diff --git a/include/class_CopyPasteHandler.inc b/include/class_CopyPasteHandler.inc
index a7c529a20ef89a6e3aa8986d5bf214716b432c6d..40b074e68fb448836a41a92436d45368262483da 100644
--- a/include/class_CopyPasteHandler.inc
+++ b/include/class_CopyPasteHandler.inc
@@ -134,7 +134,7 @@ class CopyPasteHandler
/*!
* \brief Paste one entry from LDAP
*/
- protected function load_entry_from_ldap ($entry, $base)
+ protected function load_entry_from_ldap ($entry)
{
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $entry['dn'], 'load_entry_from_ldap');
if (!isset($entry['tab_class']) && !isset($entry['type'])) {
@@ -143,7 +143,6 @@ class CopyPasteHandler
$entry['object'] = objects::open($entry['dn'], $entry['type']);
- $entry['object']->set_acl_base($base);
if ($entry['parent'] !== NULL) {
$entry['object']->parent = $entry['parent'];
}
@@ -161,7 +160,7 @@ class CopyPasteHandler
* \brief Displays a dialog which allows the user to fix all dependencies of this object.
* Create unique names, ids, or what ever
*/
- function execute ($base)
+ function execute ()
{
$ui = get_userinfo();
@@ -178,7 +177,7 @@ class CopyPasteHandler
/* Update entries on demand */
if (!isset($entry['object'])) {
- $entry = $this->load_entry_from_ldap($entry, $base);
+ $entry = $this->load_entry_from_ldap($entry);
$this->queue[$key] = $entry;
}
diff --git a/include/class_objects.inc b/include/class_objects.inc
index a9615e413f037b135e5e86c6bb29143a0c92ffaf..aaf4945b07e25a4deb218b9b4de13992f2bb7cc8 100644
--- a/include/class_objects.inc
+++ b/include/class_objects.inc
@@ -334,7 +334,6 @@ class objects
$tabClass = $infos['tabClass'];
$tabObject = new $tabClass($type, $dn);
- $tabObject->set_acl_base();
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $dn, "Openned as $type object");
return $tabObject;
diff --git a/include/management/class_management.inc b/include/management/class_management.inc
index d6e89659944bd4d2e673827ea172cdc56c2192a6..4620437491754b44a8fcd8615d5bd12a80ad27b8 100644
--- a/include/management/class_management.inc
+++ b/include/management/class_management.inc
@@ -581,10 +581,9 @@ class management
return print_header($this->icon, $this->title, get_object_info());
}
- function openTabObject ($object, $base)
+ function openTabObject ($object)
{
$this->tabObject = $object;
- $this->tabObject->set_acl_base($base);
$this->tabObject->parent = &$this;
}
@@ -708,7 +707,7 @@ class management
set_object_info($this->currentDn);
// Open object
- $this->openTabObject(objects::create($type), $this->listing->getBase());
+ $this->openTabObject(objects::create($type));
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->currentDn, 'Create entry initiated');
}
@@ -828,7 +827,7 @@ class management
add_lock($this->currentDn, $ui->dn);
// Open object
- $this->openTabObject(objects::open($this->currentDn, $entry->getTemplatedType()), $this->currentDn);
+ $this->openTabObject(objects::open($this->currentDn, $entry->getTemplatedType()));
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->currentDn, 'Edit entry initiated');
if (isset($action['subaction'])
&& ($this->handleSubAction($action) === FALSE)) {
@@ -978,7 +977,7 @@ class management
if ($entry->checkAcl('d')) {
// Delete the object
$this->currentDn = $dn;
- $this->openTabObject(objects::open($this->currentDn, $entry->getTemplatedType()), $this->currentDn);
+ $this->openTabObject(objects::open($this->currentDn, $entry->getTemplatedType()));
$this->tabObject->delete();
// Remove the lock for the current object.
@@ -1039,7 +1038,7 @@ class management
// Display any c&p dialogs, eg. object modifications required before pasting.
if ($this->cpPastingStarted && $this->cpHandler->entries_queued()) {
- $data = $this->cpHandler->execute($this->listing->getBase());
+ $data = $this->cpHandler->execute();
if (!empty($data)) {
return $data;
}
@@ -1069,7 +1068,6 @@ class management
$entry = $this->listing->getEntry($this->currentDn);
if ($entry->snapshotCreationAllowed()) {
$this->dialogObject = new SnapshotCreateDialog($this->currentDn, $this, '');
- $this->dialogObject->set_acl_base($this->currentDn);
} else {
msg_dialog::display(_('Permission'), sprintf(_('You are not allowed to create a snapshot for %s.'), $this->currentDn),
ERROR_DIALOG);
@@ -1215,7 +1213,7 @@ class management
add_lock($this->currentDn, $ui->dn);
// Open object
- $this->openTabObject(objects::open($this->currentDn, $entry->getTemplatedType()), $this->currentDn);
+ $this->openTabObject(objects::open($this->currentDn, $entry->getTemplatedType()));
$this->saveChanges();
}
} else {
diff --git a/include/management/snapshot/class_SnapshotCreateDialog.inc b/include/management/snapshot/class_SnapshotCreateDialog.inc
index f44f36fde55fc6ceba69037130148252a6688445..d8bdb79bcf455c090bc75277e287aa0de7e69d6b 100644
--- a/include/management/snapshot/class_SnapshotCreateDialog.inc
+++ b/include/management/snapshot/class_SnapshotCreateDialog.inc
@@ -67,6 +67,14 @@ class SnapshotCreateDialog extends ManagementDialog
$this->aclCategory = $aclCategory;
}
+ /*!
+ * \brief Get LDAP base to use for ACL checks
+ */
+ function getAclBase(): string
+ {
+ return $this->object_dn;
+ }
+
/*! \brief Check if logged in user have enough right to write this attribute value
*
* \param mixed $attr Attribute object or name (in this case it will be fetched from attributesAccess)
@@ -79,7 +87,7 @@ class SnapshotCreateDialog extends ManagementDialog
$attr = $this->attributesAccess[$attr];
}
if ($attr->getLdapName() == 'description') {
- return in_array('c', $ui->get_snapshot_permissions($this->acl_base, $this->aclCategory));
+ return in_array('c', $ui->get_snapshot_permissions($this->object_dn, $this->aclCategory));
} else {
return parent::attrIsWriteable($attr);
}
@@ -90,7 +98,7 @@ class SnapshotCreateDialog extends ManagementDialog
global $ui;
$smarty = get_smarty();
- $permissions = $ui->get_snapshot_permissions($this->acl_base, $this->aclCategory);
+ $permissions = $ui->get_snapshot_permissions($this->object_dn, $this->aclCategory);
$acl = '';
if (in_array('c', $permissions)) {
$acl .= 'crw';
diff --git a/include/management/snapshot/class_SnapshotRestoreDialog.inc b/include/management/snapshot/class_SnapshotRestoreDialog.inc
index 0f45b3a650a3afde036dd406ef56a264e21c78f1..0747ae4f7d67a9e9ddd9bc303291b51ebfaf324b 100644
--- a/include/management/snapshot/class_SnapshotRestoreDialog.inc
+++ b/include/management/snapshot/class_SnapshotRestoreDialog.inc
@@ -65,7 +65,6 @@ class SnapshotRestoreDialog extends ManagementDialog
$this->global = $global;
parent::__construct(NULL, NULL, $parent);
$this->object_dn = $dn;
- $this->acl_base = $dn;
$this->aclCategory = $aclCategories;
if ($this->global) {
$this->attributesAccess['object_dn']->setVisible(FALSE);
@@ -73,6 +72,11 @@ class SnapshotRestoreDialog extends ManagementDialog
$this->updateList();
}
+ function getAclBase (): string
+ {
+ return $this->object_dn;
+ }
+
function updateList ()
{
if ($this->global) {
@@ -115,7 +119,7 @@ class SnapshotRestoreDialog extends ManagementDialog
$str = $smarty->fetch(get_template_path('restore-confirm.tpl'));
} else {
$smarty = get_smarty();
- $permissions = $ui->get_snapshot_permissions($this->acl_base, $this->aclCategory);
+ $permissions = $ui->get_snapshot_permissions($this->getAclBase(), $this->aclCategory);
$acl = '';
if (in_array('r', $permissions)) {
$acl .= 'r';
@@ -144,7 +148,7 @@ class SnapshotRestoreDialog extends ManagementDialog
$attr = $this->attributesAccess[$attr];
}
if ($attr->getLdapName() == 'snapshots') {
- return in_array(($this->global ? 'restore_deleted' : 'restore_over'), $ui->get_snapshot_permissions($this->acl_base, $this->aclCategory));
+ return in_array(($this->global ? 'restore_deleted' : 'restore_over'), $ui->get_snapshot_permissions($this->getAclBase(), $this->aclCategory));
} else {
return parent::attrIsWriteable($attr);
}
diff --git a/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc b/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc
index c883ead9c79c2bf9f4ddeaba76522470994a01a0..d2bbb6b7375e2c660282a3ab643ad52aac699abe 100644
--- a/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc
+++ b/include/simpleplugin/attributes/class_BaseSelectorAttribute.inc
@@ -130,12 +130,6 @@ class BaseSelectorAttribute extends Attribute
{
parent::setValue($value);
if (is_object($this->plugin)) {
- /* Set the new acl base */
- if ($this->plugin->dn == 'new') {
- $this->plugin->set_acl_base($this->value);
- $this->plugin->parent->set_acl_base();
- }
-
if (($this->baseSelector !== NULL) && ($this->baseSelector->getBase() !== $this->value)) {
$this->baseSelector->setBase($this->value);
}
diff --git a/include/simpleplugin/class_dialogAttributes.inc b/include/simpleplugin/class_dialogAttributes.inc
index 759464f3b3672f1103e7f7626e84e6feb6be64ce..45877e45d3209cbae9230de2a5e1733f0fc9f5df 100644
--- a/include/simpleplugin/class_dialogAttributes.inc
+++ b/include/simpleplugin/class_dialogAttributes.inc
@@ -836,7 +836,7 @@ class GenericSimplePluginDialog extends GenericDialog
if ($base == 'new') {
$base = $simplePlugin->base;
}
- $this->dialog->set_acl_base($base);
+ $this->dialog->base = $base;
$this->dialog->set_acl_category($simplePlugin->acl_category);
if (!empty($value)) {
$this->initialDialogValue = $value;
diff --git a/include/simpleplugin/class_multiPlugin.inc b/include/simpleplugin/class_multiPlugin.inc
index 4079789a4296cd305fa8b8462e0b074251be57c2..1bac4c59dbdffbcafa773131339506f722608f54 100644
--- a/include/simpleplugin/class_multiPlugin.inc
+++ b/include/simpleplugin/class_multiPlugin.inc
@@ -56,7 +56,6 @@ class multiPlugin extends simplePlugin
these settings will be overloaded in main.inc,
if we are editing ourself */
$this->plugin[$name]->set_acl_category($plInfos['plCategory'][0]);
- $this->plugin[$name]->set_acl_base($this->dn);
}
}
@@ -134,15 +133,6 @@ class multiPlugin extends simplePlugin
unset($plug);
}
- function set_acl_base (string $base)
- {
- parent::set_acl_base($base);
- foreach ($this->plugin as &$plug) {
- $plug->set_acl_base($base);
- }
- unset($plug);
- }
-
public function setNeedEditMode (bool $bool)
{
parent::setNeedEditMode($bool);
diff --git a/include/simpleplugin/class_simpleManagement.inc b/include/simpleplugin/class_simpleManagement.inc
index 938a349ad67dc4e799fec932919da9bc6a35eab8..81f1205ebb499d583d9d1e68d94576e890331f53 100644
--- a/include/simpleplugin/class_simpleManagement.inc
+++ b/include/simpleplugin/class_simpleManagement.inc
@@ -75,7 +75,7 @@ class templateDialog
}
if (is_object($this->template)) {
if ($this->target !== NULL) {
- $this->simpleManagement->openTabObject($this->template->apply($this->target), $this->template->getBase());
+ $this->simpleManagement->openTabObject($this->template->apply($this->target));
$this->simpleManagement->handleTemplateApply();
return FALSE;
} else {
@@ -112,7 +112,7 @@ class templateDialog
function handle_finish ()
{
$this->simpleManagement->closeDialogs();
- $this->simpleManagement->openTabObject($this->template->apply(), $this->template->getBase());
+ $this->simpleManagement->openTabObject($this->template->apply());
return FALSE;
}
@@ -676,7 +676,7 @@ class simpleManagement
set_object_info($this->dn);
// Open object
- $this->openTabObject(objects::open($this->dn, $type), $this->headpage->getBase());
+ $this->openTabObject(objects::open($this->dn, $type));
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->dn, "Create new entry initiated!");
}
@@ -877,7 +877,7 @@ class simpleManagement
add_lock($this->dn, $ui->dn);
// Open object
- $this->openTabObject(objects::open($this->dn, $type), $this->dn);
+ $this->openTabObject(objects::open($this->dn, $type));
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->dn, "Edit entry initiated!");
if (isset($all['subaction']) && !$this->handleSubAction($all)) {
trigger_error('Was not able to handle subaction: '.$all['subaction']);
@@ -944,10 +944,9 @@ class simpleManagement
return FALSE;
}
- function openTabObject ($object, $base)
+ function openTabObject ($object)
{
$this->tabObject = $object;
- $this->tabObject->set_acl_base($base);
$this->tabObject->parent = &$this;
}
@@ -1081,7 +1080,7 @@ class simpleManagement
if (preg_match("/d/", $acl)) {
// Delete the object
$this->dn = $dn;
- $this->openTabObject(objects::open($this->dn, $type), $this->dn);
+ $this->openTabObject(objects::open($this->dn, $type));
$this->tabObject->delete();
// Remove the lock for the current object.
@@ -1117,7 +1116,6 @@ class simpleManagement
$aclCategory = $config->data['OBJECTS'][$this->getType($this->dn)]['aclCategory'];
if ($ui->allow_snapshot_create($this->dn, $aclCategory)) {
$this->dialogObject = new SnapshotCreateDialog($this->dn, $this, $aclCategory);
- $this->dialogObject->set_acl_base($this->dn);
} else {
msg_dialog::display(_('Permission'), sprintf(_('You are not allowed to create a snapshot for %s.'), $this->dn),
ERROR_DIALOG);
@@ -1216,7 +1214,7 @@ class simpleManagement
// Display any c&p dialogs, eg. object modifications required before pasting.
if ($this->cpPastingStarted && $this->cpHandler->entries_queued()) {
- $data = $this->cpHandler->execute($this->headpage->getBase());
+ $data = $this->cpHandler->execute();
if (!empty($data)) {
return $data;
}
diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index 34e89abd3ddea8430c4484136c70a2ae1f2ba68d..b0732ce3210f3c75b24eea7fab9a85f782d6a25b 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -53,7 +53,6 @@ class simplePlugin implements SimpleTab
public $initially_was_account = FALSE;
public $ignore_account = FALSE;
- public $acl_base = '';
public $acl_category = '';
/*! \brief dn of the opened object */
@@ -220,9 +219,6 @@ class simplePlugin implements SimpleTab
$this->read_only = TRUE;
}
}
-
- /* Save current dn as acl_base */
- $this->acl_base = $this->dn;
}
/* Load LDAP data */
@@ -564,16 +560,6 @@ class simplePlugin implements SimpleTab
return $deps;
}
- /*!
- * \brief Set acl base
- *
- * \param string $base
- */
- function set_acl_base (string $base)
- {
- $this->acl_base = $base;
- }
-
/*!
* \brief Set acl category
*
@@ -817,13 +803,37 @@ class simplePlugin implements SimpleTab
return $this->acl_is_writeable($attr->getAcl(), $this->acl_skip_write());
}
+ /*!
+ * \brief Get LDAP base to use for ACL checks
+ */
+ function getAclBase(): string
+ {
+ global $config;
+
+ if ($this->mainTab) {
+ if (isset($this->dn) && ($this->dn != 'new')) {
+ return $this->dn;
+ }
+ if (isset($this->base)) {
+ return 'new,'.$this->base;
+ }
+ } elseif ($this->parent instanceof simpleTabs) {
+ return $this->parent->getAclBase();
+ }
+ if (isset($this->base)) {
+ return 'new,'.$this->base;
+ }
+
+ return $config->current['BASE'];
+ }
+
function renderAttributes (bool $readOnly = FALSE)
{
global $ui;
$smarty = get_smarty();
if ($this->is_template) {
- $smarty->assign('template_cnACL', $ui->get_permissions($this->acl_base, $this->acl_category.'template', 'template_cn', $this->acl_skip_write()));
+ $smarty->assign('template_cnACL', $ui->get_permissions($this->getAclBase(), $this->acl_category.'template', 'template_cn', $this->acl_skip_write()));
}
/* Handle rights to modify the base */
@@ -969,7 +979,7 @@ class simplePlugin implements SimpleTab
$ui = get_userinfo();
$skipWrite |= $this->readOnly();
if ($base === NULL) {
- $base = $this->acl_base;
+ $base = $this->getAclBase();
}
return $ui->get_permissions($base, $this->acl_category.get_class($this), $attribute, $skipWrite);
}
@@ -2118,11 +2128,6 @@ class simplePlugin implements SimpleTab
if (!$tabs) {
$tabObject->current = $classname;
}
- if (($entry_dn != '') && ($entry_dn != 'new')) {
- $tabObject->set_acl_base($entry_dn);
- } else {
- $tabObject->set_acl_base($config->current['BASE']);
- }
session::set($classname, $tabObject);
}
$tabObject = session::get($classname);
diff --git a/include/simpleplugin/class_simpleTabs.inc b/include/simpleplugin/class_simpleTabs.inc
index 2aa51956adae918f8e0d3f810b534ad7cb1870c0..61355d49b72dd8f3d1c6ac3544635c4b15be48f0 100644
--- a/include/simpleplugin/class_simpleTabs.inc
+++ b/include/simpleplugin/class_simpleTabs.inc
@@ -483,23 +483,11 @@ class simpleTabs
}
/*!
- * \brief Set acl base
- *
- * \param string $base The new acl base
+ * \brief Get LDAP base to use for ACL checks
*/
- function set_acl_base ($base = "")
+ function getAclBase(): string
{
- /* Update reference, transfer variables */
- $first = ($base == "");
- foreach ($this->by_object as &$obj) {
- if ($first) {
- $first = FALSE;
- $base = $obj->acl_base;
- } else {
- $obj->set_acl_base($base);
- }
- }
- unset($obj);
+ return $this->getBaseObject()->getAclBase();
}
function setTemplateMode ($cn)
diff --git a/include/simpleplugin/interface_SimpleTab.inc b/include/simpleplugin/interface_SimpleTab.inc
index 7a6070f7c00449c757f51c6c8bf454a04bcc875a..85b30721471298c2d058a234c3a21c0d1dde6f3d 100644
--- a/include/simpleplugin/interface_SimpleTab.inc
+++ b/include/simpleplugin/interface_SimpleTab.inc
@@ -38,13 +38,13 @@ interface SimpleTab
* string $_template_cn (only for main tab of templates)
* array $attributesAccess (only for main tab of templates)
* simpleTabs $parent
- * string $acl_base
*/
/*
* Public methods needed in some cases:
* compute_dn (): string (only for main tab)
* move (string $src_dn, string $dst_dn): TRUE|string (only for main tab)
+ * getAclBase (): string (only for main tab)
*/
public static function plInfo (): array;
@@ -73,10 +73,6 @@ interface SimpleTab
*/
public function resetCopyInfos ();
- /*! \brief Forward plugin acls
- */
- public function set_acl_base (string $base);
-
/*! \brief Sets ACL category provided by simpleTabs
*/
public function set_acl_category (string $category);
diff --git a/plugins/admin/acl/class_aclAssignment.inc b/plugins/admin/acl/class_aclAssignment.inc
index a9590029df4f086355fb971640a5e9c2f939ccbb..e33fe17db71fcedab537c478d04b7430c8232288 100644
--- a/plugins/admin/acl/class_aclAssignment.inc
+++ b/plugins/admin/acl/class_aclAssignment.inc
@@ -143,7 +143,7 @@ class ACLsAssignmentDialog extends GenericDialog
}
$this->attribute = $attribute;
$this->dialog = new $this->dialogClass($acl, $isContainer);
- $this->dialog->set_acl_base($simplePlugin->acl_base);
+ $this->dialog->base = $simplePlugin->getAclBase();
$this->initialAclValue = $acl;
}
diff --git a/plugins/admin/acl/class_aclManagement.inc b/plugins/admin/acl/class_aclManagement.inc
index bf07bc378f4bf6da4debd91e73ba5a5ead18c4c1..889270f98adeb91d0bf5aceba4f29380878adeb3 100644
--- a/plugins/admin/acl/class_aclManagement.inc
+++ b/plugins/admin/acl/class_aclManagement.inc
@@ -189,7 +189,7 @@ class aclManagement extends management
set_object_info($this->currentDn);
- $this->openTabObject($tabObject, $this->listing->getBase());
+ $this->openTabObject($tabObject);
@DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $this->currentDn, 'Creating new ACLĂ‚ assignment');
}