| | |
| | | * |
| | | * Copyright (C) 2011-2012, Kolab Systems AG |
| | | * |
| | | * This program is free software; you can redistribute it and/or modify |
| | | * it under the terms of the GNU General Public License version 2 |
| | | * as published by the Free Software Foundation. |
| | | * This program is free software: you can redistribute it and/or modify |
| | | * it under the terms of the GNU General Public License as published by |
| | | * the Free Software Foundation, either version 3 of the License, or |
| | | * (at your option) any later version. |
| | | * |
| | | * This program is distributed in the hope that it will be useful, |
| | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| | | * GNU General Public License for more details. |
| | | * |
| | | * You should have received a copy of the GNU General Public License along |
| | | * with this program; if not, write to the Free Software Foundation, Inc., |
| | | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| | | * You should have received a copy of the GNU General Public License |
| | | * along with this program. If not, see http://www.gnu.org/licenses/. |
| | | */ |
| | | |
| | | class acl extends rcube_plugin |
| | |
| | | */ |
| | | function acl_actions() |
| | | { |
| | | $action = trim(get_input_value('_act', RCUBE_INPUT_GPC)); |
| | | $action = trim(rcube_utils::get_input_value('_act', rcube_utils::INPUT_GPC)); |
| | | |
| | | // Connect to IMAP |
| | | $this->rc->storage_init(); |
| | |
| | | { |
| | | $this->load_config(); |
| | | |
| | | $search = get_input_value('_search', RCUBE_INPUT_GPC, true); |
| | | $sid = get_input_value('_id', RCUBE_INPUT_GPC); |
| | | $search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true); |
| | | $reqid = rcube_utils::get_input_value('_reqid', rcube_utils::INPUT_GPC); |
| | | $users = array(); |
| | | $keys = array(); |
| | | |
| | | if ($this->init_ldap()) { |
| | | $max = (int) $this->rc->config->get('autocomplete_max', 15); |
| | |
| | | } |
| | | |
| | | if ($user) { |
| | | if ($record['name']) |
| | | $user = $record['name'] . ' (' . $user . ')'; |
| | | |
| | | $display = rcube_addressbook::compose_search_name($record); |
| | | $user = array('name' => $user, 'display' => $display); |
| | | $users[] = $user; |
| | | $keys[] = $display ?: $user['name']; |
| | | } |
| | | } |
| | | |
| | | if ($this->rc->config->get('acl_groups')) { |
| | | $prefix = $this->rc->config->get('acl_group_prefix'); |
| | | $group_field = $this->rc->config->get('acl_group_field', 'name'); |
| | | $result = $this->ldap->list_groups($search, $mode); |
| | | |
| | | foreach ($result as $record) { |
| | | $group = $record['name']; |
| | | $group_id = is_array($record[$group_field]) ? $record[$group_field][0] : $record[$group_field]; |
| | | |
| | | if ($group) { |
| | | $users[] = array('name' => ($prefix ? $prefix : '') . $group_id, 'display' => $group, 'type' => 'group'); |
| | | $keys[] = $group; |
| | | } |
| | | } |
| | | } |
| | | } |
| | | |
| | | sort($users, SORT_LOCALE_STRING); |
| | | if (count($users)) { |
| | | // sort users index |
| | | asort($keys, SORT_LOCALE_STRING); |
| | | // re-sort users according to index |
| | | foreach ($keys as $idx => $val) { |
| | | $keys[$idx] = $users[$idx]; |
| | | } |
| | | $users = array_values($keys); |
| | | } |
| | | |
| | | $this->rc->output->command('ksearch_query_results', $users, $search, $sid); |
| | | $this->rc->output->command('ksearch_query_results', $users, $search, $reqid); |
| | | $this->rc->output->send(); |
| | | } |
| | | |
| | |
| | | |
| | | // Load localization and include scripts |
| | | $this->load_config(); |
| | | $this->specials = $this->rc->config->get('acl_specials', $this->specials); |
| | | $this->add_texts('localization/', array('deleteconfirm', 'norights', |
| | | 'nouser', 'deleting', 'saving')); |
| | | 'nouser', 'deleting', 'saving', 'newuser', 'editperms')); |
| | | $this->rc->output->add_label('save', 'cancel'); |
| | | $this->include_script('acl.js'); |
| | | $this->rc->output->include_script('list.js'); |
| | | $this->include_stylesheet($this->local_skin_path().'/acl.css'); |
| | |
| | | // add Info fieldset if it doesn't exist |
| | | if (!isset($args['form']['props']['fieldsets']['info'])) |
| | | $args['form']['props']['fieldsets']['info'] = array( |
| | | 'name' => rcube_label('info'), |
| | | 'name' => $this->rc->gettext('info'), |
| | | 'content' => array()); |
| | | |
| | | // Display folder rights to 'Info' fieldset |
| | | $args['form']['props']['fieldsets']['info']['content']['myrights'] = array( |
| | | 'label' => Q($this->gettext('myrights')), |
| | | 'label' => rcube::Q($this->gettext('myrights')), |
| | | 'value' => $this->acl2text($myrights) |
| | | ); |
| | | |
| | |
| | | $this->rc->output->add_label('autocompletechars', 'autocompletemore'); |
| | | |
| | | $args['form']['sharing'] = array( |
| | | 'name' => Q($this->gettext('sharing')), |
| | | 'name' => rcube::Q($this->gettext('sharing')), |
| | | 'content' => $this->rc->output->parse('acl.table', false, false), |
| | | ); |
| | | |
| | |
| | | // Get supported rights |
| | | $supported = $this->rights_supported(); |
| | | |
| | | // give plugins the opportunity to adjust this list |
| | | $data = $this->rc->plugins->exec_hook('acl_rights_supported', |
| | | array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array())); |
| | | $supported = $data['rights']; |
| | | |
| | | // depending on server capability either use 'te' or 'd' for deleting msgs |
| | | $deleteright = implode(array_intersect(str_split('ted'), $supported)); |
| | | |
| | |
| | | |
| | | // Advanced rights |
| | | $attrib['id'] = 'advancedrights'; |
| | | foreach ($supported as $val) { |
| | | foreach ($supported as $key => $val) { |
| | | $id = "acl$val"; |
| | | $ul .= html::tag('li', null, |
| | | $input->show('', array( |
| | |
| | | 'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)), |
| | | ); |
| | | |
| | | foreach ($items as $key => $val) { |
| | | // give plugins the opportunity to adjust this list |
| | | $data = $this->rc->plugins->exec_hook('acl_rights_simple', |
| | | array('rights' => $items, 'folder' => $this->mbox, 'labels' => array(), 'titles' => array())); |
| | | |
| | | foreach ($data['rights'] as $key => $val) { |
| | | $id = "acl$key"; |
| | | $ul .= html::tag('li', null, |
| | | $input->show('', array( |
| | | 'name' => "acl[$val]", 'value' => $val, 'id' => $id)) |
| | | . html::label(array('for' => $id, 'title' => $this->gettext('longacl'.$key)), |
| | | $this->gettext('acl'.$key))); |
| | | . html::label(array('for' => $id, 'title' => $data['titles'][$key] ?: $this->gettext('longacl'.$key)), |
| | | $data['labels'][$key] ?: $this->gettext('acl'.$key))); |
| | | } |
| | | |
| | | $out .= "\n" . html::tag('ul', $attrib, $ul, html::$common_attrib); |
| | | |
| | | $this->rc->output->set_env('acl_items', $items); |
| | | $this->rc->output->set_env('acl_items', $data['rights']); |
| | | |
| | | return $out; |
| | | } |
| | |
| | | |
| | | $textfield = new html_inputfield($attrib); |
| | | |
| | | $fields['user'] = html::label(array('for' => 'iduser'), $this->gettext('username')) |
| | | $fields['user'] = html::label(array('for' => $attrib['id']), $this->gettext('username')) |
| | | . ' ' . $textfield->show(); |
| | | |
| | | // Add special entries |
| | |
| | | . $val); |
| | | } |
| | | |
| | | $out = html::tag('ul', array('id' => 'usertype'), $ul, html::$common_attrib); |
| | | $out = html::tag('ul', array('id' => 'usertype', 'class' => $attrib['class']), $ul, html::$common_attrib); |
| | | } |
| | | // Display text input alone |
| | | else { |
| | |
| | | // Get supported rights and build column names |
| | | $supported = $this->rights_supported(); |
| | | |
| | | // give plugins the opportunity to adjust this list |
| | | $data = $this->rc->plugins->exec_hook('acl_rights_supported', |
| | | array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array())); |
| | | $supported = $data['rights']; |
| | | |
| | | // depending on server capability either use 'te' or 'd' for deleting msgs |
| | | $deleteright = implode(array_intersect(str_split('ted'), $supported)); |
| | | |
| | |
| | | 'delete' => $deleteright, |
| | | 'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)), |
| | | ); |
| | | |
| | | // give plugins the opportunity to adjust this list |
| | | $data = $this->rc->plugins->exec_hook('acl_rights_simple', |
| | | array('rights' => $items, 'folder' => $this->mbox, 'labels' => array())); |
| | | $items = $data['rights']; |
| | | } |
| | | |
| | | // Create the table |
| | |
| | | // Create table header |
| | | $table->add_header('user', $this->gettext('identifier')); |
| | | foreach (array_keys($items) as $key) { |
| | | $label = $this->gettext('shortacl'.$key); |
| | | $label = $data['labels'][$key] ?: $this->gettext('shortacl'.$key); |
| | | $table->add_header(array('class' => 'acl'.$key, 'title' => $label), $label); |
| | | } |
| | | |
| | | $i = 1; |
| | | $js_table = array(); |
| | | foreach ($acl as $user => $rights) { |
| | | if ($this->rc->storage->conn->user == $user) { |
| | |
| | | |
| | | // filter out virtual rights (c or d) the server may return |
| | | $userrights = array_intersect($rights, $supported); |
| | | $userid = html_identifier($user); |
| | | $userid = rcube_utils::html_identifier($user); |
| | | |
| | | if (!empty($this->specials) && in_array($user, $this->specials)) { |
| | | $user = $this->gettext($user); |
| | | } |
| | | |
| | | $table->add_row(array('id' => 'rcmrow'.$userid)); |
| | | $table->add('user', Q($user)); |
| | | $table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user))); |
| | | |
| | | foreach ($items as $key => $right) { |
| | | $in = $this->acl_compare($userrights, $right); |
| | |
| | | */ |
| | | private function action_save() |
| | | { |
| | | $mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true)); // UTF7-IMAP |
| | | $user = trim(get_input_value('_user', RCUBE_INPUT_GPC)); |
| | | $acl = trim(get_input_value('_acl', RCUBE_INPUT_GPC)); |
| | | $oldid = trim(get_input_value('_old', RCUBE_INPUT_GPC)); |
| | | $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); // UTF7-IMAP |
| | | $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)); |
| | | $acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_POST)); |
| | | $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_POST)); |
| | | |
| | | $acl = array_intersect(str_split($acl), $this->rights_supported()); |
| | | $users = $oldid ? array($user) : explode(',', $user); |
| | | $acl = array_intersect(str_split($acl), $this->rights_supported()); |
| | | $users = $oldid ? array($user) : explode(',', $user); |
| | | $result = 0; |
| | | |
| | | foreach ($users as $user) { |
| | | $user = trim($user); |
| | | $user = trim($user); |
| | | $prefix = $this->rc->config->get('acl_groups') ? $this->rc->config->get('acl_group_prefix') : ''; |
| | | |
| | | if (!empty($this->specials) && in_array($user, $this->specials)) { |
| | | if ($prefix && strpos($user, $prefix) === 0) { |
| | | $username = $user; |
| | | } |
| | | else if (!empty($this->specials) && in_array($user, $this->specials)) { |
| | | $username = $this->gettext($user); |
| | | } |
| | | else { |
| | | else if (!empty($user)) { |
| | | if (!strpos($user, '@') && ($realm = $this->get_realm())) { |
| | | $user .= '@' . rcube_idn_to_ascii(preg_replace('/^@/', '', $realm)); |
| | | $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm)); |
| | | } |
| | | $username = $user; |
| | | } |
| | |
| | | continue; |
| | | } |
| | | |
| | | $user = $this->mod_login($user); |
| | | $username = $this->mod_login($username); |
| | | |
| | | if ($user != $_SESSION['username'] && $username != $_SESSION['username']) { |
| | | if ($this->rc->storage->set_acl($mbox, $user, $acl)) { |
| | | $ret = array('id' => html_identifier($user), |
| | | $ret = array('id' => rcube_utils::html_identifier($user), |
| | | 'username' => $username, 'acl' => implode($acl), 'old' => $oldid); |
| | | $this->rc->output->command('acl_update', $ret); |
| | | $result++; |
| | |
| | | */ |
| | | private function action_delete() |
| | | { |
| | | $mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true)); //UTF7-IMAP |
| | | $user = trim(get_input_value('_user', RCUBE_INPUT_GPC)); |
| | | $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); //UTF7-IMAP |
| | | $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST)); |
| | | |
| | | $user = explode(',', $user); |
| | | |
| | | foreach ($user as $u) { |
| | | $u = trim($u); |
| | | if ($this->rc->storage->delete_acl($mbox, $u)) { |
| | | $this->rc->output->command('acl_remove_row', html_identifier($u)); |
| | | $this->rc->output->command('acl_remove_row', rcube_utils::html_identifier($u)); |
| | | } |
| | | else { |
| | | $error = true; |
| | |
| | | return; |
| | | } |
| | | |
| | | $this->mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true)); // UTF7-IMAP |
| | | $advanced = trim(get_input_value('_mode', RCUBE_INPUT_GPC)); |
| | | $this->mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP |
| | | $advanced = trim(rcube_utils::get_input_value('_mode', rcube_utils::INPUT_GPC)); |
| | | $advanced = $advanced == 'advanced' ? true : false; |
| | | |
| | | // Save state in user preferences |
| | |
| | | |
| | | foreach ($supported as $right) { |
| | | if (in_array($right, $rights)) { |
| | | $list[] = html::tag('li', null, Q($this->gettext('acl' . $right))); |
| | | $list[] = html::tag('li', null, rcube::Q($this->gettext('acl' . $right))); |
| | | } |
| | | } |
| | | |
| | | if (count($list) == count($supported)) |
| | | return Q($this->gettext('aclfull')); |
| | | return rcube::Q($this->gettext('aclfull')); |
| | | |
| | | return html::tag('ul', $attrib, implode("\n", $list)); |
| | | } |
| | |
| | | */ |
| | | private function init_ldap() |
| | | { |
| | | if ($this->ldap) |
| | | if ($this->ldap) { |
| | | return $this->ldap->ready; |
| | | } |
| | | |
| | | // get LDAP config |
| | | $config = $this->rc->config->get('acl_users_source'); |
| | |
| | | // not an array, use configured ldap_public source |
| | | if (!is_array($config)) { |
| | | $ldap_config = (array) $this->rc->config->get('ldap_public'); |
| | | $config = $ldap_config[$config]; |
| | | $config = $ldap_config[$config]; |
| | | } |
| | | |
| | | $uid_field = $this->rc->config->get('acl_users_field', 'mail'); |
| | |
| | | } |
| | | |
| | | // add UID field to fieldmap, so it will be returned in a record with name |
| | | $config['fieldmap'] = array( |
| | | 'name' => $name_field, |
| | | 'uid' => $uid_field, |
| | | ); |
| | | $config['fieldmap']['name'] = $name_field; |
| | | $config['fieldmap']['uid'] = $uid_field; |
| | | |
| | | // search in UID and name fields |
| | | $config['search_fields'] = array_values($config['fieldmap']); |
| | | // $name_field can be in a form of <field>:<modifier> (#1490591) |
| | | $name_field = preg_replace('/:.*$/', '', $name_field); |
| | | $search = array_unique(array($name_field, $uid_field)); |
| | | |
| | | $config['search_fields'] = $search; |
| | | $config['required_fields'] = array($uid_field); |
| | | |
| | | // set search filter |
| | | if ($filter) |
| | | if ($filter) { |
| | | $config['filter'] = $filter; |
| | | } |
| | | |
| | | // disable vlv |
| | | $config['vlv'] = false; |
| | |
| | | |
| | | return $this->ldap->ready; |
| | | } |
| | | |
| | | /** |
| | | * Modify user login according to 'login_lc' setting |
| | | */ |
| | | protected function mod_login($user) |
| | | { |
| | | $login_lc = $this->rc->config->get('login_lc'); |
| | | |
| | | if ($login_lc === true || $login_lc == 2) { |
| | | $user = mb_strtolower($user); |
| | | } |
| | | // lowercase domain name |
| | | else if ($login_lc && strpos($user, '@')) { |
| | | list($local, $domain) = explode('@', $user); |
| | | $user = $local . '@' . mb_strtolower($domain); |
| | | } |
| | | |
| | | return $user; |
| | | } |
| | | } |