| | |
|---|
| | | * |
|---|
| | | * Copyright (C) 2011-2012, Kolab Systems AG |
|---|
| | | * |
|---|
| | | * This program is free software; you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU General Public License version 2 |
|---|
| | | * as published by the Free Software Foundation. |
|---|
| | | * This program is free software: you can redistribute it and/or modify |
|---|
| | | * it under the terms of the GNU General Public License as published by |
|---|
| | | * the Free Software Foundation, either version 3 of the License, or |
|---|
| | | * (at your option) any later version. |
|---|
| | | * |
|---|
| | | * This program is distributed in the hope that it will be useful, |
|---|
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| | | * GNU General Public License for more details. |
|---|
| | | * |
|---|
| | | * You should have received a copy of the GNU General Public License along |
|---|
| | | * with this program; if not, write to the Free Software Foundation, Inc., |
|---|
| | | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
|---|
| | | * You should have received a copy of the GNU General Public License |
|---|
| | | * along with this program. If not, see http://www.gnu.org/licenses/. |
|---|
| | | */ |
|---|
| | | |
|---|
| | | class acl extends rcube_plugin |
|---|
| | |
|---|
| | | */ |
|---|
| | | function acl_actions() |
|---|
| | | { |
|---|
| | | $action = trim(get_input_value('_act', RCUBE_INPUT_GPC)); |
|---|
| | | $action = trim(rcube_utils::get_input_value('_act', rcube_utils::INPUT_GPC)); |
|---|
| | | |
|---|
| | | // Connect to IMAP |
|---|
| | | $this->rc->storage_init(); |
|---|
| | |
|---|
| | | { |
|---|
| | | $this->load_config(); |
|---|
| | | |
|---|
| | | $search = get_input_value('_search', RCUBE_INPUT_GPC, true); |
|---|
| | | $sid = get_input_value('_id', RCUBE_INPUT_GPC); |
|---|
| | | $search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true); |
|---|
| | | $reqid = rcube_utils::get_input_value('_reqid', rcube_utils::INPUT_GPC); |
|---|
| | | $users = array(); |
|---|
| | | |
|---|
| | | if ($this->init_ldap()) { |
|---|
| | |
|---|
| | | |
|---|
| | | sort($users, SORT_LOCALE_STRING); |
|---|
| | | |
|---|
| | | $this->rc->output->command('ksearch_query_results', $users, $search, $sid); |
|---|
| | | $this->rc->output->command('ksearch_query_results', $users, $search, $reqid); |
|---|
| | | $this->rc->output->send(); |
|---|
| | | } |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | // Load localization and include scripts |
|---|
| | | $this->load_config(); |
|---|
| | | $this->specials = $this->rc->config->get('acl_specials', $this->specials); |
|---|
| | | $this->add_texts('localization/', array('deleteconfirm', 'norights', |
|---|
| | | 'nouser', 'deleting', 'saving')); |
|---|
| | | 'nouser', 'deleting', 'saving', 'newuser', 'editperms')); |
|---|
| | | $this->rc->output->add_label('save', 'cancel'); |
|---|
| | | $this->include_script('acl.js'); |
|---|
| | | $this->rc->output->include_script('list.js'); |
|---|
| | | $this->include_stylesheet($this->local_skin_path().'/acl.css'); |
|---|
| | |
|---|
| | | // add Info fieldset if it doesn't exist |
|---|
| | | if (!isset($args['form']['props']['fieldsets']['info'])) |
|---|
| | | $args['form']['props']['fieldsets']['info'] = array( |
|---|
| | | 'name' => rcube_label('info'), |
|---|
| | | 'name' => $this->rc->gettext('info'), |
|---|
| | | 'content' => array()); |
|---|
| | | |
|---|
| | | // Display folder rights to 'Info' fieldset |
|---|
| | | $args['form']['props']['fieldsets']['info']['content']['myrights'] = array( |
|---|
| | | 'label' => Q($this->gettext('myrights')), |
|---|
| | | 'label' => rcube::Q($this->gettext('myrights')), |
|---|
| | | 'value' => $this->acl2text($myrights) |
|---|
| | | ); |
|---|
| | | |
|---|
| | |
|---|
| | | $this->rc->output->add_label('autocompletechars', 'autocompletemore'); |
|---|
| | | |
|---|
| | | $args['form']['sharing'] = array( |
|---|
| | | 'name' => Q($this->gettext('sharing')), |
|---|
| | | 'name' => rcube::Q($this->gettext('sharing')), |
|---|
| | | 'content' => $this->rc->output->parse('acl.table', false, false), |
|---|
| | | ); |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | // Advanced rights |
|---|
| | | $attrib['id'] = 'advancedrights'; |
|---|
| | | foreach ($supported as $val) { |
|---|
| | | foreach ($supported as $key => $val) { |
|---|
| | | $id = "acl$val"; |
|---|
| | | $ul .= html::tag('li', null, |
|---|
| | | $input->show('', array( |
|---|
| | |
|---|
| | | . $val); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $out = html::tag('ul', array('id' => 'usertype'), $ul, html::$common_attrib); |
|---|
| | | $out = html::tag('ul', array('id' => 'usertype', 'class' => $attrib['class']), $ul, html::$common_attrib); |
|---|
| | | } |
|---|
| | | // Display text input alone |
|---|
| | | else { |
|---|
| | |
|---|
| | | $table->add_header(array('class' => 'acl'.$key, 'title' => $label), $label); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $i = 1; |
|---|
| | | $js_table = array(); |
|---|
| | | foreach ($acl as $user => $rights) { |
|---|
| | | if ($this->rc->storage->conn->user == $user) { |
|---|
| | |
|---|
| | | |
|---|
| | | // filter out virtual rights (c or d) the server may return |
|---|
| | | $userrights = array_intersect($rights, $supported); |
|---|
| | | $userid = html_identifier($user); |
|---|
| | | $userid = rcube_utils::html_identifier($user); |
|---|
| | | |
|---|
| | | if (!empty($this->specials) && in_array($user, $this->specials)) { |
|---|
| | | $user = $this->gettext($user); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $table->add_row(array('id' => 'rcmrow'.$userid)); |
|---|
| | | $table->add('user', Q($user)); |
|---|
| | | $table->add('user', rcube::Q($user)); |
|---|
| | | |
|---|
| | | foreach ($items as $key => $right) { |
|---|
| | | $in = $this->acl_compare($userrights, $right); |
|---|
| | |
|---|
| | | */ |
|---|
| | | private function action_save() |
|---|
| | | { |
|---|
| | | $mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true)); // UTF7-IMAP |
|---|
| | | $user = trim(get_input_value('_user', RCUBE_INPUT_GPC)); |
|---|
| | | $acl = trim(get_input_value('_acl', RCUBE_INPUT_GPC)); |
|---|
| | | $oldid = trim(get_input_value('_old', RCUBE_INPUT_GPC)); |
|---|
| | | $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP |
|---|
| | | $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC)); |
|---|
| | | $acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_GPC)); |
|---|
| | | $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_GPC)); |
|---|
| | | |
|---|
| | | $acl = array_intersect(str_split($acl), $this->rights_supported()); |
|---|
| | | $users = $oldid ? array($user) : explode(',', $user); |
|---|
| | | $acl = array_intersect(str_split($acl), $this->rights_supported()); |
|---|
| | | $users = $oldid ? array($user) : explode(',', $user); |
|---|
| | | $result = 0; |
|---|
| | | |
|---|
| | | foreach ($users as $user) { |
|---|
| | | $user = trim($user); |
|---|
| | |
|---|
| | | if (!empty($this->specials) && in_array($user, $this->specials)) { |
|---|
| | | $username = $this->gettext($user); |
|---|
| | | } |
|---|
| | | else { |
|---|
| | | else if (!empty($user)) { |
|---|
| | | if (!strpos($user, '@') && ($realm = $this->get_realm())) { |
|---|
| | | $user .= '@' . rcube_idn_to_ascii(preg_replace('/^@/', '', $realm)); |
|---|
| | | $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm)); |
|---|
| | | } |
|---|
| | | $username = $user; |
|---|
| | | } |
|---|
| | |
|---|
| | | continue; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $user = $this->mod_login($user); |
|---|
| | | $username = $this->mod_login($username); |
|---|
| | | |
|---|
| | | if ($user != $_SESSION['username'] && $username != $_SESSION['username']) { |
|---|
| | | if ($this->rc->storage->set_acl($mbox, $user, $acl)) { |
|---|
| | | $ret = array('id' => html_identifier($user), |
|---|
| | | $ret = array('id' => rcube_utils::html_identifier($user), |
|---|
| | | 'username' => $username, 'acl' => implode($acl), 'old' => $oldid); |
|---|
| | | $this->rc->output->command('acl_update', $ret); |
|---|
| | | $result++; |
|---|
| | |
|---|
| | | */ |
|---|
| | | private function action_delete() |
|---|
| | | { |
|---|
| | | $mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true)); //UTF7-IMAP |
|---|
| | | $user = trim(get_input_value('_user', RCUBE_INPUT_GPC)); |
|---|
| | | $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); //UTF7-IMAP |
|---|
| | | $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC)); |
|---|
| | | |
|---|
| | | $user = explode(',', $user); |
|---|
| | | |
|---|
| | | foreach ($user as $u) { |
|---|
| | | $u = trim($u); |
|---|
| | | if ($this->rc->storage->delete_acl($mbox, $u)) { |
|---|
| | | $this->rc->output->command('acl_remove_row', html_identifier($u)); |
|---|
| | | $this->rc->output->command('acl_remove_row', rcube_utils::html_identifier($u)); |
|---|
| | | } |
|---|
| | | else { |
|---|
| | | $error = true; |
|---|
| | |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true)); // UTF7-IMAP |
|---|
| | | $advanced = trim(get_input_value('_mode', RCUBE_INPUT_GPC)); |
|---|
| | | $this->mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP |
|---|
| | | $advanced = trim(rcube_utils::get_input_value('_mode', rcube_utils::INPUT_GPC)); |
|---|
| | | $advanced = $advanced == 'advanced' ? true : false; |
|---|
| | | |
|---|
| | | // Save state in user preferences |
|---|
| | |
|---|
| | | |
|---|
| | | foreach ($supported as $right) { |
|---|
| | | if (in_array($right, $rights)) { |
|---|
| | | $list[] = html::tag('li', null, Q($this->gettext('acl' . $right))); |
|---|
| | | $list[] = html::tag('li', null, rcube::Q($this->gettext('acl' . $right))); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (count($list) == count($supported)) |
|---|
| | | return Q($this->gettext('aclfull')); |
|---|
| | | return rcube::Q($this->gettext('aclfull')); |
|---|
| | | |
|---|
| | | return html::tag('ul', $attrib, implode("\n", $list)); |
|---|
| | | } |
|---|
| | |
|---|
| | | private function get_realm() |
|---|
| | | { |
|---|
| | | // When user enters a username without domain part, realm |
|---|
| | | // alows to add it to the username (and display correct username in the table) |
|---|
| | | // allows to add it to the username (and display correct username in the table) |
|---|
| | | |
|---|
| | | if (isset($_SESSION['acl_username_realm'])) { |
|---|
| | | return $_SESSION['acl_username_realm']; |
|---|
| | |
|---|
| | | |
|---|
| | | return $this->ldap->ready; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Modify user login according to 'login_lc' setting |
|---|
| | | */ |
|---|
| | | protected function mod_login($user) |
|---|
| | | { |
|---|
| | | $login_lc = $this->rc->config->get('login_lc'); |
|---|
| | | |
|---|
| | | if ($login_lc === true || $login_lc == 2) { |
|---|
| | | $user = mb_strtolower($user); |
|---|
| | | } |
|---|
| | | // lowercase domain name |
|---|
| | | else if ($login_lc && strpos($user, '@')) { |
|---|
| | | list($local, $domain) = explode('@', $user); |
|---|
| | | $user = $local . '@' . mb_strtolower($domain); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return $user; |
|---|
| | | } |
|---|
| | | } |
|---|
