File Imap/Acl.php

  1: <?php
  2: /**
  3:  * Contains functions related to managing IMAP Access Control Lists.
  4:  *
  5:  * Copyright 2003-2012 Horde LLC (http://www.horde.org/)
  6:  *
  7:  * See the enclosed file COPYING for license information (GPL). If you
  8:  * did not receive this file, see http://www.horde.org/licenses/gpl.
  9:  *
 10:  * @author   Chris Hastie <imp@oak-wood.co.uk>
 11:  * @author   Michael Slusarz <slusarz@horde.org>
 12:  * @category Horde
 13:  * @license  http://www.horde.org/licenses/gpl GPL
 14:  * @package  IMP
 15:  */
 16: class IMP_Imap_Acl
 17: {
 18:     /**
 19:      * Constructor.
 20:      *
 21:      * @throws IMP_Exception
 22:      */
 23:     public function __construct()
 24:     {
 25:         if (!$GLOBALS['session']->get('imp', 'imap_acl')) {
 26:             throw new IMP_Exception(_("ACLs not configured for this server."));
 27:         }
 28: 
 29:         if (!$GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create()->queryCapability('ACL')) {
 30:             throw new IMP_Exception(_("Server does not support ACLs."));
 31:         }
 32:     }
 33: 
 34:     /**
 35:      * Retrieve the existing ACLs for a mailbox from the server.
 36:      *
 37:      * @param IMP_Mailbox $mbox  The mailbox to get the ACL for.
 38:      * @param boolean $user      Return only the current user's rights?
 39:      *
 40:      * @return array  If $user is false, see Horde_Imap_Client_Base::getACL().
 41:      *                If $user is true, see
 42:      *                Horde_Imap_Client_Base::getMyACLRights().
 43:      * @throws IMP_Exception
 44:      */
 45:     public function getACL(IMP_Mailbox $mbox, $user = false)
 46:     {
 47:         try {
 48:             $imp_imap = $GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create();
 49:             return $user
 50:                 ? $imp_imap->getMyACLRights($mbox)
 51:                 : $imp_imap->getACL($mbox);
 52:         } catch (IMP_Imap_Exception $e) {
 53:             throw new IMP_Exception(_("Could not retrieve ACL"));
 54:         }
 55:     }
 56: 
 57:     /**
 58:      * Adds rights to an ACL on the server.
 59:      *
 60:      * @param IMP_Mailbox $mbox  The mailbox on which to edit the ACL.
 61:      * @param string $user       The user to grant rights to.
 62:      * @param string $rights     The rights to add.
 63:      *
 64:      * @throws IMP_Exception
 65:      */
 66:     public function addRights(IMP_Mailbox $mbox, $user, $rights)
 67:     {
 68:         if (!strlen($rights)) {
 69:             return;
 70:         }
 71: 
 72:         try {
 73:             $GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create()->setACL($mbox, $user, array(
 74:                 'rights' => $rights
 75:             ));
 76:         } catch (IMP_Imap_Exception $e) {
 77:             throw new IMP_Exception(sprintf(_("Could not add rights for user \"%s\" for the mailbox \"%s\"."), $user, $mbox));
 78:         }
 79:     }
 80: 
 81:     /**
 82:      * Removes rights to an ACL on the server.
 83:      *
 84:      * @param IMP_Mailbox $mbox  The mailbox on which to edit the ACL.
 85:      * @param string $user       The user to remove rights from.
 86:      * @param string $rights     The rights to remove.  If empty, removes the
 87:      *                           entire ACL.
 88:      *
 89:      * @throws IMP_Exception
 90:      */
 91:     public function removeRights(IMP_Mailbox $mbox, $user, $rights)
 92:     {
 93:         try {
 94:             $GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create()->setACL($mbox, $user, array(
 95:                 'remove' => true,
 96:                 'rights' => $rights
 97:             ));
 98:         } catch (IMP_Imap_Exception $e) {
 99:             throw new IMP_Exception(sprintf(_("Could not remove rights for user \"%s\" for the mailbox \"%s\"."), $user, $mbox));
100:         }
101:     }
102: 
103:     /**
104:      * Can the current user edit the ACL for this mailbox?
105:      *
106:      * @param IMP_Mailbox $mbox  The mailbox name.
107:      *
108:      * @return boolean  True if the current user has administrative rights.
109:      */
110:     public function canEdit(IMP_Mailbox $mbox)
111:     {
112:         $rights = $this->getRightsMbox($mbox, $GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create()->getParam('username'));
113:         return $rights[Horde_Imap_Client::ACL_ADMINISTER];
114:     }
115: 
116:     /**
117:      * Return master list of ACL rights.
118:      *
119:      * @return array  A list of ACL rights. Keys are the right identifiers,
120:      *                values are arrays containing two entries: 'desc' and
121:      *                'title'.
122:      */
123:     public function getRights()
124:     {
125:         return array(
126:             Horde_Imap_Client::ACL_LOOKUP => array(
127:                 'desc' => _("User can see the mailbox"),
128:                 'title' => _("List")
129:             ),
130:             Horde_Imap_Client::ACL_READ => array(
131:                 'desc' => _("Read messages"),
132:                 'title' => _("Read")
133:             ),
134:             Horde_Imap_Client::ACL_SEEN => array(
135:                 'desc' => _("Mark with Seen/Unseen flags"),
136:                 'title' => _("Mark (Seen)")
137:             ),
138:             Horde_Imap_Client::ACL_WRITE => array(
139:                 'desc' => _("Mark with other flags (e.g. Important/Answered)"),
140:                 'title' => _("Mark (Other)")
141:             ),
142:             Horde_Imap_Client::ACL_INSERT => array(
143:                 'desc' => _("Insert messages"),
144:                 'title' => _("Insert")
145:             ),
146:             Horde_Imap_Client::ACL_POST => array(
147:                 'desc' => _("Post to this mailbox (not enforced by IMAP)"),
148:                 'title' => _("Post")
149:             ),
150:             Horde_Imap_Client::ACL_ADMINISTER => array(
151:                 'desc' => _("Set permissions for other users"),
152:                 'title' => _("Administer")
153:             ),
154:             Horde_Imap_Client::ACL_CREATEMBOX => array(
155:                 'desc' => _("Create subfolders"),
156:                 'title' => _("Create Folders")
157:             ),
158:             Horde_Imap_Client::ACL_DELETEMBOX => array(
159:                 'desc' => _("Delete subfolders"),
160:                 'title' => _("Delete Folders")
161:             ),
162:             Horde_Imap_Client::ACL_DELETEMSGS => array(
163:                 'desc' => _("Delete messages"),
164:                 'title' => _("Delete")
165:             ),
166:             Horde_Imap_Client::ACL_EXPUNGE => array(
167:                 'desc' => _("Purge messages"),
168:                 'title' => _("Purge")
169:             )
170:         );
171:     }
172: 
173:     /**
174:      * Return list of rights available on the server.
175:      *
176:      * @param IMP_Mailbox $mbox  The mailbox name.
177:      * @param string $user       The ACL identifier (user) to query.
178:      *
179:      * @return Horde_Imap_Client_Data_AclRights  An ACL rights object.
180:      */
181:     public function getRightsMbox(IMP_Mailbox $mbox, $user)
182:     {
183:         try {
184:             return $GLOBALS['injector']->getInstance('IMP_Factory_Imap')->create()->listACLRights($mbox, $user);
185:         } catch (IMP_Imap_Exception $e) {
186:             return new Horde_Imap_Client_Data_AclRights(array(), array_keys($this->getRights()));
187:         }
188:     }
189: 
190: }
191:
Packages

Classes
