(
'Members'
),
_
(
'Users or groups to assign this role to.'
),
...
...
@@ -82,6 +81,9 @@ class aclAssignmentDialogWindow extends simplePlugin
$this
->
aclMode
=
$value
[
'scope'
];
$this
->
aclRole
=
$value
[
'role'
];
$this
->
aclMembers
=
$value
[
'members'
];
if
(
$value
[
'members'
][
0
]
==
'*'
)
{
$this
->
allUsers
=
TRUE
;
}
}
}
...
...
@@ -108,8 +110,9 @@ class aclAssignmentDialogWindow extends simplePlugin
'members'
=>
$this
->
aclMembers
,
);
if
(
$this
->
allUsers
)
{
$entry
[
'members'
]
=
'*'
;
$entry
[
'members'
]
=
array
(
'*'
)
;
}
return
$entry
;
}
}
...
...
@@ -136,6 +139,7 @@ class ACLsAssignmentDialog extends GenericDialog
function
handle_finish
()
{
$this
->
dialog
->
save_object
();
$this
->
attribute
->
addValue
(
$this
->
dialog
->
getAclEntry
());
return
FALSE
;
}
...
...
@@ -176,6 +180,31 @@ class ACLsAssignmentAttribute extends DialogOrderedArrayAttribute
{
return
$key
.
':'
.
$value
[
'scope'
]
.
':'
.
base64_encode
(
$value
[
'role'
])
.
':'
.
join
(
','
,
array_map
(
'base64_encode'
,
$value
[
'members'
]));
}
function
foreignKeyUpdate
(
$oldvalue
,
$newvalue
,
$source
)
{
foreach
(
$this
->
value
as
$key
=>
&
$value
)
{
list
(
$key
,
$acl
)
=
$this
->
readValue
(
$value
);
if
((
$source
[
0
]
==
'role'
)
&&
(
$acl
[
'role'
]
==
$oldvalue
))
{
if
(
$newvalue
===
NULL
)
{
unset
(
$this
->
value
[
$key
]);
}
else
{
$acl
[
'role'
]
=
$newvalue
;
$value
=
$this
->
writeValue
(
$key
,
$acl
);
}
}
elseif
((
$source
[
0
]
==
'user'
||
$source
[
0
]
==
'group'
)
&&
((
$member_key
=
array_search
(
$oldvalue
,
$acl
[
'members'
]))
!==
FALSE
))
{
if
(
$newvalue
===
NULL
)
{
unset
(
$acl
[
'members'
][
$member_key
]);
}
else
{
$acl
[
'members'
][
$member_key
]
=
$newvalue
;
}
$value
=
$this
->
writeValue
(
$key
,
$acl
);
}
else
{
trigger_error
(
'unknown source '
.
$source
[
0
]);
}
}
unset
(
$value
);
}
}
class
aclAssignment
extends
simplePlugin
...
...
@@ -199,6 +228,13 @@ class aclAssignment extends simplePlugin
'name'
=>
'special'
),
),
'plForeignKeys'
=>
array
(
'gosaAclEntry'
=>
array
(
array
(
'aclRole'
,
'dn'
,
'gosaAclEntry=*:*:%b|oldvalue%:*'
),
array
(
'user'
,
'dn'
,
'gosaAclEntry=*:*:*:*%b|oldvalue%*'
),
array
(
'group'
,
'dn'
,
'gosaAclEntry=*:*:*:*%b|oldvalue%*'
),
)
),
'plProvidedAcls'
=>
parent
::
generatePlProvidedAcls
(
self
::
getAttributesInfo
())
);
...
...
Côme Chilliet
@cchilliet
mentioned in issue
#672 (closed)
·
Sep 02, 2017
mentioned in issue
#672 (closed)
mentioned in issue #672
Toggle commit list
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
