Location: PHPKode > projects > LDAP Navigator > ldapnavigator-0.9.6/modules/aci/aci.update.php
<?php

	// nothing to update
	if( ! is_array($aci ))
		return 0;

	
	if( ! $dn )
		ErrorPage( "Missing parameter",  "dn parameter is missing", "history.go(-1)" );

	if( ! $aci['name'] )
			ErrorPage( "Missing parameter",  "Choose a name for ACI", "history.go(-1)" );

	if( ! is_array($aci['permissions']) )
			ErrorPage( "Missing parameter",  "Choose at least one permission", "history.go(-1)" );

	$acitext = "(target=\"$aci[target]\")";
	
	// targetattributes restriction
	if( $aci['targetattr'] != "" ) {
		$tmp = split( "\r?\n", $aci['targetattr'] );
		foreach( $tmp as $var ) {
			$var = trim($var);
			if(  $var != "" )
				$attributes[] = $var;
		}
		if( count($attributes) > 0 ) {
			$text = implode( " || ", $attributes );
			$acitext .= "(targetattr =\"$text\")";
		}
	} else {
		$acitext .= "(targetattr =\"*\")";
	}
	
	$acitext .= "(version $aci[version]; acl \"$aci[name]\"; ";
	
	// grant and permissions
	// special case for all, we remove other permissions
	if( in_array( 'all',  $aci['permissions'] ) )
		$perms = 'all';
	else
		$perms = implode( ",", $aci['permissions'] );

	$acitext .= "$aci[grant] ($perms)";
	
	// target
	switch( $aci['bindingtype'] ) 
	{
	
	case "self" : 
	case "anyone" : 
	case "all" : 
		$target = 'userdn = "ldap:///' . $aci['bindingtype'] .'"';
		break;

	case "groupdn" : 
		$target = 'groupdn = "' . $aci['bindingdn'] . '"';
		break;

	case "userdn" : 
		$target = 'userdn = "' . $aci['bindingdn'] . '"';
		break;
		
	} // switch
		
	$acitext .= "($target);)";

	if( $config->directoryBrand == 'openldap' )
		$item = array( "OpenLDAPaci" => $acitext );
	else
		$item = array( "aci" => $acitext );

	if( $idx == -1 ) {

		/*
		adding a ACI
		*/
		debug( "ldap_mod_add( $ds, $dn, <br>aci[$acitext] )" );
		$ret = @ldap_mod_add( $ds, $dn, $item );
		if( ! $ret ) {
			ErrorPage( "LDAP error", ldap_error( $ds ) );
		} else {
			$statusMsg = "ACI $aci[name] created";
			unset( $aci );
		}

	} else {

		/*
		aci update is a bit harder:
		a) we get the current set of aci
		b) replace aci[idx] with our new aci ($acitext)
		c) process a ldap replace *at attribute level*, for all ACIs
		*/
		$sr = ldap_read( $ds, $dn, "objectclass=*", array('aci') );
		list( $tmpitem, $dummy ) = ldap_get_entries($ds, $sr );
		$item = array( 'aci' => $tmpitem['aci'] );
		$item['aci'][$idx] = $acitext;
		unset( $item['aci']['count'] );
		debug( "ldap_mod_replace( $ds, $dn, $acitext )" );
		$ret = @ldap_mod_replace( $ds, $dn, $item );
		if( ! $ret )
			ErrorPage( "LDAP error", ldap_error( $ds ) );
		else
			$statusMsg = "ACI $aci[name] updated";

	}


?>
Return current item: LDAP Navigator