gunnar: server/kolab-webadmin/kolab-webadmin/www/admin/user user.php.in, 1.14, 1.15
cvs at kolab.org
cvs at kolab.org
Thu Feb 1 21:34:40 CET 2007
Author: gunnar
Update of /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user
In directory doto:/tmp/cvs-serv31842/kolab-webadmin/www/admin/user
Modified Files:
user.php.in
Log Message:
* www/admin/user/user.php.in (inMaintainerDomain):
New function to support checking if a given user lies in the
domains of the current domain-maintainer. Should fix issue 1559
(https://intevation.de/roundup/kolab/issue1559)
Index: user.php.in
===================================================================
RCS file: /kolabrepository/server/kolab-webadmin/kolab-webadmin/www/admin/user/user.php.in,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- user.php.in 10 Jan 2007 16:50:43 -0000 1.14
+++ user.php.in 1 Feb 2007 20:34:38 -0000 1.15
@@ -51,6 +51,40 @@
return ( substr( $str, strlen( $str ) - strlen( $sub ) ) == $sub );
}
+// check if the given dn is maintainable by the current user
+function inMaintainerDomain($dn) {
+
+ global $ldap;
+ global $auth;
+
+ // both groups have full access
+ if ($auth->group() == 'maintainer' || $auth->group() == 'admin') {
+ return true;
+ }
+
+ // user may not maintain anything
+ if ($auth->group() == 'user') {
+ return false;
+ }
+
+ // we have a domain maintainer. Get his domains
+ $domains = $ldap->domainsForMaintainerDn($auth->dn());
+
+ // retrieve the mail for the current dn
+ $mail = $ldap->mailForDn($dn);
+
+ $ok = false;
+
+ // Check if the mail is within that domain
+ foreach( $domains as $domain ) {
+ if( endsWith( $mail, '@'.$domain ) ) {
+ $ok = true;
+ }
+ }
+
+ return true;
+}
+
// Check that a uid is unique
function checkuniquemail( $form, $key, $value ) {
debug("checkuniquemail( $form, $key, $value )");
@@ -350,7 +384,9 @@
!($auth->group() == 'user' && $dn == $auth->dn() )) {
array_push($errors, _("Error: You don't have the required Permissions") );
} else if( $auth->group() == 'domain-maintainer' ) {
- // TODO(steffen): Check that user is in correct domain(s)
+ if (!inMaintainerDomain($dn)) {
+ array_push($errors, _("Error: You don't have the required Permissions") );
+ }
}
@@ -767,9 +803,15 @@
$content = $form->outputForm();
break;
case 'kill':
- if (!$dn) array_push($errors, _("Error: need DN for delete operation"));
- elseif ($auth->group() != "maintainer" && $auth->group() != "admin")
- array_push($errors, _("Error: you need administrative permissions to delete users"));
+ if (!$dn) {
+ array_push($errors, _("Error: need DN for delete operation"));
+ } elseif ( $auth->group() == 'domain-maintainer' ) {
+ if (!inMaintainerDomain($dn)) {
+ array_push($errors, _("Error: You don't have the required Permissions") );
+ }
+ } elseif ($auth->group() != "maintainer" && $auth->group() != "admin") {
+ array_push($errors, _("Error: you need administrative permissions to delete users"));
+ }
// Check for distribution lists with only this user as member
$ldap->search( $_SESSION['base_dn'],
More information about the commits
mailing list