gunnar: server/kolab-webadmin/kolab-webadmin/www/admin/user user.php.in, 1.14, 1.15

cvs at kolab.org cvs at kolab.org
Thu Feb 1 21:34:40 CET 2007


Author: gunnar

Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user
In directory doto:/tmp/cvs-serv31842/kolab-webadmin/www/admin/user

Modified Files:
	user.php.in 
Log Message:
	* www/admin/user/user.php.in (inMaintainerDomain): 

	New function to support checking if a given user lies in the
	domains of the current domain-maintainer. Should fix issue 1559
	(https://intevation.de/roundup/kolab/issue1559)


Index: user.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user/user.php.in,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- user.php.in	10 Jan 2007 16:50:43 -0000	1.14
+++ user.php.in	1 Feb 2007 20:34:38 -0000	1.15
@@ -51,6 +51,40 @@
   return ( substr( $str, strlen( $str ) - strlen( $sub ) ) == $sub );
 }
 
+// check if the given dn is maintainable by the current user
+function inMaintainerDomain($dn) {
+
+  global $ldap;
+  global $auth;
+
+  // both groups have full access
+  if ($auth->group() == 'maintainer' || $auth->group() == 'admin') {
+	return true;
+  }
+
+  // user may not maintain anything
+  if ($auth->group() == 'user') {
+	return false;
+  }
+  
+  // we have a domain maintainer. Get his domains
+  $domains = $ldap->domainsForMaintainerDn($auth->dn());
+
+  // retrieve the mail for the current dn
+  $mail = $ldap->mailForDn($dn);
+
+  $ok = false;
+
+  // Check if the mail is within that domain
+  foreach( $domains as $domain ) {
+        if( endsWith( $mail, '@'.$domain ) ) {
+          $ok = true;
+        }
+  }
+
+  return true;
+}
+
 // Check that a uid is unique
 function checkuniquemail( $form, $key, $value ) {
   debug("checkuniquemail( $form, $key, $value )");
@@ -350,7 +384,9 @@
     !($auth->group() == 'user' && $dn == $auth->dn() )) {
   array_push($errors, _("Error: You don't have the required Permissions") );
 } else if( $auth->group() == 'domain-maintainer' ) {
-  // TODO(steffen): Check that user is in correct domain(s)
+  if (!inMaintainerDomain($dn)) {
+    array_push($errors, _("Error: You don't have the required Permissions") );
+  }
 }
 
 
@@ -767,9 +803,15 @@
    $content = $form->outputForm();
    break;
  case 'kill':
-   if (!$dn) array_push($errors, _("Error: need DN for delete operation"));
-   elseif ($auth->group() != "maintainer" && $auth->group() != "admin") 
-     array_push($errors, _("Error: you need administrative permissions to delete users"));
+   if (!$dn) {
+	 array_push($errors, _("Error: need DN for delete operation"));
+   } elseif ( $auth->group() == 'domain-maintainer' ) {
+	 if (!inMaintainerDomain($dn)) {
+	   array_push($errors, _("Error: You don't have the required Permissions") );
+	 }
+   } elseif ($auth->group() != "maintainer" && $auth->group() != "admin") {     
+	 array_push($errors, _("Error: you need administrative permissions to delete users"));
+   }
 
    // Check for distribution lists with only this user as member
    $ldap->search( $_SESSION['base_dn'], 





More information about the commits mailing list