<?php
/*
*** NOTE this ACL stuff is only compatible with iPlanet / Netscape Directory server ***
here is the ACI syntax
aci: (<target>)(<version>;acl "<name>";allow(<permissions>)(<binding rule>);)
the terms used in these pages refers to the syntax above
*/
$pageTitle = "$config->appName > Access permissions for $dn";
/*********************************************************
* REFERENTIALS CREATION
*********************************************************/
// array of all possible permissions
$aPermissions = array (
"all", "read", "search", "compare", "write", "add", "delete", "selfwrite"
);
// target types : user based and group based
$aBindingTypes = array(
"userdn" => "User",
"groupdn" => "Group",
"anyone" => "Anyone",
"all" => "All authenticated user",
"self" => "Self access",
);
// type of granting : allow or deny
$aGrants = array (
"allow" => "Allow ",
"deny" => "Deny ",
);
/*********************************************************
* Get the aci(s) from the server
*********************************************************/
$sr = @ldap_read( $ds, $dn, "objectclass=*" );
if( ! $sr )
ErrorPage( "Error",
"Entry not found : " . ldap_error($ds) . "<br>Maybe someone has just deleted this entry ?",
"page.default.php"
);
// build the list of ACIs for the ACI chooser popup
$aciList = array();
$aciList[-1] = "Enter a new ACI";
if( ! isset($idx) )
$idx = -1;
$tmp = ldap_get_entries( $ds, $sr );
$entry = $tmp[0];
if( $entry['aci'] ) {
unset( $entry['aci']['count']);
// build the "Edit ACI" popup list. the _new_ item is for creating a new item
foreach( $entry['aci'] as $i => $acitext ) {
$aci = parse_aci( $acitext );
if( $aci ) {
$aciList[$i] = $aci['name'];
}
}
}
$wAclList = new Popup( "idx", $idx, $aciList, $sbL );
// The user choose "Crrate a new ACI", we initialize a default aci
if( $idx == -1 ) {
// the action button is an add button
$wUpdate = new Button( "Add", "formAction(this.form, 'aci.add' )", $btnM );
$aci = array(
"version" => "3.0",
"permissions" => array( "search", "read" ),
"bindingdn" => "ldap:///",
);
} else {
// the action button is an update button
$wUpdate = new Button( "Modify", "formAction(this.form, 'aci.update' )", $btnM );
// parse ACI into an information array ( only iPlanet ACI are supported for now )
$aci = parse_aci( $entry['aci'][$idx], "iplanet" );
}
// echo "<pre>"; print_r($aci); echo "</pre>";
// if the target is missing, we default it with the entry dn (correct)
if( ! $aci['target'] )
$aci['target'] = "ldap:///$dn";
// initialize special target types if needed
if( strtolower($aci['targetdn']) == "ldap:///anyone" )
$aci['targettype'] = "anyone";
elseif( strtolower($aci['targetdn']) == "ldap:///self" )
$aci['targettype'] = "self";
// page start
include_once( "./page.header.php" );
html::form( "submit.php", "post" );
html::hidden( "A", "aci.edit" );
html::hidden( "prevA", $A );
html::hidden( "dn", $dn );
html::hidden( "aci[target]", $aci['target'] );
html::hidden( "aci[version]", $aci['version'] );
FormStart( $pageTitle );
if( $statusMsg ) {
FormLine( " ", $statusMsg );
}
// autoreload form with the right ACI
$wAclList->addOption( "onChange=\"formAction(this.form,'aci.edit')\"" );
FormLine(
"ACI to edit : ", $wAclList
);
/////////////////////////////////////////// PERMISSIONS
FormLine(
"ACI name", new TextInput( "aci[name]", $aci['name'], $tbL )
);
/*FormLine(
"version", $aci['version']
);*/
$wPermissions = new CheckboxGroup( "aci[permissions][]", $aci['permissions'], $aPermissions );
$wPermissions->useHash(false);
$wAllowDeny = new Popup( 'aci[grant]', $aci['grant'], $aGrants, $sbS );
FormLine(
$wAllowDeny, $wPermissions
);
/////////////////////////////////////////// WHO IS CONCERNED
$wBindingType = new Popup( "aci[bindingtype]", $aci['bindingtype'], $aBindingTypes, $sbS );
$wBindingType->addOption( 'onChange="targetDnEnable(this)"' );
$wBindingDn = new TextInput( "aci[bindingdn]", $aci['bindingdn'], $tbL ) ;
if( $aci['bindingtype'] != "groupdn" && $aci['bindingtype'] != "userdn" ) {
$wBindingDn->addOption( "disabled=1" );
}
FormLine(
"For " . $wBindingType->toString(),
$wBindingDn
);
/////////////////////////////////////////// handle "attributes level" directives
if( isset( $aci['targetattr'] ) )
$useAttr = 1;
else
$useAttr = 0;
$wUseAttr = new Radio( "useAttr", "1" , $useAttr );
FormLine(
$wUseAttr->toString() . " Only on attributes:",
new Textarea( "aci[targetattr]", @implode( "\n", $aci['targetattr'] ), $taM )
);
// echo "idx=$idx test=", ($idx === "_new_");
// create button bar elements
$wDelete = new Button( "Delete", "formAction(this.form, 'aci.delete' )", $btnM );
$wCancel = new Button( "Cancel", "formAction(this.form, 'entry.properties' )", $btnM );
// display button bar
echo "<tr><td class=form colspan=2 align=right>",
$wUpdate->toString(),
$wDelete->toString(),
$wCancel->toString(),
"</td></tr>";
echo "</TABLE>\n",
"</FORM>\n";
// JS invoqued by form buttons
?>
<script language="javascript">
<!--
function formAction( formObj, actionStr )
{
// alert( "formAction( " + formObj + "," + actionStr +") idx=" + formObj.idx.value );
formObj.A.value = actionStr;
formObj.submit();
}
function targetDnEnable( widgetSelect )
{
frm = widgetSelect.form;
var currentVal = widgetSelect.options[widgetSelect.selectedIndex].value;
// alert( frm.elements['aci[targetdn]'] );
// targetdn textinput is editable only if type is userdn or groupdn
if( currentVal != 'userdn' && currentVal != 'groupdn' )
frm.elements['aci[bindingdn]'].disabled = true;
else
frm.elements['aci[bindingdn]'].disabled = false;
}
// -->
</script>
<?php
include("./page.footer.php");
?>