robin.thoni
/
docker-roundcube-server
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 10 Wiki 活動
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
24 提交
2 分支
目錄樹: ad3f0fe5b1
分支列表 標籤
${ item.name }
建立分支 ${ searchTerm }
從 'ad3f0fe5b1'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/plugins/acl/acl.php

acl.php 26KB
歷史記錄 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788 
  1. <?php

  2. 

  3. /**

  4.  * Folders Access Control Lists Management (RFC4314, RFC2086)

  5.  *

  6.  * @author Aleksander Machniak <alec@alec.pl>

  7.  *

  8.  * Copyright (C) 2011-2012, Kolab Systems AG

  9.  *

  10.  * This program is free software: you can redistribute it and/or modify

  11.  * it under the terms of the GNU General Public License as published by

  12.  * the Free Software Foundation, either version 3 of the License, or

  13.  * (at your option) any later version.

  14.  *

  15.  * This program is distributed in the hope that it will be useful,

  16.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  17.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  18.  * GNU General Public License for more details.

  19.  *

  20.  * You should have received a copy of the GNU General Public License

  21.  * along with this program. If not, see http://www.gnu.org/licenses/.

  22.  */

  23. 

  24. class acl extends rcube_plugin

  25. {

  26.     public $task = 'settings|addressbook|calendar';

  27. 

  28.     private $rc;

  29.     private $supported = null;

  30.     private $mbox;

  31.     private $ldap;

  32.     private $specials = array('anyone', 'anonymous');

  33. 

  34.     /**

  35.      * Plugin initialization

  36.      */

  37.     function init()

  38.     {

  39.         $this->rc = rcmail::get_instance();

  40. 

  41.         // Register hooks

  42.         $this->add_hook('folder_form', array($this, 'folder_form'));

  43.         // kolab_addressbook plugin

  44.         $this->add_hook('addressbook_form', array($this, 'folder_form'));

  45.         $this->add_hook('calendar_form_kolab', array($this, 'folder_form'));

  46.         // Plugin actions

  47.         $this->register_action('plugin.acl', array($this, 'acl_actions'));

  48.         $this->register_action('plugin.acl-autocomplete', array($this, 'acl_autocomplete'));

  49.     }

  50. 

  51.     /**

  52.      * Handler for plugin actions (AJAX)

  53.      */

  54.     function acl_actions()

  55.     {

  56.         $action = trim(rcube_utils::get_input_value('_act', rcube_utils::INPUT_GPC));

  57. 

  58.         // Connect to IMAP

  59.         $this->rc->storage_init();

  60. 

  61.         // Load localization and configuration

  62.         $this->add_texts('localization/');

  63.         $this->load_config();

  64. 

  65.         if ($action == 'save') {

  66.             $this->action_save();

  67.         }

  68.         else if ($action == 'delete') {

  69.             $this->action_delete();

  70.         }

  71.         else if ($action == 'list') {

  72.             $this->action_list();

  73.         }

  74. 

  75.         // Only AJAX actions

  76.         $this->rc->output->send();

  77.     }

  78. 

  79.     /**

  80.      * Handler for user login autocomplete request

  81.      */

  82.     function acl_autocomplete()

  83.     {

  84.         $this->load_config();

  85. 

  86.         $search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true);

  87.         $reqid  = rcube_utils::get_input_value('_reqid', rcube_utils::INPUT_GPC);

  88.         $users  = array();

  89.         $keys   = array();

  90. 

  91.         if ($this->init_ldap()) {

  92.             $max  = (int) $this->rc->config->get('autocomplete_max', 15);

  93.             $mode = (int) $this->rc->config->get('addressbook_search_mode');

  94. 

  95.             $this->ldap->set_pagesize($max);

  96.             $result = $this->ldap->search('*', $search, $mode);

  97. 

  98.             foreach ($result->records as $record) {

  99.                 $user = $record['uid'];

  100. 

  101.                 if (is_array($user)) {

  102.                     $user = array_filter($user);

  103.                     $user = $user[0];

  104.                 }

  105. 

  106.                 if ($user) {

  107.                     $display = rcube_addressbook::compose_search_name($record);

  108.                     $user    = array('name' => $user, 'display' => $display);

  109.                     $users[] = $user;

  110.                     $keys[]  = $display ?: $user['name'];

  111.                 }

  112.             }

  113. 

  114.             if ($this->rc->config->get('acl_groups')) {

  115.                 $prefix      = $this->rc->config->get('acl_group_prefix');

  116.                 $group_field = $this->rc->config->get('acl_group_field', 'name');

  117.                 $result      = $this->ldap->list_groups($search, $mode);

  118. 

  119.                 foreach ($result as $record) {

  120.                     $group    = $record['name'];

  121.                     $group_id = is_array($record[$group_field]) ? $record[$group_field][0] : $record[$group_field];

  122. 

  123.                     if ($group) {

  124.                         $users[] = array('name' => ($prefix ?: '') . $group_id, 'display' => $group, 'type' => 'group');

  125.                         $keys[]  = $group;

  126.                     }

  127.                 }

  128.             }

  129.         }

  130. 

  131.         if (count($users)) {

  132.             // sort users index

  133.             asort($keys, SORT_LOCALE_STRING);

  134.             // re-sort users according to index

  135.             foreach ($keys as $idx => $val) {

  136.                 $keys[$idx] = $users[$idx];

  137.             }

  138.             $users = array_values($keys);

  139.         }

  140. 

  141.         $this->rc->output->command('ksearch_query_results', $users, $search, $reqid);

  142.         $this->rc->output->send();

  143.     }

  144. 

  145.     /**

  146.      * Handler for 'folder_form' hook

  147.      *

  148.      * @param array $args Hook arguments array (form data)

  149.      *

  150.      * @return array Hook arguments array

  151.      */

  152.     function folder_form($args)

  153.     {

  154.         $mbox_imap = $args['options']['name'];

  155.         $myrights  = $args['options']['rights'];

  156. 

  157.         // Edited folder name (empty in create-folder mode)

  158.         if (!strlen($mbox_imap)) {

  159.             return $args;

  160.         }

  161. /*

  162.         // Do nothing on protected folders (?)

  163.         if ($args['options']['protected']) {

  164.             return $args;

  165.         }

  166. */

  167.         // Get MYRIGHTS

  168.         if (empty($myrights)) {

  169.             return $args;

  170.         }

  171. 

  172.         // Load localization and include scripts

  173.         $this->load_config();

  174.         $this->specials = $this->rc->config->get('acl_specials', $this->specials);

  175.         $this->add_texts('localization/', array('deleteconfirm', 'norights',

  176.             'nouser', 'deleting', 'saving', 'newuser', 'editperms'));

  177.         $this->rc->output->add_label('save', 'cancel');

  178.         $this->include_script('acl.js');

  179.         $this->rc->output->include_script('list.js');

  180.         $this->include_stylesheet($this->local_skin_path().'/acl.css');

  181. 

  182.         // add Info fieldset if it doesn't exist

  183.         if (!isset($args['form']['props']['fieldsets']['info']))

  184.             $args['form']['props']['fieldsets']['info'] = array(

  185.                 'name'  => $this->rc->gettext('info'),

  186.                 'content' => array());

  187. 

  188.         // Display folder rights to 'Info' fieldset

  189.         $args['form']['props']['fieldsets']['info']['content']['myrights'] = array(

  190.             'label' => rcube::Q($this->gettext('myrights')),

  191.             'value' => $this->acl2text($myrights)

  192.         );

  193. 

  194.         // Return if not folder admin

  195.         if (!in_array('a', $myrights)) {

  196.             return $args;

  197.         }

  198. 

  199.         // The 'Sharing' tab

  200.         $this->mbox = $mbox_imap;

  201.         $this->rc->output->set_env('acl_users_source', (bool) $this->rc->config->get('acl_users_source'));

  202.         $this->rc->output->set_env('mailbox', $mbox_imap);

  203.         $this->rc->output->add_handlers(array(

  204.             'acltable'  => array($this, 'templ_table'),

  205.             'acluser'   => array($this, 'templ_user'),

  206.             'aclrights' => array($this, 'templ_rights'),

  207.         ));

  208. 

  209.         $this->rc->output->set_env('autocomplete_max', (int)$this->rc->config->get('autocomplete_max', 15));

  210.         $this->rc->output->set_env('autocomplete_min_length', $this->rc->config->get('autocomplete_min_length'));

  211.         $this->rc->output->add_label('autocompletechars', 'autocompletemore');

  212. 

  213.         $args['form']['sharing'] = array(

  214.             'name'    => rcube::Q($this->gettext('sharing')),

  215.             'content' => $this->rc->output->parse('acl.table', false, false),

  216.         );

  217. 

  218.         return $args;

  219.     }

  220. 

  221.     /**

  222.      * Creates ACL rights table

  223.      *

  224.      * @param array $attrib Template object attributes

  225.      *

  226.      * @return string HTML Content

  227.      */

  228.     function templ_table($attrib)

  229.     {

  230.         if (empty($attrib['id']))

  231.             $attrib['id'] = 'acl-table';

  232. 

  233.         $out = $this->list_rights($attrib);

  234. 

  235.         $this->rc->output->add_gui_object('acltable', $attrib['id']);

  236. 

  237.         return $out;

  238.     }

  239. 

  240.     /**

  241.      * Creates ACL rights form (rights list part)

  242.      *

  243.      * @param array $attrib Template object attributes

  244.      *

  245.      * @return string HTML Content

  246.      */

  247.     function templ_rights($attrib)

  248.     {

  249.         // Get supported rights

  250.         $supported = $this->rights_supported();

  251. 

  252.         // give plugins the opportunity to adjust this list

  253.         $data = $this->rc->plugins->exec_hook('acl_rights_supported',

  254.             array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array()));

  255.         $supported = $data['rights'];

  256. 

  257.         // depending on server capability either use 'te' or 'd' for deleting msgs

  258.         $deleteright = implode(array_intersect(str_split('ted'), $supported));

  259. 

  260.         $out = '';

  261.         $ul  = '';

  262.         $input = new html_checkbox();

  263. 

  264.         // Advanced rights

  265.         $attrib['id'] = 'advancedrights';

  266.         foreach ($supported as $key => $val) {

  267.             $id = "acl$val";

  268.             $ul .= html::tag('li', null,

  269.                 $input->show('', array(

  270.                     'name' => "acl[$val]", 'value' => $val, 'id' => $id))

  271.                 . html::label(array('for' => $id, 'title' => $this->gettext('longacl'.$val)),

  272.                     $this->gettext('acl'.$val)));

  273.         }

  274. 

  275.         $out = html::tag('ul', $attrib, $ul, html::$common_attrib);

  276. 

  277.         // Simple rights

  278.         $ul = '';

  279.         $attrib['id'] = 'simplerights';

  280.         $items = array(

  281.             'read' => 'lrs',

  282.             'write' => 'wi',

  283.             'delete' => $deleteright,

  284.             'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),

  285.         );

  286. 

  287.         // give plugins the opportunity to adjust this list

  288.         $data = $this->rc->plugins->exec_hook('acl_rights_simple',

  289.             array('rights' => $items, 'folder' => $this->mbox, 'labels' => array(), 'titles' => array()));

  290. 

  291.         foreach ($data['rights'] as $key => $val) {

  292.             $id = "acl$key";

  293.             $ul .= html::tag('li', null,

  294.                 $input->show('', array(

  295.                     'name' => "acl[$val]", 'value' => $val, 'id' => $id))

  296.                 . html::label(array('for' => $id, 'title' => $data['titles'][$key] ?: $this->gettext('longacl'.$key)),

  297.                     $data['labels'][$key] ?: $this->gettext('acl'.$key)));

  298.         }

  299. 

  300.         $out .= "\n" . html::tag('ul', $attrib, $ul, html::$common_attrib);

  301. 

  302.         $this->rc->output->set_env('acl_items', $data['rights']);

  303. 

  304.         return $out;

  305.     }

  306. 

  307.     /**

  308.      * Creates ACL rights form (user part)

  309.      *

  310.      * @param array $attrib Template object attributes

  311.      *

  312.      * @return string HTML Content

  313.      */

  314.     function templ_user($attrib)

  315.     {

  316.         // Create username input

  317.         $attrib['name'] = 'acluser';

  318. 

  319.         $textfield = new html_inputfield($attrib);

  320. 

  321.         $fields['user'] = html::label(array('for' => $attrib['id']), $this->gettext('username'))

  322.             . ' ' . $textfield->show();

  323. 

  324.         // Add special entries

  325.         if (!empty($this->specials)) {

  326.             foreach ($this->specials as $key) {

  327.                 $fields[$key] = html::label(array('for' => 'id'.$key), $this->gettext($key));

  328.             }

  329.         }

  330. 

  331.         $this->rc->output->set_env('acl_specials', $this->specials);

  332. 

  333.         // Create list with radio buttons

  334.         if (count($fields) > 1) {

  335.             $ul = '';

  336.             $radio = new html_radiobutton(array('name' => 'usertype'));

  337.             foreach ($fields as $key => $val) {

  338.                 $ul .= html::tag('li', null, $radio->show($key == 'user' ? 'user' : '',

  339.                         array('value' => $key, 'id' => 'id'.$key))

  340.                     . $val);

  341.             }

  342. 

  343.             $out = html::tag('ul', array('id' => 'usertype', 'class' => $attrib['class']), $ul, html::$common_attrib);

  344.         }

  345.         // Display text input alone

  346.         else {

  347.             $out = $fields['user'];

  348.         }

  349. 

  350.         return $out;

  351.     }

  352. 

  353.     /**

  354.      * Creates ACL rights table

  355.      *

  356.      * @param array $attrib Template object attributes

  357.      *

  358.      * @return string HTML Content

  359.      */

  360.     private function list_rights($attrib=array())

  361.     {

  362.         // Get ACL for the folder

  363.         $acl = $this->rc->storage->get_acl($this->mbox);

  364. 

  365.         if (!is_array($acl)) {

  366.             $acl = array();

  367.         }

  368. 

  369.         // Keep special entries (anyone/anonymous) on top of the list

  370.         if (!empty($this->specials) && !empty($acl)) {

  371.             foreach ($this->specials as $key) {

  372.                 if (isset($acl[$key])) {

  373.                     $acl_special[$key] = $acl[$key];

  374.                     unset($acl[$key]);

  375.                 }

  376.             }

  377.         }

  378. 

  379.         // Sort the list by username

  380.         uksort($acl, 'strnatcasecmp');

  381. 

  382.         if (!empty($acl_special)) {

  383.             $acl = array_merge($acl_special, $acl);

  384.         }

  385. 

  386.         // Get supported rights and build column names

  387.         $supported = $this->rights_supported();

  388. 

  389.         // give plugins the opportunity to adjust this list

  390.         $data = $this->rc->plugins->exec_hook('acl_rights_supported',

  391.             array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array()));

  392.         $supported = $data['rights'];

  393. 

  394.         // depending on server capability either use 'te' or 'd' for deleting msgs

  395.         $deleteright = implode(array_intersect(str_split('ted'), $supported));

  396. 

  397.         // Use advanced or simple (grouped) rights

  398.         $advanced = $this->rc->config->get('acl_advanced_mode');

  399. 

  400.         if ($advanced) {

  401.             $items = array();

  402.             foreach ($supported as $sup) {

  403.                 $items[$sup] = $sup;

  404.             }

  405.         }

  406.         else {

  407.             $items = array(

  408.                 'read' => 'lrs',

  409.                 'write' => 'wi',

  410.                 'delete' => $deleteright,

  411.                 'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),

  412.             );

  413. 

  414.             // give plugins the opportunity to adjust this list

  415.             $data = $this->rc->plugins->exec_hook('acl_rights_simple',

  416.                 array('rights' => $items, 'folder' => $this->mbox, 'labels' => array()));

  417.             $items = $data['rights'];

  418.         }

  419. 

  420.         // Create the table

  421.         $attrib['noheader'] = true;

  422.         $table = new html_table($attrib);

  423. 

  424.         // Create table header

  425.         $table->add_header('user', $this->gettext('identifier'));

  426.         foreach (array_keys($items) as $key) {

  427.             $label = $data['labels'][$key] ?: $this->gettext('shortacl'.$key);

  428.             $table->add_header(array('class' => 'acl'.$key, 'title' => $label), $label);

  429.         }

  430. 

  431.         $js_table = array();

  432.         foreach ($acl as $user => $rights) {

  433.             if ($this->rc->storage->conn->user == $user) {

  434.                 continue;

  435.             }

  436. 

  437.             // filter out virtual rights (c or d) the server may return

  438.             $userrights = array_intersect($rights, $supported);

  439.             $userid = rcube_utils::html_identifier($user);

  440. 

  441.             if (!empty($this->specials) && in_array($user, $this->specials)) {

  442.                 $user = $this->gettext($user);

  443.             }

  444. 

  445.             $table->add_row(array('id' => 'rcmrow'.$userid));

  446.             $table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user)));

  447. 

  448.             foreach ($items as $key => $right) {

  449.                 $in = $this->acl_compare($userrights, $right);

  450.                 switch ($in) {

  451.                     case 2: $class = 'enabled'; break;

  452.                     case 1: $class = 'partial'; break;

  453.                     default: $class = 'disabled'; break;

  454.                 }

  455.                 $table->add('acl' . $key . ' ' . $class, '');

  456.             }

  457. 

  458.             $js_table[$userid] = implode($userrights);

  459.         }

  460. 

  461.         $this->rc->output->set_env('acl', $js_table);

  462.         $this->rc->output->set_env('acl_advanced', $advanced);

  463. 

  464.         $out = $table->show();

  465. 

  466.         return $out;

  467.     }

  468. 

  469.     /**

  470.      * Handler for ACL update/create action

  471.      */

  472.     private function action_save()

  473.     {

  474.         $mbox  = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); // UTF7-IMAP

  475.         $user  = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));

  476.         $acl   = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_POST));

  477.         $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_POST));

  478. 

  479.         $acl    = array_intersect(str_split($acl), $this->rights_supported());

  480.         $users  = $oldid ? array($user) : explode(',', $user);

  481.         $result = 0;

  482. 

  483.         foreach ($users as $user) {

  484.             $user   = trim($user);

  485.             $prefix = $this->rc->config->get('acl_groups') ? $this->rc->config->get('acl_group_prefix') : '';

  486. 

  487.             if ($prefix && strpos($user, $prefix) === 0) {

  488.                 $username = $user;

  489.             }

  490.             else if (!empty($this->specials) && in_array($user, $this->specials)) {

  491.                 $username = $this->gettext($user);

  492.             }

  493.             else if (!empty($user)) {

  494.                 if (!strpos($user, '@') && ($realm = $this->get_realm())) {

  495.                     $user .= '@' . rcube_utils::idn_to_ascii(preg_replace('/^@/', '', $realm));

  496.                 }

  497. 

  498.                 // Make sure it's valid email address to prevent from "disappearing folder"

  499.                 // issue in Cyrus IMAP e.g. when the acl user identifier contains spaces inside.

  500.                 if (strpos($user, '@') && !rcube_utils::check_email($user, false)) {

  501.                     $user = null;

  502.                 }

  503. 

  504.                 $username = $user;

  505.             }

  506. 

  507.             if (!$acl || !$user || !strlen($mbox)) {

  508.                 continue;

  509.             }

  510. 

  511.             $user     = $this->mod_login($user);

  512.             $username = $this->mod_login($username);

  513. 

  514.             if ($user != $_SESSION['username'] && $username != $_SESSION['username']) {

  515.                 if ($this->rc->storage->set_acl($mbox, $user, $acl)) {

  516.                     $ret = array('id' => rcube_utils::html_identifier($user),

  517.                          'username' => $username, 'acl' => implode($acl), 'old' => $oldid);

  518.                     $this->rc->output->command('acl_update', $ret);

  519.                     $result++;

  520.                 }

  521.             }

  522.         }

  523. 

  524.         if ($result) {

  525.             $this->rc->output->show_message($oldid ? 'acl.updatesuccess' : 'acl.createsuccess', 'confirmation');

  526.         }

  527.         else {

  528.             $this->rc->output->show_message($oldid ? 'acl.updateerror' : 'acl.createerror', 'error');

  529.         }

  530.     }

  531. 

  532.     /**

  533.      * Handler for ACL delete action

  534.      */

  535.     private function action_delete()

  536.     {

  537.         $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); //UTF7-IMAP

  538.         $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));

  539. 

  540.         $user = explode(',', $user);

  541. 

  542.         foreach ($user as $u) {

  543.             $u = trim($u);

  544.             if ($this->rc->storage->delete_acl($mbox, $u)) {

  545.                 $this->rc->output->command('acl_remove_row', rcube_utils::html_identifier($u));

  546.             }

  547.             else {

  548.                 $error = true;

  549.             }

  550.         }

  551. 

  552.         if (!$error) {

  553.             $this->rc->output->show_message('acl.deletesuccess', 'confirmation');

  554.         }

  555.         else {

  556.             $this->rc->output->show_message('acl.deleteerror', 'error');

  557.         }

  558.     }

  559. 

  560.     /**

  561.      * Handler for ACL list update action (with display mode change)

  562.      */

  563.     private function action_list()

  564.     {

  565.         if (in_array('acl_advanced_mode', (array)$this->rc->config->get('dont_override'))) {

  566.             return;

  567.         }

  568. 

  569.         $this->mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP

  570.         $advanced   = trim(rcube_utils::get_input_value('_mode', rcube_utils::INPUT_GPC));

  571.         $advanced   = $advanced == 'advanced';

  572. 

  573.         // Save state in user preferences

  574.         $this->rc->user->save_prefs(array('acl_advanced_mode' => $advanced));

  575. 

  576.         $out = $this->list_rights();

  577. 

  578.         $out = preg_replace(array('/^<table[^>]+>/', '/<\/table>$/'), '', $out);

  579. 

  580.         $this->rc->output->command('acl_list_update', $out);

  581.     }

  582. 

  583.     /**

  584.      * Creates <UL> list with descriptive access rights

  585.      *

  586.      * @param array $rights MYRIGHTS result

  587.      *

  588.      * @return string HTML content

  589.      */

  590.     function acl2text($rights)

  591.     {

  592.         if (empty($rights)) {

  593.             return '';

  594.         }

  595. 

  596.         $supported = $this->rights_supported();

  597.         $list      = array();

  598.         $attrib    = array(

  599.             'name' => 'rcmyrights',

  600.             'style' => 'margin:0; padding:0 15px;',

  601.         );

  602. 

  603.         foreach ($supported as $right) {

  604.             if (in_array($right, $rights)) {

  605.                 $list[] = html::tag('li', null, rcube::Q($this->gettext('acl' . $right)));

  606.             }

  607.         }

  608. 

  609.         if (count($list) == count($supported))

  610.             return rcube::Q($this->gettext('aclfull'));

  611. 

  612.         return html::tag('ul', $attrib, implode("\n", $list));

  613.     }

  614. 

  615.     /**

  616.      * Compares two ACLs (according to supported rights)

  617.      *

  618.      * @param array $acl1 ACL rights array (or string)

  619.      * @param array $acl2 ACL rights array (or string)

  620.      *

  621.      * @param int Comparison result, 2 - full match, 1 - partial match, 0 - no match

  622.      */

  623.     function acl_compare($acl1, $acl2)

  624.     {

  625.         if (!is_array($acl1)) $acl1 = str_split($acl1);

  626.         if (!is_array($acl2)) $acl2 = str_split($acl2);

  627. 

  628.         $rights = $this->rights_supported();

  629. 

  630.         $acl1 = array_intersect($acl1, $rights);

  631.         $acl2 = array_intersect($acl2, $rights);

  632.         $res  = array_intersect($acl1, $acl2);

  633. 

  634.         $cnt1 = count($res);

  635.         $cnt2 = count($acl2);

  636. 

  637.         if ($cnt1 == $cnt2)

  638.             return 2;

  639.         else if ($cnt1)

  640.             return 1;

  641.         else

  642.             return 0;

  643.     }

  644. 

  645.     /**

  646.      * Get list of supported access rights (according to RIGHTS capability)

  647.      *

  648.      * @return array List of supported access rights abbreviations

  649.      */

  650.     function rights_supported()

  651.     {

  652.         if ($this->supported !== null) {

  653.             return $this->supported;

  654.         }

  655. 

  656.         $capa = $this->rc->storage->get_capability('RIGHTS');

  657. 

  658.         if (is_array($capa)) {

  659.             $rights = strtolower($capa[0]);

  660.         }

  661.         else {

  662.             $rights = 'cd';

  663.         }

  664. 

  665.         return $this->supported = str_split('lrswi' . $rights . 'pa');

  666.     }

  667. 

  668.     /**

  669.      * Username realm detection.

  670.      *

  671.      * @return string Username realm (domain)

  672.      */

  673.     private function get_realm()

  674.     {

  675.         // When user enters a username without domain part, realm

  676.         // allows to add it to the username (and display correct username in the table)

  677. 

  678.         if (isset($_SESSION['acl_username_realm'])) {

  679.             return $_SESSION['acl_username_realm'];

  680.         }

  681. 

  682.         // find realm in username of logged user (?)

  683.         list($name, $domain) = explode('@', $_SESSION['username']);

  684. 

  685.         // Use (always existent) ACL entry on the INBOX for the user to determine

  686.         // whether or not the user ID in ACL entries need to be qualified and how

  687.         // they would need to be qualified.

  688.         if (empty($domain)) {

  689.             $acl = $this->rc->storage->get_acl('INBOX');

  690.             if (is_array($acl)) {

  691.                 $regexp = '/^' . preg_quote($_SESSION['username'], '/') . '@(.*)$/';

  692.                 foreach (array_keys($acl) as $name) {

  693.                     if (preg_match($regexp, $name, $matches)) {

  694.                         $domain = $matches[1];

  695.                         break;

  696.                     }

  697.                 }

  698.             }

  699.         }

  700. 

  701.         return $_SESSION['acl_username_realm'] = $domain;

  702.     }

  703. 

  704.     /**

  705.      * Initializes autocomplete LDAP backend

  706.      */

  707.     private function init_ldap()

  708.     {

  709.         if ($this->ldap) {

  710.             return $this->ldap->ready;

  711.         }

  712. 

  713.         // get LDAP config

  714.         $config = $this->rc->config->get('acl_users_source');

  715. 

  716.         if (empty($config)) {

  717.             return false;

  718.         }

  719. 

  720.         // not an array, use configured ldap_public source

  721.         if (!is_array($config)) {

  722.             $ldap_config = (array) $this->rc->config->get('ldap_public');

  723.             $config      = $ldap_config[$config];

  724.         }

  725. 

  726.         $uid_field = $this->rc->config->get('acl_users_field', 'mail');

  727.         $filter    = $this->rc->config->get('acl_users_filter');

  728. 

  729.         if (empty($uid_field) || empty($config)) {

  730.             return false;

  731.         }

  732. 

  733.         // get name attribute

  734.         if (!empty($config['fieldmap'])) {

  735.             $name_field = $config['fieldmap']['name'];

  736.         }

  737.         // ... no fieldmap, use the old method

  738.         if (empty($name_field)) {

  739.             $name_field = $config['name_field'];

  740.         }

  741. 

  742.         // add UID field to fieldmap, so it will be returned in a record with name

  743.         $config['fieldmap']['name'] = $name_field;

  744.         $config['fieldmap']['uid']  = $uid_field;

  745. 

  746.         // search in UID and name fields

  747.         // $name_field can be in a form of <field>:<modifier> (#1490591)

  748.         $name_field = preg_replace('/:.*$/', '', $name_field);

  749.         $search     = array_unique(array($name_field, $uid_field));

  750. 

  751.         $config['search_fields']   = $search;

  752.         $config['required_fields'] = array($uid_field);

  753. 

  754.         // set search filter

  755.         if ($filter) {

  756.             $config['filter'] = $filter;

  757.         }

  758. 

  759.         // disable vlv

  760.         $config['vlv'] = false;

  761. 

  762.         // Initialize LDAP connection

  763.         $this->ldap = new rcube_ldap($config,

  764.             $this->rc->config->get('ldap_debug'),

  765.             $this->rc->config->mail_domain($_SESSION['imap_host']));

  766. 

  767.         return $this->ldap->ready;

  768.     }

  769. 

  770.     /**

  771.      * Modify user login according to 'login_lc' setting

  772.      */

  773.     protected function mod_login($user)

  774.     {

  775.         $login_lc = $this->rc->config->get('login_lc');

  776. 

  777.         if ($login_lc === true || $login_lc == 2) {

  778.             $user = mb_strtolower($user);

  779.         }

  780.         // lowercase domain name

  781.         else if ($login_lc && strpos($user, '@')) {

  782.             list($local, $domain) = explode('@', $user);

  783.             $user = $local . '@' . mb_strtolower($domain);

  784.         }

  785. 

  786.         return $user;

  787.     }

  788. }