FusionDirectory
 All Data Structures Files Functions Variables
class_acl.inc
Go to the documentation of this file.
1 <?php
2 /*
3  This code is part of FusionDirectory (http://www.fusiondirectory.org/)
4  Copyright (C) 2003-2010 Cajus Pollmeier
5  Copyright (C) 2011-2016 FusionDirectory
6 
7  This program is free software; you can redistribute it and/or modify
8  it under the terms of the GNU General Public License as published by
9  the Free Software Foundation; either version 2 of the License, or
10  (at your option) any later version.
11 
12  This program is distributed in the hope that it will be useful,
13  but WITHOUT ANY WARRANTY; without even the implied warranty of
14  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  GNU General Public License for more details.
16 
17  You should have received a copy of the GNU General Public License
18  along with this program; if not, write to the Free Software
19  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
20 */
21 
30 class acl
31 {
32  static function plInfo()
33  {
34  return array(
35  'plShortName' => _('ACL'),
36  'plDescription' => _('Manage access control lists'),
37  'plCategory' => array(
38  'acl' => array(
39  'description' => _('ACL').'&nbsp;&amp;&nbsp;'._('ACL roles'),
40  'objectClass' => array('gosaAcl','gosaRole')
41  )
42  ),
43  'plObjectType' => array(),
44 
45  'plProvidedAcls' => array()
46  );
47  }
48 
54  static function sort_by_priority($list)
55  {
56  uksort($list,
57  function ($a, $b)
58  {
59  $infos_a = pluglist::pluginInfos(preg_replace('|^[^/]*/|', '', $a));
60  $infos_b = pluglist::pluginInfos(preg_replace('|^[^/]*/|', '', $b));
61  $pa = (isset($infos_a['plPriority'])?$infos_a['plPriority']:0);
62  $pb = (isset($infos_b['plPriority'])?$infos_b['plPriority']:0);
63  if ($pa == $pb) {
64  return 0;
65  }
66  return ($pa < $pb ? -1 : 1);
67  }
68  );
69 
70  return $list;
71  }
72 
78  static function explodeRole($role)
79  {
80  if (!is_array($role)) {
81  $role = array($role);
82  }
83  unset($role['count']);
84  $result = array();
85  foreach ($role as $aclTemplate) {
86  $list = explode(':', $aclTemplate, 2);
87  $result[$list[0]] = static::extractACL($list[1]);
88  }
89  ksort($result);
90  return $result;
91  }
92 
98  static function explodeACL($acl)
99  {
100  $list = explode(':', $acl);
101  if (count($list) == 5) {
102  list($index, $type,$role,$members,$filter) = $list;
103  $filter = base64_decode($filter);
104  } else {
105  $filter = "";
106  list($index, $type,$role,$members) = $list;
107  }
108 
109  $a = array( $index => array(
110  'type' => $type,
111  'filter' => $filter,
112  'members' => acl::extractMembers($members),
113  'acl' => base64_decode($role),
114  ));
115 
116  /* Handle unknown types */
117  if (!in_array($type, array('subtree', 'base'))) {
118  msg_dialog::display(_("Internal error"), sprintf(_("Unkown ACL type '%s'!\nYou might need to run \"fusiondirectory-setup --migrate-acls\" to migrate your acls to the new format."), $type), ERROR_DIALOG);
119  $a = array();
120  }
121  return $a;
122  }
123 
131  static function extractMembers($ms)
132  {
133  global $config;
134  $a = array();
135 
136  /* Seperate by ',' and place it in an array */
137  $ma = explode(',', $ms);
138 
139  /* Decode dn's, fill with informations from LDAP */
140  $ldap = $config->get_ldap_link();
141  foreach ($ma as $memberdn) {
142  // Check for wildcard here
143  $dn = base64_decode($memberdn);
144  if ($dn != '*') {
145  if (empty($dn)) {
146  trigger_error('Empty dn found in members of ACL');
147  continue;
148  }
149 
150  $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
151 
152  /* Found entry... */
153  if ($ldap->count()) {
154  $attrs = $ldap->fetch();
155  if (in_array_ics('inetOrgPerson', $attrs['objectClass'])) {
156  $a['U:'.$dn] = $attrs['cn'][0].' ['.$attrs['uid'][0].']';
157  } elseif (in_array_ics('organizationalRole', $attrs['objectClass'])) {
158  $a['R:'.$dn] = $attrs['cn'][0];
159  if (isset($attrs['description'][0])) {
160  $a['R:'.$dn] .= ' ['.$attrs['description'][0].']';
161  }
162  } else {
163  $a['G:'.$dn] = $attrs['cn'][0];
164  if (isset($attrs['description'][0])) {
165  $a['G:'.$dn] .= ' ['.$attrs['description'][0].']';
166  }
167  }
168  /* ... or not */
169  } else {
170  $a['U:'.$dn] = sprintf(_("Unknown entry '%s'!"), $dn);
171  }
172  } else {
173  $a['G:*'] = sprintf(_("All users"));
174  }
175  }
176 
177  return $a;
178  }
179 
185  static function extractACL($acl)
186  {
187  /* Rip acl off the string, seperate by ',' and place it in an array */
188  $as = preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
189  $aa = explode(',', $as);
190  $a = array();
191 
192  /* Dis-assemble single ACLs */
193  foreach ($aa as $sacl) {
194 
195  /* Dis-assemble field ACLs */
196  $ao = explode('#', $sacl);
197  $gobject = "";
198  foreach ($ao as $idx => $ssacl) {
199 
200  /* First is department with global acl */
201  $object = preg_replace('/^([^;]+);.*$/', '\1', $ssacl);
202  $gacl = preg_replace('/^[^;]+;(.*)$/', '\1', $ssacl);
203  if ($idx == 0) {
204  /* Create hash for this object */
205  $gobject = $object;
206  $a[$gobject] = array();
207 
208  /* Append ACL if set */
209  if ($gacl != "") {
210  $a[$gobject] = array($gacl);
211  }
212  } else {
213  /* All other entries get appended... */
214  list($field, $facl) = explode(';', $ssacl);
215  $a[$gobject][$field] = $facl;
216  }
217 
218  }
219  }
220 
221  return $a;
222  }
223 }
224 ?>
in_array_ics($value, array $items)
Check if a value exists in an array (case-insensitive)
Definition: functions.inc:1657
static extractACL($acl)
Extract an acl.
Definition: class_acl.inc:185
static extractMembers($ms)
Extract members of an acl.
Definition: class_acl.inc:131
This class contains all the function needed to manage acl.
Definition: class_acl.inc:30
static explodeRole($role)
Explode a role.
Definition: class_acl.inc:78
static display($s_title, $s_message, $i_type=INFO_DIALOG)
Display a message dialog.
static sort_by_priority($list)
Function sort an array by elements priority.
Definition: class_acl.inc:54
static explodeACL($acl)
Explode an acl.
Definition: class_acl.inc:98