1: <?php
  2: /**
  3:  * Copyright 2012-2014 Horde LLC (http://www.horde.org/)
  4:  *
  5:  * See the enclosed file COPYING for license information (GPL). If you
  6:  * did not receive this file, see http://www.horde.org/licenses/gpl.
  7:  *
  8:  * @category  Horde
  9:  * @copyright 2012-2014 Horde LLC
 10:  * @license   http://www.horde.org/licenses/gpl GPL
 11:  * @package   IMP
 12:  */
 13: 
 14: /**
 15:  * Special prefs handling for the 'aclmanagement' preference.
 16:  *
 17:  * @author    Michael Slusarz <slusarz@horde.org>
 18:  * @category  Horde
 19:  * @copyright 2012-2014 Horde LLC
 20:  * @license   http://www.horde.org/licenses/gpl GPL
 21:  * @package   IMP
 22:  */
 23: class IMP_Prefs_Special_Acl implements Horde_Core_Prefs_Ui_Special
 24: {
 25:     /**
 26:      */
 27:     public function init(Horde_Core_Prefs_Ui $ui)
 28:     {
 29:     }
 30: 
 31:     /**
 32:      */
 33:     public function display(Horde_Core_Prefs_Ui $ui)
 34:     {
 35:         global $injector, $notification, $page_output;
 36: 
 37:         $page_output->addScriptFile('acl.js');
 38: 
 39:         $acl = $injector->getInstance('IMP_Imap_Acl');
 40: 
 41:         $mbox = isset($ui->vars->mbox)
 42:             ? IMP_Mailbox::formFrom($ui->vars->mbox)
 43:             : IMP_Mailbox::get('INBOX');
 44: 
 45:         try {
 46:             $curr_acl = $acl->getACL($mbox);
 47:             if (!($canEdit = $acl->canEdit($mbox))) {
 48:                 $notification->push(_("You do not have permission to change access to this mailbox."), 'horde.warning');
 49:             }
 50:         } catch (IMP_Exception $e) {
 51:             $notification->push($e);
 52:             $canEdit = false;
 53:             $curr_acl = array();
 54:         }
 55: 
 56:         $rightslist = $acl->getRights();
 57: 
 58:         $iterator = new IMP_Ftree_IteratorFilter(
 59:             $injector->getInstance('IMP_Ftree')
 60:         );
 61:         $iterator->add($iterator::NONIMAP);
 62: 
 63:         $view = new Horde_View(array(
 64:             'templatePath' => IMP_TEMPLATES . '/prefs'
 65:         ));
 66:         $view->addHelper('FormTag');
 67:         $view->addHelper('Tag');
 68:         $view->addHelper('Text');
 69: 
 70:         $view->canedit = $canEdit;
 71:         $view->current = sprintf(_("Current access to %s"), $mbox->display_html);
 72:         $view->hasacl = count($curr_acl);
 73:         $view->mbox = $mbox->form_to;
 74:         $view->options = new IMP_Ftree_Select(array(
 75:             'basename' => true,
 76:             'iterator' => $iterator,
 77:             'selected' => $mbox
 78:         ));
 79: 
 80:         if ($view->hasacl) {
 81:             $cval = array();
 82: 
 83:             foreach ($curr_acl as $index => $rule) {
 84:                 $entry = array(
 85:                     'index' => $index,
 86:                     'rule' => array()
 87:                 );
 88: 
 89:                 if ($rule instanceof Horde_Imap_Client_Data_AclNegative) {
 90:                     $entry['negative'] = substr($index, 1);
 91:                 }
 92: 
 93:                 /* Create table of each ACL option for each user granted
 94:                  * permissions; enabled indicates the right has been given to
 95:                  * the user. */
 96:                 $rightsmbox = $acl->getRightsMbox($mbox, $index);
 97:                 foreach (array_keys($rightslist) as $val) {
 98:                     $entry['rule'][] = array(
 99:                         'disable' => !$canEdit || !$rightsmbox[$val],
100:                         'on' => $rule[$val],
101:                         'val' => $val
102:                     );
103:                 }
104:                 $cval[] = $entry;
105:             }
106: 
107:             $view->curr_acl = $cval;
108:         }
109: 
110:         $current_users = array_keys($curr_acl);
111:         $new_user = array();
112: 
113:         try {
114:             $auth_imap = $injector->getInstance('IMP_AuthImap');
115:             foreach ((array('anyone') + $auth_imap->listUsers()) as $user) {
116:                 if (!in_array($user, $current_users)) {
117:                     $new_user[] = htmlspecialchars($user);
118:                 }
119:             }
120: 
121:             $view->new_user = $new_user;
122:         } catch (IMP_Exception $e) {
123:             /* Ignore - admin user is not available. */
124:         } catch (Horde_Exception $e) {
125:             $notification->push('Could not authenticate as admin user to obtain ACLs. Perhaps your admin configuration is incorrect in config/backends.local.php?', 'horde.warning');
126:         }
127: 
128:         $rights = array();
129:         foreach ($rightslist as $key => $val) {
130:             $val['val'] = $key;
131:             $rights[] = $val;
132:         }
133:         $view->rights = $rights;
134: 
135:         $view->width = round(100 / (count($rights) + 2)) . '%';
136: 
137:         return $view->render('acl');
138:     }
139: 
140:     /**
141:      */
142:     public function update(Horde_Core_Prefs_Ui $ui)
143:     {
144:         global $injector, $notification;
145: 
146:         if ($ui->vars->change_acl_mbox) {
147:             return false;
148:         }
149: 
150:         $acl = $injector->getInstance('IMP_Imap_Acl');
151:         $mbox = IMP_Mailbox::formFrom($ui->vars->mbox);
152: 
153:         try {
154:             $curr_acl = $acl->getACL($mbox);
155:         } catch (IMP_Exception $e) {
156:             $notification->push($e);
157:             return;
158:         }
159: 
160:         if (!($acl_list = $ui->vars->acl)) {
161:             $acl_list = array();
162:         }
163:         $new_user = $ui->vars->new_user;
164: 
165:         if (strlen($new_user) && $ui->vars->new_acl) {
166:             if (isset($acl_list[$new_user])) {
167:                 $acl_list[$new_user] = $ui->vars->new_acl;
168:             } else {
169:                 try {
170:                     $acl->addRights($mbox, $new_user, implode('', $ui->vars->new_acl));
171:                     $notification->push(sprintf(_("ACL for \"%s\" successfully created for the mailbox \"%s\"."), $new_user, $mbox->label), 'horde.success');
172:                 } catch (IMP_Exception $e) {
173:                     $notification->push($e);
174:                 }
175:             }
176:         }
177: 
178:         foreach ($curr_acl as $index => $rule) {
179:             if (isset($acl_list[$index])) {
180:                 /* Check to see if ACL changed, but only compare rights we
181:                  * understand. */
182:                 $acldiff = $rule->diff(implode('', $acl_list[$index]));
183:                 $update = false;
184: 
185:                 try {
186:                     if ($acldiff['added']) {
187:                         $acl->addRights($mbox, $index, $acldiff['added']);
188:                         $update = true;
189:                     }
190:                     if ($acldiff['removed']) {
191:                         $acl->removeRights($mbox, $index, $acldiff['removed']);
192:                         $update = true;
193:                     }
194: 
195:                     if ($update) {
196:                         $notification->push(sprintf(_("ACL rights for \"%s\" updated for the mailbox \"%s\"."), $index, $mbox->label), 'horde.success');
197:                     }
198:                 } catch (IMP_Exception $e) {
199:                     $notification->push($e);
200:                 }
201:             } else {
202:                 /* If we dont see ANY form params, the user deleted all
203:                  * rights. */
204:                 try {
205:                     $acl->removeRights($mbox, $index, null);
206:                     $notification->push(sprintf(_("All rights on mailbox \"%s\" successfully removed for \"%s\"."), $mbox->label, $index), 'horde.success');
207:                 } catch (IMP_Exception $e) {
208:                     $notification->push($e);
209:                 }
210:             }
211:         }
212: 
213:         return false;
214:     }
215: 
216: }
217: