[Kolab-devel] lib/KolabAdmin package.xml www/admin

Gunnar Wrobel wrobel at horde.org
Thu Jun 23 12:37:35 CEST 2011 

Quoting Bogomil Shopov <shopov at kolabsys.com>:

> lib/KolabAdmin/include/menu.php |   35 ++++++++++++++++++++++++++++-------
>  package.xml                     |   11 +++++++----
>  www/admin/user/activesync.php   |   16 ++++++++++------
>  3 files changed, 45 insertions(+), 17 deletions(-)
>
> New commits:
> commit 253dd2c9f6054919036ccc56e07b6ccdb8608608
> Author: Bogomil Shopov (Kolab Systems) <shopov at kolabsys.com>
> Date:   Thu Jun 23 12:55:37 2011 +0300
>
>     Adding ACL checking for ActiveSync. Removing duplicated menu  
> Items. Hiding menu and functionalities depends on ACL.
>
>     Changinf package xml with adding file tasks.
>
> diff --git a/lib/KolabAdmin/include/menu.php  
> b/lib/KolabAdmin/include/menu.php
> index b079453..e1bc874 100644
> --- a/lib/KolabAdmin/include/menu.php
> +++ b/lib/KolabAdmin/include/menu.php
> @@ -3,7 +3,8 @@
>   *  Copyright (c) 2004 Klarälvdalens Datakonsult AB
>   *
>   *    Written by Steffen Hansen <steffen at klaralvdalens-datakonsult.se>
> - *
> + *	  Updated by Bogomil Shopov <shopov at kolabsys.com>
> + *
>   *  This  program is free  software; you can redistribute  it and/or
>   *  modify it  under the terms of the GNU  General Public License as
>   *  published by the  Free Software Foundation; either version 2, or
> @@ -20,8 +21,28 @@
>
>  require_once('locale.php');
>
> +/*
> + * z-Push part for activesync
> + *
> + * */
> +
> +include_once '@www_dir@/z-push/config.php';
> +$showasmenu=true;
> +if(defined('KOLAB_LDAP_ACL') and KOLAB_LDAP_ACL !=""){
> +	$showasmenu=false;
> +	$filter = '(member='.$_SESSION['auth_user'].')';
> +	$result = $ldap->search( KOLAB_LDAP_ACL, $filter);
> +	if (ldap_count_entries($ldap->connection, $result) > 0)
> +		$showasmenu=true;
> +}
> +
> +/*
> + * end z-push activesync part
> + * */
> +
>  $menuitems = array();
>
> +
>  if( $auth->group() == "admin" || $auth->group() == "maintainer" ||  
> $auth->group() == 'domain-maintainer' ) {
>    $menuitems['user'] = array( 'name' => _('Users'),
>  							  'url'  => $topdir.'/user/',
> @@ -39,14 +60,14 @@ if( $auth->group() == "admin" || $auth->group()  
> == "maintainer" || $auth->group(
>  												 array( 'name' => _('Forward Email'),
>  														'url'  => 'forward.php' ),
>  												 array( 'name' => _('Vacation'),
> -														'url'  => 'vacation.php' ),
> -												array( 'name' => _('ActiveSync'),
> -														'url'  => 'activesync.php' ),
> -																		));
> -
> +														'url'  => 'vacation.php' )
> +																	));
> +if($showasmenu){
> +
>  	$menuitems['activesync'] = array( 'name' => _('ActiveSync'),
>  							  'url'  => $topdir.'/user/activesync.php',
> -							  'title' => _('ActiveSync'));
> +							  'title' => _('ActiveSync'));
> + }
>  }
>  if( $auth->group() == "admin" || $auth->group() == "maintainer") {
>    $menuitems['addressbook'] = array( 'name' => _('Addressbook'),
> diff --git a/package.xml b/package.xml
> index 572b22c..c60bc4b 100644
> --- a/package.xml
> +++ b/package.xml
> @@ -121,7 +121,9 @@
>        <file name="headers.php" role="php" />
>        <file name="ldap.class.php" role="php" />
>        <file name="locale.php" role="php" />
> -      <file name="menu.php" role="php" />
> +      <file name="menu.php" role="php" >
> +      	<replace from="@www_dir@" to="www_dir" type="pear-config"/>
> +      	</file>
>        <file name="mysmarty.php" role="php" />
>        <file name="passwd.php" role="php" />
>        <file name="Sieve.php" role="php" />
> @@ -244,14 +246,15 @@
>        <file name="sf.php" role="www" />
>       </dir> <!-- /www/admin/sharedfolder -->
>       <dir name="user">
> -      <file name="activesync.php" role="www" />
> +      <file name="activesync.php" role="php">
> +      	<replace from="@www_dir@" to="www_dir" type="pear-config"/>
> +      </file>
>        <file name="deliver.php" role="www" />
>        <file name="forward.php" role="www" />
>        <file name="index.php" role="www" />
>        <file name="user.php" role="www" />
>        <file name="vacation.php" role="www" />
> -      <file name="activesync.php" role="www" />
> -     </dir> <!-- /www/admin/user -->
> +      </dir> <!-- /www/admin/user -->
>       <file name="custom.css" role="www" />
>       <file name="favicon.ico" role="www" />
>       <file name="favicon.png" role="www" />
> diff --git a/www/admin/user/activesync.php b/www/admin/user/activesync.php
> index 0b211cb..0c51e96 100755
> --- a/www/admin/user/activesync.php
> +++ b/www/admin/user/activesync.php
> @@ -27,12 +27,8 @@ require_once('KolabAdmin/include/authenticate.php');
>  require_once('KolabAdmin/include/form.class.php');
>  require_once('KolabAdmin/include/passwd.php');
>
> -//try to include ALL possible configuration files
> - at include_once '/kolab/var/kolab/www/z-push/config.php';
> - at include_once '/etc/z-push/config.php';
> - at include_once '/usr/share/z-push/config.php';
> - at include_once '/var/www/z-push/config.php';
> -
> +//include z-Push config file file
> +include_once '@www_dir@/z-push/config.php';

It was a lot of work to get hardcoded paths out of the web admin. You  
should avoid hardcoding the knowledge of the installation path to  
z-push in the code. While "@www_dir@" is variable it is being replaced  
with a hard coded path when building the distributable package. In  
theory the system administrator should be able to place the z-push  
application anywhere he would like. I know: on OpenPKG this is usually  
not the case but we shouldn't code specifically for OpenPKG.

So this should go into a configuration variable.

Cheers,

Gunnar

>
>
>  //define errors array
> @@ -43,6 +39,14 @@ if((@include_once  
> 'Horde/Kolab/Kolab_Zpush/lib/kolabActivesyncData.php') === fal
>  	$errors[] =_('zPush in not enabled in your system.');
>  }
>
> +//check for permissions ACL from zpush config file
> +if(defined('KOLAB_LDAP_ACL') and KOLAB_LDAP_ACL !=""){
> +	$filter = '(member='.$_SESSION['auth_user'].')';
> +	$result = $ldap->search( KOLAB_LDAP_ACL, $filter);
> +	if (ldap_count_entries($ldap->connection, $result) == 0)
> +		$errors[] ="You don't have permissions to manage your activeSync  
> devices.";
> +}
> +
>  /*read from her value of the KOLAB_LAXPIC
>   -1 = allow the user to select (or if the constant doesn't exist)
>   0  = same as the annotations (no lax mode just jpeg)

-- 
Core Developer
The Horde Project

e: wrobel at horde.org
t: +49 700 6245 0000
w: http://www.horde.org

pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de

More information about the devel mailing list