File Imap/Acl.php

  1: <?php
  2: /**
  3:  * Copyright 2003-2014 Horde LLC (http://www.horde.org/)
  4:  *
  5:  * See the enclosed file COPYING for license information (GPL). If you
  6:  * did not receive this file, see http://www.horde.org/licenses/gpl.
  7:  *
  8:  * @category  Horde
  9:  * @copyright 2003-2014 Horde LLC
 10:  * @license   http://www.horde.org/licenses/gpl GPL
 11:  * @package   IMP
 12:  */
 13: 
 14: /**
 15:  * Management of IMAP Access Control Lists.
 16:  *
 17:  * @author    Chris Hastie <imp@oak-wood.co.uk>
 18:  * @author    Michael Slusarz <slusarz@horde.org>
 19:  * @category  Horde
 20:  * @copyright 2003-2014 Horde LLC
 21:  * @license   http://www.horde.org/licenses/gpl GPL
 22:  * @package   IMP
 23:  */
 24: class IMP_Imap_Acl
 25: {
 26:     /**
 27:      * Cached data for getRightsMbox().
 28:      *
 29:      * @var array
 30:      */
 31:     protected $_cache = array();
 32: 
 33:     /**
 34:      * Retrieve the existing ACLs for a mailbox from the server.
 35:      *
 36:      * @param IMP_Mailbox $mbox  The mailbox to get the ACL for.
 37:      * @param boolean $user      Return only the current user's rights?
 38:      *
 39:      * @return mixed  If $user is false, see Horde_Imap_Client_Base::getACL().
 40:      *                If $user is true, see
 41:      *                Horde_Imap_Client_Base::getMyACLRights().
 42:      * @throws IMP_Exception
 43:      */
 44:     public function getACL(IMP_Mailbox $mbox, $user = false)
 45:     {
 46:         $imp_imap = $mbox->imp_imap;
 47: 
 48:         if ($imp_imap->access(IMP_Imap::ACCESS_ACL)) {
 49:             try {
 50:                 if ($user) {
 51:                     return $imp_imap->getMyACLRights($mbox);
 52:                 }
 53: 
 54:                 $ret = $imp_imap->getACL($mbox);
 55:                 $user = $imp_imap->getParam('username');
 56:                 if (!isset($ret[$user]) &&
 57:                     ($acl = $this->getACL($mbox, true))) {
 58:                     $ret[$user] = $acl;
 59:                 }
 60:                 return $ret;
 61:             } catch (IMP_Imap_Exception $e) {
 62:                 switch ($e->getCode()) {
 63:                 case $e::NOPERM:
 64:                     throw new IMP_Exception(_("You do not have permission to view the ACLs on this mailbox."));
 65:                 }
 66:             }
 67:         }
 68: 
 69:         $ret = new Horde_Imap_Client_Data_Acl(implode('', array_keys($this->getRights())));
 70:         unset($ret[Horde_Imap_Client::ACL_ADMINISTER]);
 71: 
 72:         return $user
 73:             ? $ret
 74:             : array($imp_imap->getParam('username') => $ret);
 75:     }
 76: 
 77:     /**
 78:      * Adds rights to an ACL on the server.
 79:      *
 80:      * @param IMP_Mailbox $mbox  The mailbox on which to edit the ACL.
 81:      * @param string $user       The user to grant rights to.
 82:      * @param string $rights     The rights to add.
 83:      *
 84:      * @throws IMP_Exception
 85:      */
 86:     public function addRights(IMP_Mailbox $mbox, $user, $rights)
 87:     {
 88:         $imp_imap = $mbox->imp_imap;
 89: 
 90:         if (!strlen($rights) || !$imp_imap->access(IMP_Imap::ACCESS_ACL)) {
 91:             return;
 92:         }
 93: 
 94:         try {
 95:             $imp_imap->setACL($mbox, $user, array(
 96:                 'action' => 'add',
 97:                 'rights' => $rights
 98:             ));
 99:         } catch (IMP_Imap_Exception $e) {
100:             throw new IMP_Exception(sprintf(_("Could not add rights for user \"%s\" for the mailbox \"%s\"."), $user, $mbox));
101:         }
102:     }
103: 
104:     /**
105:      * Removes rights to an ACL on the server.
106:      *
107:      * @param IMP_Mailbox $mbox  The mailbox on which to edit the ACL.
108:      * @param string $user       The user to remove rights from.
109:      * @param string $rights     The rights to remove.  If empty, removes the
110:      *                           entire ACL.
111:      *
112:      * @throws IMP_Exception
113:      */
114:     public function removeRights(IMP_Mailbox $mbox, $user, $rights)
115:     {
116:         $imap = $mbox->imp_imap;
117:         if (!$imap->access(IMP_Imap::ACCESS_ACL)) {
118:             return;
119:         }
120: 
121:         try {
122:             if (is_null($rights)) {
123:                 $imap->deleteACL($mbox, $user);
124:             } else {
125:                 $imap->setACL($mbox, $user, array(
126:                     'action' => 'remove',
127:                     'rights' => $rights
128:                 ));
129:             }
130:         } catch (IMP_Imap_Exception $e) {
131:             throw new IMP_Exception(sprintf(_("Could not remove rights for user \"%s\" for the mailbox \"%s\"."), $user, $mbox));
132:         }
133:     }
134: 
135:     /**
136:      * Can the current user edit the ACL for this mailbox?
137:      *
138:      * @param IMP_Mailbox $mbox  The mailbox name.
139:      *
140:      * @return boolean  True if the current user has administrative rights.
141:      */
142:     public function canEdit(IMP_Mailbox $mbox)
143:     {
144:         $rights = $this->getRightsMbox($mbox, $mbox->imp_imap->getParam('username'));
145:         return $rights[Horde_Imap_Client::ACL_ADMINISTER];
146:     }
147: 
148:     /**
149:      * Return master list of ACL rights.
150:      *
151:      * @return array  A list of ACL rights. Keys are the right identifiers,
152:      *                values are arrays containing two entries: 'desc' and
153:      *                'title'.
154:      */
155:     public function getRights()
156:     {
157:         return array(
158:             Horde_Imap_Client::ACL_LOOKUP => array(
159:                 'desc' => _("User can see the mailbox"),
160:                 'title' => _("List")
161:             ),
162:             Horde_Imap_Client::ACL_READ => array(
163:                 'desc' => _("Read messages"),
164:                 'title' => _("Read")
165:             ),
166:             Horde_Imap_Client::ACL_SEEN => array(
167:                 'desc' => _("Mark with Seen/Unseen flags"),
168:                 'title' => _("Mark (Seen)")
169:             ),
170:             Horde_Imap_Client::ACL_WRITE => array(
171:                 'desc' => _("Mark with other flags (e.g. Important/Answered)"),
172:                 'title' => _("Mark (Other)")
173:             ),
174:             Horde_Imap_Client::ACL_INSERT => array(
175:                 'desc' => _("Insert messages"),
176:                 'title' => _("Insert")
177:             ),
178:             Horde_Imap_Client::ACL_POST => array(
179:                 'desc' => _("Post to this mailbox (not enforced by IMAP)"),
180:                 'title' => _("Post")
181:             ),
182:             Horde_Imap_Client::ACL_ADMINISTER => array(
183:                 'desc' => _("Set permissions for other users"),
184:                 'title' => _("Administer")
185:             ),
186:             Horde_Imap_Client::ACL_CREATEMBOX => array(
187:                 'desc' => _("Create subfolders and rename mailbox"),
188:                 'title' => _("Create Subfolders/Rename Mailbox")
189:             ),
190:             Horde_Imap_Client::ACL_DELETEMBOX => array(
191:                 'desc' => _("Delete and rename mailbox"),
192:                 'title' => _("Delete/Rename Mailbox")
193:             ),
194:             Horde_Imap_Client::ACL_DELETEMSGS => array(
195:                 'desc' => _("Delete messages"),
196:                 'title' => _("Delete")
197:             ),
198:             Horde_Imap_Client::ACL_EXPUNGE => array(
199:                 'desc' => _("Purge messages"),
200:                 'title' => _("Purge")
201:             )
202:         );
203:     }
204: 
205:     /**
206:      * Return list of rights available on the server.
207:      *
208:      * @param IMP_Mailbox $mbox  The mailbox name.
209:      * @param string $user       The ACL identifier (user) to query.
210:      *
211:      * @return Horde_Imap_Client_Data_AclRights  An ACL rights object.
212:      */
213:     public function getRightsMbox(IMP_Mailbox $mbox, $user)
214:     {
215:         $smbox = strval($mbox);
216: 
217:         if (!isset($this->_cache[$smbox][$user])) {
218:             $imp_imap = $mbox->imp_imap;
219:             $ob = null;
220: 
221:             if ($imp_imap->access(IMP_Imap::ACCESS_ACL)) {
222:                 try {
223:                     $ob = $imp_imap->listACLRights($mbox, $user);
224:                 } catch (IMP_Imap_Exception $e) {}
225:             }
226: 
227:             $this->_cache[$smbox][$user] = is_null($ob)
228:                 ? new Horde_Imap_Client_Data_AclRights()
229:                 : $ob;
230:         }
231: 
232:         return $this->_cache[$smbox][$user];
233:     }
234: 
235: }
236:
Packages

Classes

Interfaces
