- LSsession :

-> Les profils utilisateurs sont maintenant scalable. Il est possible
     de créer autant de profil voulu avec autant de droits alloués spécifiques
    -> LSsession :: whoami() et LSldapObject :: whoami() retourne la liste des profils
       correspondants à l'utilisateur connecté
        -> Les méthodes ont été modifiées pour prendre en compte cela en faisant la somme
           des droits de chaque profils :
          - LSsession :: canAccess()
          - LSsession :: relationCanAccess()
          - LSsession :: loadLSrights()
          - LSattribute :: myRigths()
    -> LSsession :: isAdmin() a été remplacé par isProfile() capable de redonner la meme
       information mais pour tout profil dont le nom est passé en paramètre
    -> LSsession :: loadLSrights() : gère la délagation de droits sur les objets répondant a un
       filtre particulier ou dont un certain attribut possède une certaine valeur
    -> LSexample :
        -> Ajout d'un attribut lsGodfatherDn pour la délégation de droit objet par objet
        -> Retravail des objets d'exemple pour faire en sorte de coller plus avec une réel
           utilisation
This commit is contained in:
Benjamin Renard 2008-11-12 16:57:40 +00:00
parent b03848b1a1
commit c48a57df45
7 changed files with 343 additions and 114 deletions

View file

@ -26,10 +26,14 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
'lscompany' 'lscompany'
), ),
'rdn' => 'ou', 'rdn' => 'ou',
'orderby' => 'displayValue', // Valeurs possibles : 'displayValue' ou 'subDn'
'container_dn' => 'ou=companies', 'container_dn' => 'ou=companies',
'select_display_attrs' => '%{ou}', 'select_display_attrs' => '%{ou}',
'label' => _('Sociétés'), 'label' => _('Sociétés'),
'attrs' => array ( 'attrs' => array (
/* ----------- start -----------*/
'ou' => array ( 'ou' => array (
'label' => _('Nom'), 'label' => _('Nom'),
'ldap_type' => 'ascii', 'ldap_type' => 'ascii',
@ -48,6 +52,9 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
'create' => 1 'create' => 1
) )
), ),
/* ----------- end -----------*/
/* ----------- start -----------*/
'description' => array ( 'description' => array (
'label' => _('Description'), 'label' => _('Description'),
'ldap_type' => 'ascii', 'ldap_type' => 'ascii',
@ -55,6 +62,35 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
'required' => 0, 'required' => 0,
'rights' => array( 'rights' => array(
'user' => 'r', 'user' => 'r',
'admin' => 'w',
'godfather' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsGodfatherDn' => array (
'label' => _('Parrain(s)'),
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'selectable_object' => array(
'object_type' => 'LSeepeople',
'value_attribute' => '%{dn}'
),
'validation' => array (
array (
'basedn' => '%{val}',
'result' => 1,
'msg' => _("Un ou plusieurs de ces utilisateurs n'existent pas.")
)
),
'multiple' => 1,
'rights' => array(
'admin' => 'w' 'admin' => 'w'
), ),
'view' => 1, 'view' => 1,
@ -63,6 +99,7 @@ $GLOBALS['LSobjects']['LSeecompany'] = array (
'create' => 1 'create' => 1
) )
) )
/* ----------- end -----------*/
) )
); );
?> ?>

View file

@ -40,6 +40,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'select_display_attrs' => '%{cn}', 'select_display_attrs' => '%{cn}',
'label' => _('Groupes'), 'label' => _('Groupes'),
'attrs' => array ( 'attrs' => array (
/* ----------- start -----------*/
'cn' => array ( 'cn' => array (
'label' => _('Nom'), 'label' => _('Nom'),
'ldap_type' => 'ascii', 'ldap_type' => 'ascii',
@ -59,13 +61,17 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'view' => 1, 'view' => 1,
'rights' => array( 'rights' => array(
'user' => 'r', 'user' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'r'
), ),
'form' => array ( 'form' => array (
'modify' => 1, 'modify' => 1,
'create' => 1 'create' => 1
) )
), ),
/* ----------- end -----------*/
/* ----------- start -----------*/
'gidNumber' => array ( 'gidNumber' => array (
'label' => _('Identifiant'), 'label' => _('Identifiant'),
'ldap_type' => 'numeric', 'ldap_type' => 'numeric',
@ -87,6 +93,9 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'modify' => 1 'modify' => 1
) )
), ),
/* ----------- end -----------*/
/* ----------- start -----------*/
'uniqueMember' => array ( 'uniqueMember' => array (
'label' => _('Membres'), 'label' => _('Membres'),
'ldap_type' => 'ascii', 'ldap_type' => 'ascii',
@ -101,7 +110,8 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
), ),
'view' => 1, 'view' => 1,
'rights' => array( 'rights' => array(
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'form' => array ( 'form' => array (
'modify' => 1, 'modify' => 1,
@ -115,7 +125,56 @@ $GLOBALS['LSobjects']['LSeegroup'] = array (
'value_attribute' => 'dn', // Spécifie le attributs dont la valeur sera retournée par 'value_attribute' => 'dn', // Spécifie le attributs dont la valeur sera retournée par
) )
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'description' => array (
'label' => _('Description'),
'ldap_type' => 'ascii',
'html_type' => 'textarea',
'multiple' => 1,
'rights' => array(
'user' => 'r',
'admin' => 'w',
'godfather' => 'r'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
) )
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsGodfatherDn' => array (
'label' => _('Parrain(s)'),
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'selectable_object' => array(
'object_type' => 'LSeepeople',
'value_attribute' => '%{dn}'
),
'validation' => array (
array (
'basedn' => '%{val}',
'result' => 1,
'msg' => _("Un ou plusieurs de ces utilisateurs n'existent pas.")
)
),
'multiple' => 1,
'rights' => array(
'admin' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
)
),
/* ----------- end -----------*/
) )
); );
?> ?>

View file

@ -82,7 +82,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'mail', 'mail',
'userPassword', 'userPassword',
'description', 'description',
'jpegPhoto' 'jpegPhoto',
'lsGodfatherDn'
) )
), ),
'Posix' => array ( 'Posix' => array (
@ -135,8 +136,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
), ),
'rights' => array( 'rights' => array(
'self' => 'r', 'self' => 'r',
'user' => 'r', 'admin' => 'w',
'admin' => 'w' 'godfather' => 'r'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -169,7 +170,6 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
) )
), ),
'rights' => array( 'rights' => array(
'self' => 'r',
'admin' => 'w' 'admin' => 'w'
), ),
'view' => 1, 'view' => 1,
@ -192,9 +192,10 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
), ),
), ),
'rights' => array( 'rights' => array(
'self' => 'w', 'self' => 'r',
'users' => 'r', 'users' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -212,9 +213,10 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'html_type' => 'text', 'html_type' => 'text',
'required' => 1, 'required' => 1,
'rights' => array( 'rights' => array(
'self' => 'w', 'self' => 'r',
'user' => 'r', 'user' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -237,9 +239,10 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'required' => 1, 'required' => 1,
'validation' => 'valid', 'validation' => 'valid',
'rights' => array( 'rights' => array(
'self' => 'w', 'self' => 'r',
'user' => 'r', 'user' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -265,8 +268,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
) )
), ),
'rights' => array( 'rights' => array(
'self' => 'r', 'admin' => 'w',
'admin' => 'w' 'godfather' => 'r'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -303,7 +306,6 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'required' => 1, 'required' => 1,
'default_value' => 'no', 'default_value' => 'no',
'rights' => array( 'rights' => array(
'self' => 'r',
'admin' => 'w' 'admin' => 'w'
), ),
'view' => 1, 'view' => 1,
@ -340,7 +342,7 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'required' => 1, 'required' => 1,
'generate_function' => 'generate_homeDirectory', 'generate_function' => 'generate_homeDirectory',
'rights' => array( 'rights' => array(
'self' => 'r' 'admin' => 'r'
), ),
'view' => 1 'view' => 1
), ),
@ -367,7 +369,8 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'rights' => array( 'rights' => array(
'self' => 'r', 'self' => 'r',
'user' => 'r', 'user' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -385,9 +388,10 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'required' => 1, 'required' => 1,
'default_value' => 'M.', 'default_value' => 'M.',
'rights' => array( 'rights' => array(
'self' => 'w', 'self' => 'r',
'user' => 'r', 'user' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -409,9 +413,10 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'html_type' => 'textarea', 'html_type' => 'textarea',
'multiple' => 1, 'multiple' => 1,
'rights' => array( 'rights' => array(
'self' => 'w', 'self' => 'r',
'user' => 'r', 'user' => 'r',
'admin' => 'w' 'admin' => 'w',
'godfather' => 'w'
), ),
'view' => 1, 'view' => 1,
'form' => array ( 'form' => array (
@ -538,9 +543,38 @@ $GLOBALS['LSobjects']['LSeepeople'] = array (
'rights' => array( 'rights' => array(
'self' => 'w', 'self' => 'w',
'user' => 'r', 'user' => 'r',
'admin' => 'w',
'godfather' => 'w'
)
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsGodfatherDn' => array (
'label' => _('Parrain(s)'),
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'selectable_object' => array(
'object_type' => 'LSeepeople',
'value_attribute' => '%{dn}'
),
'validation' => array (
array (
'basedn' => '%{val}',
'result' => 1,
'msg' => _("Un ou plusieurs de ces utilisateurs n'existent pas.")
)
),
'multiple' => 1,
'rights' => array(
'admin' => 'w' 'admin' => 'w'
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1
) )
) ),
/* ----------- end -----------*/ /* ----------- end -----------*/
) // Fin args ) // Fin args

View file

@ -43,7 +43,8 @@ $GLOBALS['LSconfig'] = array(
'filter' => '(objectClass=*)', 'filter' => '(objectClass=*)',
'scope' => 'sub' 'scope' => 'sub'
), ),
'LSadmins' => array ( 'LSrights' => array (
'admin' => array (
'o=ls' => array ( 'o=ls' => array (
'uid=eeggs,ou=people,o=ls' => NULL 'uid=eeggs,ou=people,o=ls' => NULL
), ),
@ -54,6 +55,19 @@ $GLOBALS['LSconfig'] = array(
) )
) )
), ),
'godfather' => array (
'LSobjects' => array (
'LSeepeople' => array (
'attr' => 'lsGodfatherDn',
'attr_value' => '%{dn}',
'basedn' => 'ou=people,o=ls'
),
'LSeegroup' => array (
'filter' => 'lsGodfatherDn=%{dn}'
)
)
)
),
'cacheLSrights' => true, 'cacheLSrights' => true,
'cacheSearch' => true, 'cacheSearch' => true,
'authobject' => 'LSeepeople', 'authobject' => 'LSeepeople',
@ -95,7 +109,8 @@ $GLOBALS['LSconfig'] = array(
'filter' => '(objectClass=*)', 'filter' => '(objectClass=*)',
'scope' => 'sub' 'scope' => 'sub'
), ),
'LSadmins' => array ( 'LSrights' => array(
'admin' => array (
'o=ls' => array ( 'o=ls' => array (
'uid=eeggs,ou=people,o=ls' => NULL, 'uid=eeggs,ou=people,o=ls' => NULL,
'cn=adminldap,ou=groups,o=ls' => array ( 'cn=adminldap,ou=groups,o=ls' => array (
@ -103,6 +118,7 @@ $GLOBALS['LSconfig'] = array(
'LSobject' => 'LSeegroup' 'LSobject' => 'LSeegroup'
) )
) )
)
), ),
'authobject' => 'LSeepeople', 'authobject' => 'LSeepeople',
'levelLabel' => _('Société'), 'levelLabel' => _('Société'),

View file

@ -258,26 +258,32 @@ class LSattribute {
return $this -> _myRights; return $this -> _myRights;
} }
$return='n'; $return='n';
switch ($this -> ldapObject -> whoami()) { $whoami = $this -> ldapObject -> whoami();
foreach($whoami as $who) {
switch ($who) {
case 'admin': case 'admin':
if($this -> config['rights']['admin']=='w') { if($this -> config['rights']['admin']=='w') {
$return='w'; $return='w';
break;
} }
else { else {
$return='r'; $return='r';
} }
break; break;
case 'self': default:
if (($this -> config['rights']['self'] == 'w') || ($this -> config['rights']['self'] == 'r')) { if ($this -> config['rights'][$who] == 'w') {
$return=$this -> config['rights']['self']; $return='w';
break;
}
else if($this -> config['rights'][$who] == 'r') {
$return='r';
} }
break; break;
default: //user
if (($this -> config['rights']['user'] == 'w') || ($this -> config['rights']['user'] == 'r')) {
$return=$this -> config['rights']['user'];
} }
if ($return=='w') {
break; break;
} }
}
$this -> _myRights = $return; $this -> _myRights = $return;
return $return; return $return;
} }

View file

@ -42,9 +42,7 @@ class LSsession {
var $_JSconfigParams = array(); var $_JSconfigParams = array();
var $CssFiles = array(); var $CssFiles = array();
var $template = NULL; var $template = NULL;
var $LSrights = array ( var $LSrights = array();
'topDn_admin' => array ()
);
var $LSaccess = array(); var $LSaccess = array();
var $tmp_file = array(); var $tmp_file = array();
var $_subDnLdapServer = array(); var $_subDnLdapServer = array();
@ -1002,10 +1000,42 @@ class LSsession {
* @retval boolean True si le chargement à réussi, false sinon. * @retval boolean True si le chargement à réussi, false sinon.
**/ **/
function loadLSrights() { function loadLSrights() {
if (is_array($this -> ldapServer['LSadmins'])) { if (is_array($this -> ldapServer['LSrights'])) {
foreach ($this -> ldapServer['LSadmins'] as $topDn => $adminsInfos) { foreach ($this -> ldapServer['LSrights'] as $profile => $profileInfos) {
if (is_array($adminsInfos)) { if (is_array($profileInfos)) {
foreach($adminsInfos as $dn => $conf) { foreach ($profileInfos as $topDn => $rightsInfos) {
if ($topDn == 'LSobjects') {
if (is_array($rightsInfos)) {
foreach ($rightsInfos as $LSobject => $listInfos) {
if ($this -> loadLSobject($LSobject)) {
if ($object = new $LSobject()) {
if ($listInfos['filter']) {
$filter = $this -> LSuserObject -> getFData($listInfos['filter']);
}
else {
$filter = $listInfos['attr'].'='.$this -> LSuserObject -> getFData($listInfos['attr_value']);
}
$list = $object -> search($filter,$listInfos['basedn'],$listInfos['params']);
foreach($list as $obj) {
$this -> LSrights[$profile][] = $obj['dn'];
}
}
else {
LSdebug('Impossible de créer l\'objet de type : '.$LSobject);
}
}
else {
$GLOBALS['LSerror'] -> addErrorCode(1004,$LSobject);
}
}
}
else {
LSdebug('LSobjects => [] doit etre un tableau');
}
}
else {
if (is_array($rightsInfos)) {
foreach($rightsInfos as $dn => $conf) {
if ((isset($conf['attr'])) && (isset($conf['LSobject']))) { if ((isset($conf['attr'])) && (isset($conf['LSobject']))) {
if( $this -> loadLSobject($conf['LSobject']) ) { if( $this -> loadLSobject($conf['LSobject']) ) {
if ($object = new $conf['LSobject']()) { if ($object = new $conf['LSobject']()) {
@ -1013,7 +1043,7 @@ class LSsession {
$listDns=$object -> getValue($conf['attr']); $listDns=$object -> getValue($conf['attr']);
if (is_array($listDns)) { if (is_array($listDns)) {
if (in_array($this -> dn,$listDns)) { if (in_array($this -> dn,$listDns)) {
$this -> LSrights['topDn_admin'][] = $topDn; $this -> LSrights[$profile][] = $topDn;
} }
} }
} }
@ -1031,17 +1061,21 @@ class LSsession {
} }
else { else {
if ($this -> dn == $dn) { if ($this -> dn == $dn) {
$this -> LSrights['topDn_admin'][] = $topDn; $this -> LSrights[$profile][] = $topDn;
} }
} }
} }
} }
else { else {
if ( $this -> dn == $adminsInfos ) { if ( $this -> dn == $rightsInfos ) {
$this -> LSrights['topDn_admin'][] = $topDn; $this -> LSrights[$profile][] = $topDn;
}
} }
} }
} // fin else ($topDn == 'LSobjects')
} // fin foreach($profileInfos)
} // fin is_array($profileInfos)
} // fin foreach LSrights
LSdebug($this -> LSrights);
return true; return true;
} }
else { else {
@ -1143,21 +1177,24 @@ class LSsession {
} }
/** /**
* Dit si l'utilisateur est admin de le DN spécifié * Dit si l'utilisateur est du profil pour le DN spécifié
* *
* @param[in] string DN de l'objet * @param[in] string $profile de l'objet
* @param[in] string $dn DN de l'objet
* *
* @retval boolean True si l'utilisateur est admin sur l'objet, false sinon. * @retval boolean True si l'utilisateur est du profil sur l'objet, false sinon.
*/ */
function isAdmin($dn) { function isProfile($dn,$profile) {
foreach($this -> LSrights['topDn_admin'] as $topDn_admin) { if (is_array($this -> LSrights[$profile])) {
if($dn == $topDn_admin) { foreach($this -> LSrights[$profile] as $topDn) {
if($dn == $topDn) {
return true; return true;
} }
else if ( isCompatibleDNs($dn,$topDn_admin) ) { else if ( isCompatibleDNs($dn,$topDn) ) {
return true; return true;
} }
} }
}
return; return;
} }
@ -1169,15 +1206,19 @@ class LSsession {
* @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur * @retval string 'admin'/'self'/'user' pour Admin , l'utilisateur lui même ou un simple utilisateur
*/ */
function whoami($dn) { function whoami($dn) {
if ($this -> isAdmin($dn)) { $retval = array('user');
return 'admin';
foreach($this -> LSrights as $profile => $infos) {
if($this -> isProfile($dn,$profile)) {
$retval[]=$profile;
}
} }
if ($this -> dn == $dn) { if ($this -> dn == $dn) {
return 'self'; $retval[]='self';
} }
return 'user'; return $retval;
} }
/** /**
@ -1224,14 +1265,27 @@ class LSsession {
return; return;
} }
$r = 'n';
foreach($whoami as $who) {
$nr = $GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$who];
if($nr == 'w') {
$r = 'w';
}
else if($nr == 'r') {
if ($r=='n') {
$r='r';
}
}
}
if (($right=='r')||($right=='w')) { if (($right=='r')||($right=='w')) {
if ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]==$right) { if ($r==$right) {
return true; return true;
} }
return; return;
} }
else { else {
if ( ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='r') || ($GLOBALS['LSobjects'][$LSobject]['attrs'][$attr]['rights'][$whoami]=='w') ) { if ( ($r=='r') || ($r=='w') ) {
return true; return true;
} }
return; return;
@ -1241,20 +1295,24 @@ class LSsession {
// Pour un attribut quelconque // Pour un attribut quelconque
if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) { if (is_array($GLOBALS['LSobjects'][$LSobject]['attrs'])) {
if (($right=='r')||($right=='w')) { if (($right=='r')||($right=='w')) {
foreach($whoami as $who) {
foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) { foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) {
if ($attr_config['rights'][$whoami]==$right) { if ($attr_config['rights'][$who]==$right) {
return true; return true;
} }
} }
} }
}
else { else {
foreach($whoami as $who) {
foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) { foreach ($GLOBALS['LSobjects'][$LSobject]['attrs'] as $attr_name => $attr_config) {
if ( ($attr_config['rights'][$whoami]=='r') || ($attr_config['rights'][$whoami]=='w') ) { if ( ($attr_config['rights'][$who]=='r') || ($attr_config['rights'][$who]=='w') ) {
return true; return true;
} }
} }
} }
} }
}
return; return;
} }
@ -1310,15 +1368,30 @@ class LSsession {
$whoami = $this -> whoami($dn); $whoami = $this -> whoami($dn);
if (($right=='w') || ($right=='r')) { if (($right=='w') || ($right=='r')) {
if ($GLOBALS['LSobjects'][$LSobject]['relations'][$relationName]['rights'][$whoami] == $right) { $r = 'n';
foreach($whoami as $who) {
$nr = $GLOBALS['LSobjects'][$LSobject]['relations'][$relationName]['rights'][$who];
if($nr == 'w') {
$r = 'w';
}
else if($nr == 'r') {
if ($r=='n') {
$r='r';
}
}
}
if ($r == $right) {
return true; return true;
} }
} }
else { else {
if (($GLOBALS['LSobjects'][$LSobject]['relations'][$relationName]['rights'][$whoami] == 'w') || ($GLOBALS['LSobjects'][$LSobject]['relations'][$relationName]['rights'][$whoami] == 'r')) { foreach($whoami as $who) {
if (($GLOBALS['LSobjects'][$LSobject]['relations'][$relationName]['rights'][$who] == 'w') || ($GLOBALS['LSobjects'][$LSobject]['relations'][$relationName]['rights'][$who] == 'r')) {
return true; return true;
} }
} }
}
return; return;
} }

View file

@ -19,6 +19,10 @@ attributetype ( LsLDAPAttribute:2 NAME 'lsRecoveryHash'
DESC 'Password Recover Hash' DESC 'Password Recover Hash'
EQUALITY caseIgnoreMatch EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( LsLDAPAttribute:3 NAME 'lsGodfatherDn'
SUP distinguishedName
DESC 'Godfather dn of this entry' )
# </Ls attributes> # </Ls attributes>
# <Ls Objectclass> # <Ls Objectclass>
@ -29,14 +33,14 @@ objectclass (LsLDAPObjectClass:1
MUST ( uid $ cn ) MUST ( uid $ cn )
MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $ MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $
telephoneNumber $ mobile $ fax $ mail $ personalTitle $ description $ telephoneNumber $ mobile $ fax $ mail $ personalTitle $ description $
userPassword $ lsallowedservices $ lsRecoveryHash )) userPassword $ lsallowedservices $ lsRecoveryHash $ lsGodfatherDn ))
objectclass (LsLDAPObjectClass:3 objectclass (LsLDAPObjectClass:3
NAME 'lsgroup' NAME 'lsgroup'
DESC 'LS group Objectclass' DESC 'LS group Objectclass'
STRUCTURAL STRUCTURAL
MUST ( cn ) MUST ( cn )
MAY ( uniquemember $ description )) MAY ( uniquemember $ description $ lsGodfatherDn ))
objectclass (LsLDAPObjectClass:4 objectclass (LsLDAPObjectClass:4
NAME 'lssysaccount' NAME 'lssysaccount'
@ -50,7 +54,7 @@ objectclass ( LsLDAPObjectClass:5
SUP organizationalUnit SUP organizationalUnit
STRUCTURAL STRUCTURAL
MUST ( ou ) MUST ( ou )
MAY ( description )) MAY ( description $ lsGodfatherDn ))
# </Ls Objectclass> # </Ls Objectclass>