robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
22 Commits
2 Branches
Tree: 66eaa0da8a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66eaa0da8a'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.2.2/plugins/acl/acl.php

acl.php 25KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783 
  1. <?php

  2. 

  3. /**

  4.  * Folders Access Control Lists Management (RFC4314, RFC2086)

  5.  *

  6.  * @version @package_version@

  7.  * @author Aleksander Machniak <alec@alec.pl>

  8.  *

  9.  *

  10.  * Copyright (C) 2011-2012, Kolab Systems AG

  11.  *

  12.  * This program is free software: you can redistribute it and/or modify

  13.  * it under the terms of the GNU General Public License as published by

  14.  * the Free Software Foundation, either version 3 of the License, or

  15.  * (at your option) any later version.

  16.  *

  17.  * This program is distributed in the hope that it will be useful,

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  20.  * GNU General Public License for more details.

  21.  *

  22.  * You should have received a copy of the GNU General Public License

  23.  * along with this program. If not, see http://www.gnu.org/licenses/.

  24.  */

  25. 

  26. class acl extends rcube_plugin

  27. {

  28.     public $task = 'settings|addressbook|calendar';

  29. 

  30.     private $rc;

  31.     private $supported = null;

  32.     private $mbox;

  33.     private $ldap;

  34.     private $specials = array('anyone', 'anonymous');

  35. 

  36.     /**

  37.      * Plugin initialization

  38.      */

  39.     function init()

  40.     {

  41.         $this->rc = rcmail::get_instance();

  42. 

  43.         // Register hooks

  44.         $this->add_hook('folder_form', array($this, 'folder_form'));

  45.         // kolab_addressbook plugin

  46.         $this->add_hook('addressbook_form', array($this, 'folder_form'));

  47.         $this->add_hook('calendar_form_kolab', array($this, 'folder_form'));

  48.         // Plugin actions

  49.         $this->register_action('plugin.acl', array($this, 'acl_actions'));

  50.         $this->register_action('plugin.acl-autocomplete', array($this, 'acl_autocomplete'));

  51.     }

  52. 

  53.     /**

  54.      * Handler for plugin actions (AJAX)

  55.      */

  56.     function acl_actions()

  57.     {

  58.         $action = trim(rcube_utils::get_input_value('_act', rcube_utils::INPUT_GPC));

  59. 

  60.         // Connect to IMAP

  61.         $this->rc->storage_init();

  62. 

  63.         // Load localization and configuration

  64.         $this->add_texts('localization/');

  65.         $this->load_config();

  66. 

  67.         if ($action == 'save') {

  68.             $this->action_save();

  69.         }

  70.         else if ($action == 'delete') {

  71.             $this->action_delete();

  72.         }

  73.         else if ($action == 'list') {

  74.             $this->action_list();

  75.         }

  76. 

  77.         // Only AJAX actions

  78.         $this->rc->output->send();

  79.     }

  80. 

  81.     /**

  82.      * Handler for user login autocomplete request

  83.      */

  84.     function acl_autocomplete()

  85.     {

  86.         $this->load_config();

  87. 

  88.         $search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true);

  89.         $reqid  = rcube_utils::get_input_value('_reqid', rcube_utils::INPUT_GPC);

  90.         $users  = array();

  91.         $keys   = array();

  92. 

  93.         if ($this->init_ldap()) {

  94.             $max  = (int) $this->rc->config->get('autocomplete_max', 15);

  95.             $mode = (int) $this->rc->config->get('addressbook_search_mode');

  96. 

  97.             $this->ldap->set_pagesize($max);

  98.             $result = $this->ldap->search('*', $search, $mode);

  99. 

  100.             foreach ($result->records as $record) {

  101.                 $user = $record['uid'];

  102. 

  103.                 if (is_array($user)) {

  104.                     $user = array_filter($user);

  105.                     $user = $user[0];

  106.                 }

  107. 

  108.                 if ($user) {

  109.                     $display = rcube_addressbook::compose_search_name($record);

  110.                     $user    = array('name' => $user, 'display' => $display);

  111.                     $users[] = $user;

  112.                     $keys[]  = $display ?: $user['name'];

  113.                 }

  114.             }

  115. 

  116.             if ($this->rc->config->get('acl_groups')) {

  117.                 $prefix      = $this->rc->config->get('acl_group_prefix');

  118.                 $group_field = $this->rc->config->get('acl_group_field', 'name');

  119.                 $result      = $this->ldap->list_groups($search, $mode);

  120. 

  121.                 foreach ($result as $record) {

  122.                     $group    = $record['name'];

  123.                     $group_id = is_array($record[$group_field]) ? $record[$group_field][0] : $record[$group_field];

  124. 

  125.                     if ($group) {

  126.                         $users[] = array('name' => ($prefix ?: '') . $group_id, 'display' => $group, 'type' => 'group');

  127.                         $keys[]  = $group;

  128.                     }

  129.                 }

  130.             }

  131.         }

  132. 

  133.         if (count($users)) {

  134.             // sort users index

  135.             asort($keys, SORT_LOCALE_STRING);

  136.             // re-sort users according to index

  137.             foreach ($keys as $idx => $val) {

  138.                 $keys[$idx] = $users[$idx];

  139.             }

  140.             $users = array_values($keys);

  141.         }

  142. 

  143.         $this->rc->output->command('ksearch_query_results', $users, $search, $reqid);

  144.         $this->rc->output->send();

  145.     }

  146. 

  147.     /**

  148.      * Handler for 'folder_form' hook

  149.      *

  150.      * @param array $args Hook arguments array (form data)

  151.      *

  152.      * @return array Hook arguments array

  153.      */

  154.     function folder_form($args)

  155.     {

  156.         $mbox_imap = $args['options']['name'];

  157.         $myrights  = $args['options']['rights'];

  158. 

  159.         // Edited folder name (empty in create-folder mode)

  160.         if (!strlen($mbox_imap)) {

  161.             return $args;

  162.         }

  163. /*

  164.         // Do nothing on protected folders (?)

  165.         if ($args['options']['protected']) {

  166.             return $args;

  167.         }

  168. */

  169.         // Get MYRIGHTS

  170.         if (empty($myrights)) {

  171.             return $args;

  172.         }

  173. 

  174.         // Load localization and include scripts

  175.         $this->load_config();

  176.         $this->specials = $this->rc->config->get('acl_specials', $this->specials);

  177.         $this->add_texts('localization/', array('deleteconfirm', 'norights',

  178.             'nouser', 'deleting', 'saving', 'newuser', 'editperms'));

  179.         $this->rc->output->add_label('save', 'cancel');

  180.         $this->include_script('acl.js');

  181.         $this->rc->output->include_script('list.js');

  182.         $this->include_stylesheet($this->local_skin_path().'/acl.css');

  183. 

  184.         // add Info fieldset if it doesn't exist

  185.         if (!isset($args['form']['props']['fieldsets']['info']))

  186.             $args['form']['props']['fieldsets']['info'] = array(

  187.                 'name'  => $this->rc->gettext('info'),

  188.                 'content' => array());

  189. 

  190.         // Display folder rights to 'Info' fieldset

  191.         $args['form']['props']['fieldsets']['info']['content']['myrights'] = array(

  192.             'label' => rcube::Q($this->gettext('myrights')),

  193.             'value' => $this->acl2text($myrights)

  194.         );

  195. 

  196.         // Return if not folder admin

  197.         if (!in_array('a', $myrights)) {

  198.             return $args;

  199.         }

  200. 

  201.         // The 'Sharing' tab

  202.         $this->mbox = $mbox_imap;

  203.         $this->rc->output->set_env('acl_users_source', (bool) $this->rc->config->get('acl_users_source'));

  204.         $this->rc->output->set_env('mailbox', $mbox_imap);

  205.         $this->rc->output->add_handlers(array(

  206.             'acltable'  => array($this, 'templ_table'),

  207.             'acluser'   => array($this, 'templ_user'),

  208.             'aclrights' => array($this, 'templ_rights'),

  209.         ));

  210. 

  211.         $this->rc->output->set_env('autocomplete_max', (int)$this->rc->config->get('autocomplete_max', 15));

  212.         $this->rc->output->set_env('autocomplete_min_length', $this->rc->config->get('autocomplete_min_length'));

  213.         $this->rc->output->add_label('autocompletechars', 'autocompletemore');

  214. 

  215.         $args['form']['sharing'] = array(

  216.             'name'    => rcube::Q($this->gettext('sharing')),

  217.             'content' => $this->rc->output->parse('acl.table', false, false),

  218.         );

  219. 

  220.         return $args;

  221.     }

  222. 

  223.     /**

  224.      * Creates ACL rights table

  225.      *

  226.      * @param array $attrib Template object attributes

  227.      *

  228.      * @return string HTML Content

  229.      */

  230.     function templ_table($attrib)

  231.     {

  232.         if (empty($attrib['id']))

  233.             $attrib['id'] = 'acl-table';

  234. 

  235.         $out = $this->list_rights($attrib);

  236. 

  237.         $this->rc->output->add_gui_object('acltable', $attrib['id']);

  238. 

  239.         return $out;

  240.     }

  241. 

  242.     /**

  243.      * Creates ACL rights form (rights list part)

  244.      *

  245.      * @param array $attrib Template object attributes

  246.      *

  247.      * @return string HTML Content

  248.      */

  249.     function templ_rights($attrib)

  250.     {

  251.         // Get supported rights

  252.         $supported = $this->rights_supported();

  253. 

  254.         // give plugins the opportunity to adjust this list

  255.         $data = $this->rc->plugins->exec_hook('acl_rights_supported',

  256.             array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array()));

  257.         $supported = $data['rights'];

  258. 

  259.         // depending on server capability either use 'te' or 'd' for deleting msgs

  260.         $deleteright = implode(array_intersect(str_split('ted'), $supported));

  261. 

  262.         $out = '';

  263.         $ul  = '';

  264.         $input = new html_checkbox();

  265. 

  266.         // Advanced rights

  267.         $attrib['id'] = 'advancedrights';

  268.         foreach ($supported as $key => $val) {

  269.             $id = "acl$val";

  270.             $ul .= html::tag('li', null,

  271.                 $input->show('', array(

  272.                     'name' => "acl[$val]", 'value' => $val, 'id' => $id))

  273.                 . html::label(array('for' => $id, 'title' => $this->gettext('longacl'.$val)),

  274.                     $this->gettext('acl'.$val)));

  275.         }

  276. 

  277.         $out = html::tag('ul', $attrib, $ul, html::$common_attrib);

  278. 

  279.         // Simple rights

  280.         $ul = '';

  281.         $attrib['id'] = 'simplerights';

  282.         $items = array(

  283.             'read' => 'lrs',

  284.             'write' => 'wi',

  285.             'delete' => $deleteright,

  286.             'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),

  287.         );

  288. 

  289.         // give plugins the opportunity to adjust this list

  290.         $data = $this->rc->plugins->exec_hook('acl_rights_simple',

  291.             array('rights' => $items, 'folder' => $this->mbox, 'labels' => array(), 'titles' => array()));

  292. 

  293.         foreach ($data['rights'] as $key => $val) {

  294.             $id = "acl$key";

  295.             $ul .= html::tag('li', null,

  296.                 $input->show('', array(

  297.                     'name' => "acl[$val]", 'value' => $val, 'id' => $id))

  298.                 . html::label(array('for' => $id, 'title' => $data['titles'][$key] ?: $this->gettext('longacl'.$key)),

  299.                     $data['labels'][$key] ?: $this->gettext('acl'.$key)));

  300.         }

  301. 

  302.         $out .= "\n" . html::tag('ul', $attrib, $ul, html::$common_attrib);

  303. 

  304.         $this->rc->output->set_env('acl_items', $data['rights']);

  305. 

  306.         return $out;

  307.     }

  308. 

  309.     /**

  310.      * Creates ACL rights form (user part)

  311.      *

  312.      * @param array $attrib Template object attributes

  313.      *

  314.      * @return string HTML Content

  315.      */

  316.     function templ_user($attrib)

  317.     {

  318.         // Create username input

  319.         $attrib['name'] = 'acluser';

  320. 

  321.         $textfield = new html_inputfield($attrib);

  322. 

  323.         $fields['user'] = html::label(array('for' => $attrib['id']), $this->gettext('username'))

  324.             . ' ' . $textfield->show();

  325. 

  326.         // Add special entries

  327.         if (!empty($this->specials)) {

  328.             foreach ($this->specials as $key) {

  329.                 $fields[$key] = html::label(array('for' => 'id'.$key), $this->gettext($key));

  330.             }

  331.         }

  332. 

  333.         $this->rc->output->set_env('acl_specials', $this->specials);

  334. 

  335.         // Create list with radio buttons

  336.         if (count($fields) > 1) {

  337.             $ul = '';

  338.             $radio = new html_radiobutton(array('name' => 'usertype'));

  339.             foreach ($fields as $key => $val) {

  340.                 $ul .= html::tag('li', null, $radio->show($key == 'user' ? 'user' : '',

  341.                         array('value' => $key, 'id' => 'id'.$key))

  342.                     . $val);

  343.             }

  344. 

  345.             $out = html::tag('ul', array('id' => 'usertype', 'class' => $attrib['class']), $ul, html::$common_attrib);

  346.         }

  347.         // Display text input alone

  348.         else {

  349.             $out = $fields['user'];

  350.         }

  351. 

  352.         return $out;

  353.     }

  354. 

  355.     /**

  356.      * Creates ACL rights table

  357.      *

  358.      * @param array $attrib Template object attributes

  359.      *

  360.      * @return string HTML Content

  361.      */

  362.     private function list_rights($attrib=array())

  363.     {

  364.         // Get ACL for the folder

  365.         $acl = $this->rc->storage->get_acl($this->mbox);

  366. 

  367.         if (!is_array($acl)) {

  368.             $acl = array();

  369.         }

  370. 

  371.         // Keep special entries (anyone/anonymous) on top of the list

  372.         if (!empty($this->specials) && !empty($acl)) {

  373.             foreach ($this->specials as $key) {

  374.                 if (isset($acl[$key])) {

  375.                     $acl_special[$key] = $acl[$key];

  376.                     unset($acl[$key]);

  377.                 }

  378.             }

  379.         }

  380. 

  381.         // Sort the list by username

  382.         uksort($acl, 'strnatcasecmp');

  383. 

  384.         if (!empty($acl_special)) {

  385.             $acl = array_merge($acl_special, $acl);

  386.         }

  387. 

  388.         // Get supported rights and build column names

  389.         $supported = $this->rights_supported();

  390. 

  391.         // give plugins the opportunity to adjust this list

  392.         $data = $this->rc->plugins->exec_hook('acl_rights_supported',

  393.             array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array()));

  394.         $supported = $data['rights'];

  395. 

  396.         // depending on server capability either use 'te' or 'd' for deleting msgs

  397.         $deleteright = implode(array_intersect(str_split('ted'), $supported));

  398. 

  399.         // Use advanced or simple (grouped) rights

  400.         $advanced = $this->rc->config->get('acl_advanced_mode');

  401. 

  402.         if ($advanced) {

  403.             $items = array();

  404.             foreach ($supported as $sup) {

  405.                 $items[$sup] = $sup;

  406.             }

  407.         }

  408.         else {

  409.             $items = array(

  410.                 'read' => 'lrs',

  411.                 'write' => 'wi',

  412.                 'delete' => $deleteright,

  413.                 'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),

  414.             );

  415. 

  416.             // give plugins the opportunity to adjust this list

  417.             $data = $this->rc->plugins->exec_hook('acl_rights_simple',

  418.                 array('rights' => $items, 'folder' => $this->mbox, 'labels' => array()));

  419.             $items = $data['rights'];

  420.         }

  421. 

  422.         // Create the table

  423.         $attrib['noheader'] = true;

  424.         $table = new html_table($attrib);

  425. 

  426.         // Create table header

  427.         $table->add_header('user', $this->gettext('identifier'));

  428.         foreach (array_keys($items) as $key) {

  429.             $label = $data['labels'][$key] ?: $this->gettext('shortacl'.$key);

  430.             $table->add_header(array('class' => 'acl'.$key, 'title' => $label), $label);

  431.         }

  432. 

  433.         $js_table = array();

  434.         foreach ($acl as $user => $rights) {

  435.             if ($this->rc->storage->conn->user == $user) {

  436.                 continue;

  437.             }

  438. 

  439.             // filter out virtual rights (c or d) the server may return

  440.             $userrights = array_intersect($rights, $supported);

  441.             $userid = rcube_utils::html_identifier($user);

  442. 

  443.             if (!empty($this->specials) && in_array($user, $this->specials)) {

  444.                 $user = $this->gettext($user);

  445.             }

  446. 

  447.             $table->add_row(array('id' => 'rcmrow'.$userid));

  448.             $table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user)));

  449. 

  450.             foreach ($items as $key => $right) {

  451.                 $in = $this->acl_compare($userrights, $right);

  452.                 switch ($in) {

  453.                     case 2: $class = 'enabled'; break;

  454.                     case 1: $class = 'partial'; break;

  455.                     default: $class = 'disabled'; break;

  456.                 }

  457.                 $table->add('acl' . $key . ' ' . $class, '');

  458.             }

  459. 

  460.             $js_table[$userid] = implode($userrights);

  461.         }

  462. 

  463.         $this->rc->output->set_env('acl', $js_table);

  464.         $this->rc->output->set_env('acl_advanced', $advanced);

  465. 

  466.         $out = $table->show();

  467. 

  468.         return $out;

  469.     }

  470. 

  471.     /**

  472.      * Handler for ACL update/create action

  473.      */

  474.     private function action_save()

  475.     {

  476.         $mbox  = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); // UTF7-IMAP

  477.         $user  = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));

  478.         $acl   = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_POST));

  479.         $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_POST));

  480. 

  481.         $acl    = array_intersect(str_split($acl), $this->rights_supported());

  482.         $users  = $oldid ? array($user) : explode(',', $user);

  483.         $result = 0;

  484. 

  485.         foreach ($users as $user) {

  486.             $user   = trim($user);

  487.             $prefix = $this->rc->config->get('acl_groups') ? $this->rc->config->get('acl_group_prefix') : '';

  488. 

  489.             if ($prefix && strpos($user, $prefix) === 0) {

  490.                 $username = $user;

  491.             }

  492.             else if (!empty($this->specials) && in_array($user, $this->specials)) {

  493.                 $username = $this->gettext($user);

  494.             }

  495.             else if (!empty($user)) {

  496.                 if (!strpos($user, '@') && ($realm = $this->get_realm())) {

  497.                     $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm));

  498.                 }

  499.                 $username = $user;

  500.             }

  501. 

  502.             if (!$acl || !$user || !strlen($mbox)) {

  503.                 continue;

  504.             }

  505. 

  506.             $user     = $this->mod_login($user);

  507.             $username = $this->mod_login($username);

  508. 

  509.             if ($user != $_SESSION['username'] && $username != $_SESSION['username']) {

  510.                 if ($this->rc->storage->set_acl($mbox, $user, $acl)) {

  511.                     $ret = array('id' => rcube_utils::html_identifier($user),

  512.                          'username' => $username, 'acl' => implode($acl), 'old' => $oldid);

  513.                     $this->rc->output->command('acl_update', $ret);

  514.                     $result++;

  515.                 }

  516.             }

  517.         }

  518. 

  519.         if ($result) {

  520.             $this->rc->output->show_message($oldid ? 'acl.updatesuccess' : 'acl.createsuccess', 'confirmation');

  521.         }

  522.         else {

  523.             $this->rc->output->show_message($oldid ? 'acl.updateerror' : 'acl.createerror', 'error');

  524.         }

  525.     }

  526. 

  527.     /**

  528.      * Handler for ACL delete action

  529.      */

  530.     private function action_delete()

  531.     {

  532.         $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); //UTF7-IMAP

  533.         $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));

  534. 

  535.         $user = explode(',', $user);

  536. 

  537.         foreach ($user as $u) {

  538.             $u = trim($u);

  539.             if ($this->rc->storage->delete_acl($mbox, $u)) {

  540.                 $this->rc->output->command('acl_remove_row', rcube_utils::html_identifier($u));

  541.             }

  542.             else {

  543.                 $error = true;

  544.             }

  545.         }

  546. 

  547.         if (!$error) {

  548.             $this->rc->output->show_message('acl.deletesuccess', 'confirmation');

  549.         }

  550.         else {

  551.             $this->rc->output->show_message('acl.deleteerror', 'error');

  552.         }

  553.     }

  554. 

  555.     /**

  556.      * Handler for ACL list update action (with display mode change)

  557.      */

  558.     private function action_list()

  559.     {

  560.         if (in_array('acl_advanced_mode', (array)$this->rc->config->get('dont_override'))) {

  561.             return;

  562.         }

  563. 

  564.         $this->mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP

  565.         $advanced   = trim(rcube_utils::get_input_value('_mode', rcube_utils::INPUT_GPC));

  566.         $advanced   = $advanced == 'advanced';

  567. 

  568.         // Save state in user preferences

  569.         $this->rc->user->save_prefs(array('acl_advanced_mode' => $advanced));

  570. 

  571.         $out = $this->list_rights();

  572. 

  573.         $out = preg_replace(array('/^<table[^>]+>/', '/<\/table>$/'), '', $out);

  574. 

  575.         $this->rc->output->command('acl_list_update', $out);

  576.     }

  577. 

  578.     /**

  579.      * Creates <UL> list with descriptive access rights

  580.      *

  581.      * @param array $rights MYRIGHTS result

  582.      *

  583.      * @return string HTML content

  584.      */

  585.     function acl2text($rights)

  586.     {

  587.         if (empty($rights)) {

  588.             return '';

  589.         }

  590. 

  591.         $supported = $this->rights_supported();

  592.         $list      = array();

  593.         $attrib    = array(

  594.             'name' => 'rcmyrights',

  595.             'style' => 'margin:0; padding:0 15px;',

  596.         );

  597. 

  598.         foreach ($supported as $right) {

  599.             if (in_array($right, $rights)) {

  600.                 $list[] = html::tag('li', null, rcube::Q($this->gettext('acl' . $right)));

  601.             }

  602.         }

  603. 

  604.         if (count($list) == count($supported))

  605.             return rcube::Q($this->gettext('aclfull'));

  606. 

  607.         return html::tag('ul', $attrib, implode("\n", $list));

  608.     }

  609. 

  610.     /**

  611.      * Compares two ACLs (according to supported rights)

  612.      *

  613.      * @param array $acl1 ACL rights array (or string)

  614.      * @param array $acl2 ACL rights array (or string)

  615.      *

  616.      * @param int Comparision result, 2 - full match, 1 - partial match, 0 - no match

  617.      */

  618.     function acl_compare($acl1, $acl2)

  619.     {

  620.         if (!is_array($acl1)) $acl1 = str_split($acl1);

  621.         if (!is_array($acl2)) $acl2 = str_split($acl2);

  622. 

  623.         $rights = $this->rights_supported();

  624. 

  625.         $acl1 = array_intersect($acl1, $rights);

  626.         $acl2 = array_intersect($acl2, $rights);

  627.         $res  = array_intersect($acl1, $acl2);

  628. 

  629.         $cnt1 = count($res);

  630.         $cnt2 = count($acl2);

  631. 

  632.         if ($cnt1 == $cnt2)

  633.             return 2;

  634.         else if ($cnt1)

  635.             return 1;

  636.         else

  637.             return 0;

  638.     }

  639. 

  640.     /**

  641.      * Get list of supported access rights (according to RIGHTS capability)

  642.      *

  643.      * @return array List of supported access rights abbreviations

  644.      */

  645.     function rights_supported()

  646.     {

  647.         if ($this->supported !== null) {

  648.             return $this->supported;

  649.         }

  650. 

  651.         $capa = $this->rc->storage->get_capability('RIGHTS');

  652. 

  653.         if (is_array($capa)) {

  654.             $rights = strtolower($capa[0]);

  655.         }

  656.         else {

  657.             $rights = 'cd';

  658.         }

  659. 

  660.         return $this->supported = str_split('lrswi' . $rights . 'pa');

  661.     }

  662. 

  663.     /**

  664.      * Username realm detection.

  665.      *

  666.      * @return string Username realm (domain)

  667.      */

  668.     private function get_realm()

  669.     {

  670.         // When user enters a username without domain part, realm

  671.         // allows to add it to the username (and display correct username in the table)

  672. 

  673.         if (isset($_SESSION['acl_username_realm'])) {

  674.             return $_SESSION['acl_username_realm'];

  675.         }

  676. 

  677.         // find realm in username of logged user (?)

  678.         list($name, $domain) = explode('@', $_SESSION['username']);

  679. 

  680.         // Use (always existent) ACL entry on the INBOX for the user to determine

  681.         // whether or not the user ID in ACL entries need to be qualified and how

  682.         // they would need to be qualified.

  683.         if (empty($domain)) {

  684.             $acl = $this->rc->storage->get_acl('INBOX');

  685.             if (is_array($acl)) {

  686.                 $regexp = '/^' . preg_quote($_SESSION['username'], '/') . '@(.*)$/';

  687.                 foreach (array_keys($acl) as $name) {

  688.                     if (preg_match($regexp, $name, $matches)) {

  689.                         $domain = $matches[1];

  690.                         break;

  691.                     }

  692.                 }

  693.             }

  694.         }

  695. 

  696.         return $_SESSION['acl_username_realm'] = $domain;

  697.     }

  698. 

  699.     /**

  700.      * Initializes autocomplete LDAP backend

  701.      */

  702.     private function init_ldap()

  703.     {

  704.         if ($this->ldap) {

  705.             return $this->ldap->ready;

  706.         }

  707. 

  708.         // get LDAP config

  709.         $config = $this->rc->config->get('acl_users_source');

  710. 

  711.         if (empty($config)) {

  712.             return false;

  713.         }

  714. 

  715.         // not an array, use configured ldap_public source

  716.         if (!is_array($config)) {

  717.             $ldap_config = (array) $this->rc->config->get('ldap_public');

  718.             $config      = $ldap_config[$config];

  719.         }

  720. 

  721.         $uid_field = $this->rc->config->get('acl_users_field', 'mail');

  722.         $filter    = $this->rc->config->get('acl_users_filter');

  723. 

  724.         if (empty($uid_field) || empty($config)) {

  725.             return false;

  726.         }

  727. 

  728.         // get name attribute

  729.         if (!empty($config['fieldmap'])) {

  730.             $name_field = $config['fieldmap']['name'];

  731.         }

  732.         // ... no fieldmap, use the old method

  733.         if (empty($name_field)) {

  734.             $name_field = $config['name_field'];

  735.         }

  736. 

  737.         // add UID field to fieldmap, so it will be returned in a record with name

  738.         $config['fieldmap']['name'] = $name_field;

  739.         $config['fieldmap']['uid']  = $uid_field;

  740. 

  741.         // search in UID and name fields

  742.         // $name_field can be in a form of <field>:<modifier> (#1490591)

  743.         $name_field = preg_replace('/:.*$/', '', $name_field);

  744.         $search     = array_unique(array($name_field, $uid_field));

  745. 

  746.         $config['search_fields']   = $search;

  747.         $config['required_fields'] = array($uid_field);

  748. 

  749.         // set search filter

  750.         if ($filter) {

  751.             $config['filter'] = $filter;

  752.         }

  753. 

  754.         // disable vlv

  755.         $config['vlv'] = false;

  756. 

  757.         // Initialize LDAP connection

  758.         $this->ldap = new rcube_ldap($config,

  759.             $this->rc->config->get('ldap_debug'),

  760.             $this->rc->config->mail_domain($_SESSION['imap_host']));

  761. 

  762.         return $this->ldap->ready;

  763.     }

  764. 

  765.     /**

  766.      * Modify user login according to 'login_lc' setting

  767.      */

  768.     protected function mod_login($user)

  769.     {

  770.         $login_lc = $this->rc->config->get('login_lc');

  771. 

  772.         if ($login_lc === true || $login_lc == 2) {

  773.             $user = mb_strtolower($user);

  774.         }

  775.         // lowercase domain name

  776.         else if ($login_lc && strpos($user, '@')) {

  777.             list($local, $domain) = explode('@', $user);

  778.             $user = $local . '@' . mb_strtolower($domain);

  779.         }

  780. 

  781.         return $user;

  782.     }

  783. }