commit | author | age
|
48e9c1
|
1 |
<?php |
T |
2 |
|
|
3 |
/** |
|
4 |
* Folders Access Control Lists Management (RFC4314, RFC2086) |
|
5 |
* |
|
6 |
* @version @package_version@ |
|
7 |
* @author Aleksander Machniak <alec@alec.pl> |
|
8 |
* |
|
9 |
* |
|
10 |
* Copyright (C) 2011-2012, Kolab Systems AG |
|
11 |
* |
07c6c6
|
12 |
* This program is free software: you can redistribute it and/or modify |
TB |
13 |
* it under the terms of the GNU General Public License as published by |
|
14 |
* the Free Software Foundation, either version 3 of the License, or |
|
15 |
* (at your option) any later version. |
48e9c1
|
16 |
* |
T |
17 |
* This program is distributed in the hope that it will be useful, |
|
18 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
19 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
20 |
* GNU General Public License for more details. |
|
21 |
* |
07c6c6
|
22 |
* You should have received a copy of the GNU General Public License |
TB |
23 |
* along with this program. If not, see http://www.gnu.org/licenses/. |
48e9c1
|
24 |
*/ |
T |
25 |
|
|
26 |
class acl extends rcube_plugin |
|
27 |
{ |
|
28 |
public $task = 'settings|addressbook|calendar'; |
|
29 |
|
|
30 |
private $rc; |
|
31 |
private $supported = null; |
|
32 |
private $mbox; |
|
33 |
private $ldap; |
|
34 |
private $specials = array('anyone', 'anonymous'); |
|
35 |
|
|
36 |
/** |
|
37 |
* Plugin initialization |
|
38 |
*/ |
|
39 |
function init() |
|
40 |
{ |
|
41 |
$this->rc = rcmail::get_instance(); |
|
42 |
|
|
43 |
// Register hooks |
|
44 |
$this->add_hook('folder_form', array($this, 'folder_form')); |
|
45 |
// kolab_addressbook plugin |
|
46 |
$this->add_hook('addressbook_form', array($this, 'folder_form')); |
|
47 |
$this->add_hook('calendar_form_kolab', array($this, 'folder_form')); |
|
48 |
// Plugin actions |
|
49 |
$this->register_action('plugin.acl', array($this, 'acl_actions')); |
|
50 |
$this->register_action('plugin.acl-autocomplete', array($this, 'acl_autocomplete')); |
|
51 |
} |
|
52 |
|
|
53 |
/** |
|
54 |
* Handler for plugin actions (AJAX) |
|
55 |
*/ |
|
56 |
function acl_actions() |
|
57 |
{ |
61be82
|
58 |
$action = trim(rcube_utils::get_input_value('_act', rcube_utils::INPUT_GPC)); |
48e9c1
|
59 |
|
T |
60 |
// Connect to IMAP |
|
61 |
$this->rc->storage_init(); |
|
62 |
|
|
63 |
// Load localization and configuration |
|
64 |
$this->add_texts('localization/'); |
|
65 |
$this->load_config(); |
|
66 |
|
|
67 |
if ($action == 'save') { |
|
68 |
$this->action_save(); |
|
69 |
} |
|
70 |
else if ($action == 'delete') { |
|
71 |
$this->action_delete(); |
|
72 |
} |
|
73 |
else if ($action == 'list') { |
|
74 |
$this->action_list(); |
|
75 |
} |
|
76 |
|
|
77 |
// Only AJAX actions |
|
78 |
$this->rc->output->send(); |
|
79 |
} |
|
80 |
|
|
81 |
/** |
|
82 |
* Handler for user login autocomplete request |
|
83 |
*/ |
|
84 |
function acl_autocomplete() |
|
85 |
{ |
|
86 |
$this->load_config(); |
|
87 |
|
61be82
|
88 |
$search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true); |
017c4f
|
89 |
$reqid = rcube_utils::get_input_value('_reqid', rcube_utils::INPUT_GPC); |
48e9c1
|
90 |
$users = array(); |
43b225
|
91 |
$keys = array(); |
48e9c1
|
92 |
|
T |
93 |
if ($this->init_ldap()) { |
|
94 |
$max = (int) $this->rc->config->get('autocomplete_max', 15); |
|
95 |
$mode = (int) $this->rc->config->get('addressbook_search_mode'); |
|
96 |
|
|
97 |
$this->ldap->set_pagesize($max); |
|
98 |
$result = $this->ldap->search('*', $search, $mode); |
|
99 |
|
|
100 |
foreach ($result->records as $record) { |
|
101 |
$user = $record['uid']; |
|
102 |
|
|
103 |
if (is_array($user)) { |
|
104 |
$user = array_filter($user); |
|
105 |
$user = $user[0]; |
|
106 |
} |
|
107 |
|
|
108 |
if ($user) { |
43b225
|
109 |
$display = rcube_addressbook::compose_search_name($record); |
AM |
110 |
$user = array('name' => $user, 'display' => $display); |
48e9c1
|
111 |
$users[] = $user; |
43b225
|
112 |
$keys[] = $display ?: $user['name']; |
48e9c1
|
113 |
} |
T |
114 |
} |
ec2733
|
115 |
|
AM |
116 |
if ($this->rc->config->get('acl_groups')) { |
c1e2ce
|
117 |
$prefix = $this->rc->config->get('acl_group_prefix'); |
c7ac4b
|
118 |
$group_field = $this->rc->config->get('acl_group_field', 'name'); |
c1e2ce
|
119 |
$result = $this->ldap->list_groups($search, $mode); |
ec2733
|
120 |
|
AM |
121 |
foreach ($result as $record) { |
c1e2ce
|
122 |
$group = $record['name']; |
BN |
123 |
$group_id = is_array($record[$group_field]) ? $record[$group_field][0] : $record[$group_field]; |
ec2733
|
124 |
|
AM |
125 |
if ($group) { |
bec873
|
126 |
$users[] = array('name' => ($prefix ? $prefix : '') . $group_id, 'display' => $group, 'type' => 'group'); |
ec2733
|
127 |
$keys[] = $group; |
AM |
128 |
} |
|
129 |
} |
|
130 |
} |
48e9c1
|
131 |
} |
T |
132 |
|
43b225
|
133 |
if (count($users)) { |
AM |
134 |
// sort users index |
|
135 |
asort($keys, SORT_LOCALE_STRING); |
|
136 |
// re-sort users according to index |
|
137 |
foreach ($keys as $idx => $val) { |
|
138 |
$keys[$idx] = $users[$idx]; |
|
139 |
} |
|
140 |
$users = array_values($keys); |
|
141 |
} |
48e9c1
|
142 |
|
017c4f
|
143 |
$this->rc->output->command('ksearch_query_results', $users, $search, $reqid); |
48e9c1
|
144 |
$this->rc->output->send(); |
T |
145 |
} |
|
146 |
|
|
147 |
/** |
|
148 |
* Handler for 'folder_form' hook |
|
149 |
* |
|
150 |
* @param array $args Hook arguments array (form data) |
|
151 |
* |
|
152 |
* @return array Hook arguments array |
|
153 |
*/ |
|
154 |
function folder_form($args) |
|
155 |
{ |
|
156 |
$mbox_imap = $args['options']['name']; |
b866a2
|
157 |
$myrights = $args['options']['rights']; |
AM |
158 |
|
|
159 |
// Edited folder name (empty in create-folder mode) |
48e9c1
|
160 |
if (!strlen($mbox_imap)) { |
T |
161 |
return $args; |
|
162 |
} |
|
163 |
/* |
|
164 |
// Do nothing on protected folders (?) |
|
165 |
if ($args['options']['protected']) { |
|
166 |
return $args; |
|
167 |
} |
|
168 |
*/ |
|
169 |
// Get MYRIGHTS |
b866a2
|
170 |
if (empty($myrights)) { |
48e9c1
|
171 |
return $args; |
T |
172 |
} |
|
173 |
|
|
174 |
// Load localization and include scripts |
|
175 |
$this->load_config(); |
fc55bc
|
176 |
$this->specials = $this->rc->config->get('acl_specials', $this->specials); |
48e9c1
|
177 |
$this->add_texts('localization/', array('deleteconfirm', 'norights', |
f14784
|
178 |
'nouser', 'deleting', 'saving', 'newuser', 'editperms')); |
TB |
179 |
$this->rc->output->add_label('save', 'cancel'); |
48e9c1
|
180 |
$this->include_script('acl.js'); |
T |
181 |
$this->rc->output->include_script('list.js'); |
|
182 |
$this->include_stylesheet($this->local_skin_path().'/acl.css'); |
|
183 |
|
|
184 |
// add Info fieldset if it doesn't exist |
|
185 |
if (!isset($args['form']['props']['fieldsets']['info'])) |
|
186 |
$args['form']['props']['fieldsets']['info'] = array( |
61be82
|
187 |
'name' => $this->rc->gettext('info'), |
48e9c1
|
188 |
'content' => array()); |
T |
189 |
|
|
190 |
// Display folder rights to 'Info' fieldset |
|
191 |
$args['form']['props']['fieldsets']['info']['content']['myrights'] = array( |
61be82
|
192 |
'label' => rcube::Q($this->gettext('myrights')), |
48e9c1
|
193 |
'value' => $this->acl2text($myrights) |
T |
194 |
); |
|
195 |
|
|
196 |
// Return if not folder admin |
|
197 |
if (!in_array('a', $myrights)) { |
|
198 |
return $args; |
|
199 |
} |
|
200 |
|
|
201 |
// The 'Sharing' tab |
|
202 |
$this->mbox = $mbox_imap; |
|
203 |
$this->rc->output->set_env('acl_users_source', (bool) $this->rc->config->get('acl_users_source')); |
|
204 |
$this->rc->output->set_env('mailbox', $mbox_imap); |
|
205 |
$this->rc->output->add_handlers(array( |
|
206 |
'acltable' => array($this, 'templ_table'), |
|
207 |
'acluser' => array($this, 'templ_user'), |
|
208 |
'aclrights' => array($this, 'templ_rights'), |
|
209 |
)); |
|
210 |
|
|
211 |
$this->rc->output->set_env('autocomplete_max', (int)$this->rc->config->get('autocomplete_max', 15)); |
|
212 |
$this->rc->output->set_env('autocomplete_min_length', $this->rc->config->get('autocomplete_min_length')); |
|
213 |
$this->rc->output->add_label('autocompletechars', 'autocompletemore'); |
|
214 |
|
|
215 |
$args['form']['sharing'] = array( |
61be82
|
216 |
'name' => rcube::Q($this->gettext('sharing')), |
48e9c1
|
217 |
'content' => $this->rc->output->parse('acl.table', false, false), |
T |
218 |
); |
|
219 |
|
|
220 |
return $args; |
|
221 |
} |
|
222 |
|
|
223 |
/** |
|
224 |
* Creates ACL rights table |
|
225 |
* |
|
226 |
* @param array $attrib Template object attributes |
|
227 |
* |
|
228 |
* @return string HTML Content |
|
229 |
*/ |
|
230 |
function templ_table($attrib) |
|
231 |
{ |
|
232 |
if (empty($attrib['id'])) |
|
233 |
$attrib['id'] = 'acl-table'; |
|
234 |
|
|
235 |
$out = $this->list_rights($attrib); |
|
236 |
|
|
237 |
$this->rc->output->add_gui_object('acltable', $attrib['id']); |
|
238 |
|
|
239 |
return $out; |
|
240 |
} |
|
241 |
|
|
242 |
/** |
|
243 |
* Creates ACL rights form (rights list part) |
|
244 |
* |
|
245 |
* @param array $attrib Template object attributes |
|
246 |
* |
|
247 |
* @return string HTML Content |
|
248 |
*/ |
|
249 |
function templ_rights($attrib) |
|
250 |
{ |
|
251 |
// Get supported rights |
|
252 |
$supported = $this->rights_supported(); |
|
253 |
|
1aa497
|
254 |
// give plugins the opportunity to adjust this list |
TB |
255 |
$data = $this->rc->plugins->exec_hook('acl_rights_supported', |
|
256 |
array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array())); |
|
257 |
$supported = $data['rights']; |
|
258 |
|
48e9c1
|
259 |
// depending on server capability either use 'te' or 'd' for deleting msgs |
T |
260 |
$deleteright = implode(array_intersect(str_split('ted'), $supported)); |
|
261 |
|
|
262 |
$out = ''; |
|
263 |
$ul = ''; |
|
264 |
$input = new html_checkbox(); |
|
265 |
|
|
266 |
// Advanced rights |
|
267 |
$attrib['id'] = 'advancedrights'; |
2db42c
|
268 |
foreach ($supported as $key => $val) { |
AM |
269 |
$id = "acl$val"; |
48e9c1
|
270 |
$ul .= html::tag('li', null, |
T |
271 |
$input->show('', array( |
|
272 |
'name' => "acl[$val]", 'value' => $val, 'id' => $id)) |
|
273 |
. html::label(array('for' => $id, 'title' => $this->gettext('longacl'.$val)), |
|
274 |
$this->gettext('acl'.$val))); |
|
275 |
} |
|
276 |
|
|
277 |
$out = html::tag('ul', $attrib, $ul, html::$common_attrib); |
|
278 |
|
|
279 |
// Simple rights |
|
280 |
$ul = ''; |
|
281 |
$attrib['id'] = 'simplerights'; |
|
282 |
$items = array( |
|
283 |
'read' => 'lrs', |
|
284 |
'write' => 'wi', |
|
285 |
'delete' => $deleteright, |
|
286 |
'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)), |
|
287 |
); |
|
288 |
|
1aa497
|
289 |
// give plugins the opportunity to adjust this list |
TB |
290 |
$data = $this->rc->plugins->exec_hook('acl_rights_simple', |
|
291 |
array('rights' => $items, 'folder' => $this->mbox, 'labels' => array(), 'titles' => array())); |
|
292 |
|
|
293 |
foreach ($data['rights'] as $key => $val) { |
48e9c1
|
294 |
$id = "acl$key"; |
T |
295 |
$ul .= html::tag('li', null, |
|
296 |
$input->show('', array( |
|
297 |
'name' => "acl[$val]", 'value' => $val, 'id' => $id)) |
1aa497
|
298 |
. html::label(array('for' => $id, 'title' => $data['titles'][$key] ?: $this->gettext('longacl'.$key)), |
TB |
299 |
$data['labels'][$key] ?: $this->gettext('acl'.$key))); |
48e9c1
|
300 |
} |
T |
301 |
|
|
302 |
$out .= "\n" . html::tag('ul', $attrib, $ul, html::$common_attrib); |
|
303 |
|
1aa497
|
304 |
$this->rc->output->set_env('acl_items', $data['rights']); |
48e9c1
|
305 |
|
T |
306 |
return $out; |
|
307 |
} |
|
308 |
|
|
309 |
/** |
|
310 |
* Creates ACL rights form (user part) |
|
311 |
* |
|
312 |
* @param array $attrib Template object attributes |
|
313 |
* |
|
314 |
* @return string HTML Content |
|
315 |
*/ |
|
316 |
function templ_user($attrib) |
|
317 |
{ |
|
318 |
// Create username input |
|
319 |
$attrib['name'] = 'acluser'; |
|
320 |
|
|
321 |
$textfield = new html_inputfield($attrib); |
|
322 |
|
62c451
|
323 |
$fields['user'] = html::label(array('for' => $attrib['id']), $this->gettext('username')) |
48e9c1
|
324 |
. ' ' . $textfield->show(); |
T |
325 |
|
|
326 |
// Add special entries |
|
327 |
if (!empty($this->specials)) { |
|
328 |
foreach ($this->specials as $key) { |
|
329 |
$fields[$key] = html::label(array('for' => 'id'.$key), $this->gettext($key)); |
|
330 |
} |
|
331 |
} |
|
332 |
|
|
333 |
$this->rc->output->set_env('acl_specials', $this->specials); |
|
334 |
|
|
335 |
// Create list with radio buttons |
|
336 |
if (count($fields) > 1) { |
|
337 |
$ul = ''; |
|
338 |
$radio = new html_radiobutton(array('name' => 'usertype')); |
|
339 |
foreach ($fields as $key => $val) { |
|
340 |
$ul .= html::tag('li', null, $radio->show($key == 'user' ? 'user' : '', |
|
341 |
array('value' => $key, 'id' => 'id'.$key)) |
|
342 |
. $val); |
|
343 |
} |
|
344 |
|
f14784
|
345 |
$out = html::tag('ul', array('id' => 'usertype', 'class' => $attrib['class']), $ul, html::$common_attrib); |
48e9c1
|
346 |
} |
T |
347 |
// Display text input alone |
|
348 |
else { |
|
349 |
$out = $fields['user']; |
|
350 |
} |
|
351 |
|
|
352 |
return $out; |
|
353 |
} |
|
354 |
|
|
355 |
/** |
|
356 |
* Creates ACL rights table |
|
357 |
* |
|
358 |
* @param array $attrib Template object attributes |
|
359 |
* |
|
360 |
* @return string HTML Content |
|
361 |
*/ |
|
362 |
private function list_rights($attrib=array()) |
|
363 |
{ |
|
364 |
// Get ACL for the folder |
|
365 |
$acl = $this->rc->storage->get_acl($this->mbox); |
|
366 |
|
|
367 |
if (!is_array($acl)) { |
|
368 |
$acl = array(); |
|
369 |
} |
|
370 |
|
|
371 |
// Keep special entries (anyone/anonymous) on top of the list |
|
372 |
if (!empty($this->specials) && !empty($acl)) { |
|
373 |
foreach ($this->specials as $key) { |
|
374 |
if (isset($acl[$key])) { |
|
375 |
$acl_special[$key] = $acl[$key]; |
|
376 |
unset($acl[$key]); |
|
377 |
} |
|
378 |
} |
|
379 |
} |
|
380 |
|
|
381 |
// Sort the list by username |
|
382 |
uksort($acl, 'strnatcasecmp'); |
|
383 |
|
|
384 |
if (!empty($acl_special)) { |
|
385 |
$acl = array_merge($acl_special, $acl); |
|
386 |
} |
|
387 |
|
|
388 |
// Get supported rights and build column names |
|
389 |
$supported = $this->rights_supported(); |
|
390 |
|
1aa497
|
391 |
// give plugins the opportunity to adjust this list |
TB |
392 |
$data = $this->rc->plugins->exec_hook('acl_rights_supported', |
|
393 |
array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array())); |
|
394 |
$supported = $data['rights']; |
|
395 |
|
48e9c1
|
396 |
// depending on server capability either use 'te' or 'd' for deleting msgs |
T |
397 |
$deleteright = implode(array_intersect(str_split('ted'), $supported)); |
|
398 |
|
|
399 |
// Use advanced or simple (grouped) rights |
|
400 |
$advanced = $this->rc->config->get('acl_advanced_mode'); |
|
401 |
|
|
402 |
if ($advanced) { |
|
403 |
$items = array(); |
|
404 |
foreach ($supported as $sup) { |
|
405 |
$items[$sup] = $sup; |
|
406 |
} |
|
407 |
} |
|
408 |
else { |
|
409 |
$items = array( |
|
410 |
'read' => 'lrs', |
|
411 |
'write' => 'wi', |
|
412 |
'delete' => $deleteright, |
|
413 |
'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)), |
|
414 |
); |
1aa497
|
415 |
|
TB |
416 |
// give plugins the opportunity to adjust this list |
|
417 |
$data = $this->rc->plugins->exec_hook('acl_rights_simple', |
|
418 |
array('rights' => $items, 'folder' => $this->mbox, 'labels' => array())); |
|
419 |
$items = $data['rights']; |
48e9c1
|
420 |
} |
T |
421 |
|
|
422 |
// Create the table |
|
423 |
$attrib['noheader'] = true; |
|
424 |
$table = new html_table($attrib); |
|
425 |
|
|
426 |
// Create table header |
|
427 |
$table->add_header('user', $this->gettext('identifier')); |
|
428 |
foreach (array_keys($items) as $key) { |
1aa497
|
429 |
$label = $data['labels'][$key] ?: $this->gettext('shortacl'.$key); |
48e9c1
|
430 |
$table->add_header(array('class' => 'acl'.$key, 'title' => $label), $label); |
T |
431 |
} |
|
432 |
|
|
433 |
$js_table = array(); |
|
434 |
foreach ($acl as $user => $rights) { |
|
435 |
if ($this->rc->storage->conn->user == $user) { |
|
436 |
continue; |
|
437 |
} |
|
438 |
|
|
439 |
// filter out virtual rights (c or d) the server may return |
|
440 |
$userrights = array_intersect($rights, $supported); |
61be82
|
441 |
$userid = rcube_utils::html_identifier($user); |
48e9c1
|
442 |
|
T |
443 |
if (!empty($this->specials) && in_array($user, $this->specials)) { |
|
444 |
$user = $this->gettext($user); |
|
445 |
} |
|
446 |
|
|
447 |
$table->add_row(array('id' => 'rcmrow'.$userid)); |
62c451
|
448 |
$table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user))); |
48e9c1
|
449 |
|
T |
450 |
foreach ($items as $key => $right) { |
|
451 |
$in = $this->acl_compare($userrights, $right); |
|
452 |
switch ($in) { |
|
453 |
case 2: $class = 'enabled'; break; |
|
454 |
case 1: $class = 'partial'; break; |
|
455 |
default: $class = 'disabled'; break; |
|
456 |
} |
|
457 |
$table->add('acl' . $key . ' ' . $class, ''); |
|
458 |
} |
|
459 |
|
|
460 |
$js_table[$userid] = implode($userrights); |
|
461 |
} |
|
462 |
|
|
463 |
$this->rc->output->set_env('acl', $js_table); |
|
464 |
$this->rc->output->set_env('acl_advanced', $advanced); |
|
465 |
|
|
466 |
$out = $table->show(); |
|
467 |
|
|
468 |
return $out; |
|
469 |
} |
|
470 |
|
|
471 |
/** |
|
472 |
* Handler for ACL update/create action |
|
473 |
*/ |
|
474 |
private function action_save() |
|
475 |
{ |
681ba6
|
476 |
$mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); // UTF7-IMAP |
AM |
477 |
$user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)); |
|
478 |
$acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_POST)); |
|
479 |
$oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_POST)); |
48e9c1
|
480 |
|
c027ba
|
481 |
$acl = array_intersect(str_split($acl), $this->rights_supported()); |
AM |
482 |
$users = $oldid ? array($user) : explode(',', $user); |
|
483 |
$result = 0; |
48e9c1
|
484 |
|
T |
485 |
foreach ($users as $user) { |
ec2733
|
486 |
$user = trim($user); |
AM |
487 |
$prefix = $this->rc->config->get('acl_groups') ? $this->rc->config->get('acl_group_prefix') : ''; |
48e9c1
|
488 |
|
ec2733
|
489 |
if ($prefix && strpos($user, $prefix) === 0) { |
AM |
490 |
$username = $user; |
|
491 |
} |
|
492 |
else if (!empty($this->specials) && in_array($user, $this->specials)) { |
48e9c1
|
493 |
$username = $this->gettext($user); |
T |
494 |
} |
b61041
|
495 |
else if (!empty($user)) { |
48e9c1
|
496 |
if (!strpos($user, '@') && ($realm = $this->get_realm())) { |
61be82
|
497 |
$user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm)); |
48e9c1
|
498 |
} |
T |
499 |
$username = $user; |
|
500 |
} |
|
501 |
|
|
502 |
if (!$acl || !$user || !strlen($mbox)) { |
|
503 |
continue; |
|
504 |
} |
|
505 |
|
dfb926
|
506 |
$user = $this->mod_login($user); |
AM |
507 |
$username = $this->mod_login($username); |
|
508 |
|
48e9c1
|
509 |
if ($user != $_SESSION['username'] && $username != $_SESSION['username']) { |
T |
510 |
if ($this->rc->storage->set_acl($mbox, $user, $acl)) { |
61be82
|
511 |
$ret = array('id' => rcube_utils::html_identifier($user), |
48e9c1
|
512 |
'username' => $username, 'acl' => implode($acl), 'old' => $oldid); |
T |
513 |
$this->rc->output->command('acl_update', $ret); |
|
514 |
$result++; |
|
515 |
} |
|
516 |
} |
|
517 |
} |
|
518 |
|
|
519 |
if ($result) { |
|
520 |
$this->rc->output->show_message($oldid ? 'acl.updatesuccess' : 'acl.createsuccess', 'confirmation'); |
|
521 |
} |
|
522 |
else { |
|
523 |
$this->rc->output->show_message($oldid ? 'acl.updateerror' : 'acl.createerror', 'error'); |
|
524 |
} |
|
525 |
} |
|
526 |
|
|
527 |
/** |
|
528 |
* Handler for ACL delete action |
|
529 |
*/ |
|
530 |
private function action_delete() |
|
531 |
{ |
681ba6
|
532 |
$mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); //UTF7-IMAP |
AM |
533 |
$user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)); |
48e9c1
|
534 |
|
T |
535 |
$user = explode(',', $user); |
|
536 |
|
|
537 |
foreach ($user as $u) { |
|
538 |
$u = trim($u); |
|
539 |
if ($this->rc->storage->delete_acl($mbox, $u)) { |
61be82
|
540 |
$this->rc->output->command('acl_remove_row', rcube_utils::html_identifier($u)); |
48e9c1
|
541 |
} |
T |
542 |
else { |
|
543 |
$error = true; |
|
544 |
} |
|
545 |
} |
|
546 |
|
|
547 |
if (!$error) { |
|
548 |
$this->rc->output->show_message('acl.deletesuccess', 'confirmation'); |
|
549 |
} |
|
550 |
else { |
|
551 |
$this->rc->output->show_message('acl.deleteerror', 'error'); |
|
552 |
} |
|
553 |
} |
|
554 |
|
|
555 |
/** |
|
556 |
* Handler for ACL list update action (with display mode change) |
|
557 |
*/ |
|
558 |
private function action_list() |
|
559 |
{ |
|
560 |
if (in_array('acl_advanced_mode', (array)$this->rc->config->get('dont_override'))) { |
|
561 |
return; |
|
562 |
} |
|
563 |
|
61be82
|
564 |
$this->mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP |
AM |
565 |
$advanced = trim(rcube_utils::get_input_value('_mode', rcube_utils::INPUT_GPC)); |
48e9c1
|
566 |
$advanced = $advanced == 'advanced' ? true : false; |
T |
567 |
|
|
568 |
// Save state in user preferences |
|
569 |
$this->rc->user->save_prefs(array('acl_advanced_mode' => $advanced)); |
|
570 |
|
|
571 |
$out = $this->list_rights(); |
|
572 |
|
|
573 |
$out = preg_replace(array('/^<table[^>]+>/', '/<\/table>$/'), '', $out); |
|
574 |
|
|
575 |
$this->rc->output->command('acl_list_update', $out); |
|
576 |
} |
|
577 |
|
|
578 |
/** |
|
579 |
* Creates <UL> list with descriptive access rights |
|
580 |
* |
|
581 |
* @param array $rights MYRIGHTS result |
|
582 |
* |
|
583 |
* @return string HTML content |
|
584 |
*/ |
|
585 |
function acl2text($rights) |
|
586 |
{ |
|
587 |
if (empty($rights)) { |
|
588 |
return ''; |
|
589 |
} |
|
590 |
|
|
591 |
$supported = $this->rights_supported(); |
|
592 |
$list = array(); |
|
593 |
$attrib = array( |
|
594 |
'name' => 'rcmyrights', |
|
595 |
'style' => 'margin:0; padding:0 15px;', |
|
596 |
); |
|
597 |
|
|
598 |
foreach ($supported as $right) { |
|
599 |
if (in_array($right, $rights)) { |
61be82
|
600 |
$list[] = html::tag('li', null, rcube::Q($this->gettext('acl' . $right))); |
48e9c1
|
601 |
} |
T |
602 |
} |
|
603 |
|
|
604 |
if (count($list) == count($supported)) |
61be82
|
605 |
return rcube::Q($this->gettext('aclfull')); |
48e9c1
|
606 |
|
T |
607 |
return html::tag('ul', $attrib, implode("\n", $list)); |
|
608 |
} |
|
609 |
|
|
610 |
/** |
|
611 |
* Compares two ACLs (according to supported rights) |
|
612 |
* |
|
613 |
* @param array $acl1 ACL rights array (or string) |
|
614 |
* @param array $acl2 ACL rights array (or string) |
|
615 |
* |
|
616 |
* @param int Comparision result, 2 - full match, 1 - partial match, 0 - no match |
|
617 |
*/ |
|
618 |
function acl_compare($acl1, $acl2) |
|
619 |
{ |
|
620 |
if (!is_array($acl1)) $acl1 = str_split($acl1); |
|
621 |
if (!is_array($acl2)) $acl2 = str_split($acl2); |
|
622 |
|
|
623 |
$rights = $this->rights_supported(); |
|
624 |
|
|
625 |
$acl1 = array_intersect($acl1, $rights); |
|
626 |
$acl2 = array_intersect($acl2, $rights); |
|
627 |
$res = array_intersect($acl1, $acl2); |
|
628 |
|
|
629 |
$cnt1 = count($res); |
|
630 |
$cnt2 = count($acl2); |
|
631 |
|
|
632 |
if ($cnt1 == $cnt2) |
|
633 |
return 2; |
|
634 |
else if ($cnt1) |
|
635 |
return 1; |
|
636 |
else |
|
637 |
return 0; |
|
638 |
} |
|
639 |
|
|
640 |
/** |
|
641 |
* Get list of supported access rights (according to RIGHTS capability) |
|
642 |
* |
|
643 |
* @return array List of supported access rights abbreviations |
|
644 |
*/ |
|
645 |
function rights_supported() |
|
646 |
{ |
|
647 |
if ($this->supported !== null) { |
|
648 |
return $this->supported; |
|
649 |
} |
|
650 |
|
|
651 |
$capa = $this->rc->storage->get_capability('RIGHTS'); |
|
652 |
|
|
653 |
if (is_array($capa)) { |
|
654 |
$rights = strtolower($capa[0]); |
|
655 |
} |
|
656 |
else { |
|
657 |
$rights = 'cd'; |
|
658 |
} |
|
659 |
|
|
660 |
return $this->supported = str_split('lrswi' . $rights . 'pa'); |
|
661 |
} |
|
662 |
|
|
663 |
/** |
|
664 |
* Username realm detection. |
|
665 |
* |
|
666 |
* @return string Username realm (domain) |
|
667 |
*/ |
|
668 |
private function get_realm() |
|
669 |
{ |
|
670 |
// When user enters a username without domain part, realm |
654ac1
|
671 |
// allows to add it to the username (and display correct username in the table) |
48e9c1
|
672 |
|
T |
673 |
if (isset($_SESSION['acl_username_realm'])) { |
|
674 |
return $_SESSION['acl_username_realm']; |
|
675 |
} |
|
676 |
|
|
677 |
// find realm in username of logged user (?) |
|
678 |
list($name, $domain) = explode('@', $_SESSION['username']); |
|
679 |
|
|
680 |
// Use (always existent) ACL entry on the INBOX for the user to determine |
|
681 |
// whether or not the user ID in ACL entries need to be qualified and how |
|
682 |
// they would need to be qualified. |
|
683 |
if (empty($domain)) { |
|
684 |
$acl = $this->rc->storage->get_acl('INBOX'); |
|
685 |
if (is_array($acl)) { |
|
686 |
$regexp = '/^' . preg_quote($_SESSION['username'], '/') . '@(.*)$/'; |
|
687 |
foreach (array_keys($acl) as $name) { |
|
688 |
if (preg_match($regexp, $name, $matches)) { |
|
689 |
$domain = $matches[1]; |
|
690 |
break; |
|
691 |
} |
|
692 |
} |
|
693 |
} |
|
694 |
} |
|
695 |
|
|
696 |
return $_SESSION['acl_username_realm'] = $domain; |
|
697 |
} |
|
698 |
|
|
699 |
/** |
|
700 |
* Initializes autocomplete LDAP backend |
|
701 |
*/ |
|
702 |
private function init_ldap() |
|
703 |
{ |
43b225
|
704 |
if ($this->ldap) { |
48e9c1
|
705 |
return $this->ldap->ready; |
43b225
|
706 |
} |
48e9c1
|
707 |
|
T |
708 |
// get LDAP config |
|
709 |
$config = $this->rc->config->get('acl_users_source'); |
|
710 |
|
|
711 |
if (empty($config)) { |
|
712 |
return false; |
|
713 |
} |
|
714 |
|
|
715 |
// not an array, use configured ldap_public source |
|
716 |
if (!is_array($config)) { |
|
717 |
$ldap_config = (array) $this->rc->config->get('ldap_public'); |
43b225
|
718 |
$config = $ldap_config[$config]; |
48e9c1
|
719 |
} |
T |
720 |
|
|
721 |
$uid_field = $this->rc->config->get('acl_users_field', 'mail'); |
|
722 |
$filter = $this->rc->config->get('acl_users_filter'); |
|
723 |
|
|
724 |
if (empty($uid_field) || empty($config)) { |
|
725 |
return false; |
|
726 |
} |
|
727 |
|
|
728 |
// get name attribute |
|
729 |
if (!empty($config['fieldmap'])) { |
|
730 |
$name_field = $config['fieldmap']['name']; |
|
731 |
} |
|
732 |
// ... no fieldmap, use the old method |
|
733 |
if (empty($name_field)) { |
|
734 |
$name_field = $config['name_field']; |
|
735 |
} |
|
736 |
|
|
737 |
// add UID field to fieldmap, so it will be returned in a record with name |
0a96bd
|
738 |
$config['fieldmap']['name'] = $name_field; |
AM |
739 |
$config['fieldmap']['uid'] = $uid_field; |
48e9c1
|
740 |
|
T |
741 |
// search in UID and name fields |
818b78
|
742 |
// $name_field can be in a form of <field>:<modifier> (#1490591) |
AM |
743 |
$name_field = preg_replace('/:.*$/', '', $name_field); |
|
744 |
$search = array_unique(array($name_field, $uid_field)); |
|
745 |
|
|
746 |
$config['search_fields'] = $search; |
48e9c1
|
747 |
$config['required_fields'] = array($uid_field); |
T |
748 |
|
|
749 |
// set search filter |
43b225
|
750 |
if ($filter) { |
48e9c1
|
751 |
$config['filter'] = $filter; |
43b225
|
752 |
} |
48e9c1
|
753 |
|
T |
754 |
// disable vlv |
|
755 |
$config['vlv'] = false; |
|
756 |
|
|
757 |
// Initialize LDAP connection |
|
758 |
$this->ldap = new rcube_ldap($config, |
|
759 |
$this->rc->config->get('ldap_debug'), |
|
760 |
$this->rc->config->mail_domain($_SESSION['imap_host'])); |
|
761 |
|
|
762 |
return $this->ldap->ready; |
|
763 |
} |
dfb926
|
764 |
|
AM |
765 |
/** |
|
766 |
* Modify user login according to 'login_lc' setting |
|
767 |
*/ |
|
768 |
protected function mod_login($user) |
|
769 |
{ |
|
770 |
$login_lc = $this->rc->config->get('login_lc'); |
|
771 |
|
|
772 |
if ($login_lc === true || $login_lc == 2) { |
|
773 |
$user = mb_strtolower($user); |
|
774 |
} |
|
775 |
// lowercase domain name |
|
776 |
else if ($login_lc && strpos($user, '@')) { |
|
777 |
list($local, $domain) = explode('@', $user); |
|
778 |
$user = $local . '@' . mb_strtolower($domain); |
|
779 |
} |
|
780 |
|
|
781 |
return $user; |
|
782 |
} |
48e9c1
|
783 |
} |