From 7fa5180fcc4b16126314c1444e303bc05da20fd4 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Mon, 17 Jun 2019 11:47:49 +0000 Subject: [PATCH] ACL: Display user/group names (from ldap) instead of acl identifier --- CHANGELOG | 1 + plugins/acl/acl.js | 7 ++- plugins/acl/acl.php | 92 ++++++++++++++++++++++++++++++++------- plugins/acl/composer.json | 2 +- 4 files changed, 82 insertions(+), 20 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index cbe7be903..1077b34cc 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -28,6 +28,7 @@ CHANGELOG Roundcube Webmail - Elastic: Fix keyboard navigation in some menus, e.g. the contact menu - Elastic: Fix visual issue with long buttons in .boxwarning (#6797) - Larry: Fix regression where menu actions didn't work with keyboard (#6740) +- ACL: Display user/group names (from ldap) instead of acl identifier - Password: Added ldap_exop driver (#4992) - Managesieve: Fix bug where global includes were requested for vacation (#6716) - Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) diff --git a/plugins/acl/acl.js b/plugins/acl/acl.js index 97975a299..67cd631cc 100644 --- a/plugins/acl/acl.js +++ b/plugins/acl/acl.js @@ -257,15 +257,14 @@ rcube_webmail.prototype.acl_add_row = function(o, sel) cl = items[cl]; if (cl == 'user') - td.addClass(cl).append($('').text(o.username)); + td.addClass(cl).attr('title', o.title).append($('').text(o.display)); else td.addClass(this.className + ' ' + rcmail.acl_class(o.acl, cl)).html(''); $(this).replaceWith(td); }); - row.attr('id', 'rcmrow'+id); - row = row.get(0); + row = row.attr({id: 'rcmrow' + id, 'data-userid': o.username}).get(0); this.env.acl[id] = o.acl; @@ -339,7 +338,7 @@ rcube_webmail.prototype.acl_init_form = function(id) }); if (!this.env.acl_specials.length || $.inArray(id, this.env.acl_specials) < 0) - val = $('td.user', row).text(); + val = $(row).data('userid'); else type = id; } diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php index 73a0fdacb..a7e43369d 100644 --- a/plugins/acl/acl.php +++ b/plugins/acl/acl.php @@ -407,10 +407,10 @@ class acl extends rcube_plugin } else { $items = array( - 'read' => 'lrs', - 'write' => 'wi', + 'read' => 'lrs', + 'write' => 'wi', 'delete' => $deleteright, - 'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)), + 'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)), ); // give plugins the opportunity to adjust this list @@ -438,14 +438,19 @@ class acl extends rcube_plugin // filter out virtual rights (c or d) the server may return $userrights = array_intersect($rights, $supported); - $userid = rcube_utils::html_identifier($user); + $userid = rcube_utils::html_identifier($user); + $title = null; if (!empty($this->specials) && in_array($user, $this->specials)) { - $user = $this->gettext($user); + $username = $this->gettext($user); + } + else { + $username = $this->resolve_acl_identifier($user, $title); } - $table->add_row(array('id' => 'rcmrow'.$userid)); - $table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user))); + $table->add_row(array('id' => 'rcmrow' . $userid, 'data-userid' => $user)); + $table->add(array('class' => 'user text-nowrap', 'title' => $title), + html::a(array('id' => 'rcmlinkrow' . $userid), rcube::Q($username))); foreach ($items as $key => $right) { $in = $this->acl_compare($userrights, $right); @@ -515,9 +520,15 @@ class acl extends rcube_plugin if ($user != $_SESSION['username'] && $username != $_SESSION['username']) { if ($this->rc->storage->set_acl($mbox, $user, $acl)) { - $ret = array('id' => rcube_utils::html_identifier($user), - 'username' => $username, 'acl' => implode($acl), 'old' => $oldid); - $this->rc->output->command('acl_update', $ret); + $display = $this->resolve_acl_identifier($username, $title); + $this->rc->output->command('acl_update', array( + 'id' => rcube_utils::html_identifier($user), + 'username' => $username, + 'title' => $title, + 'display' => $display, + 'acl' => implode($acl), + 'old' => $oldid + )); $result++; } } @@ -608,8 +619,9 @@ class acl extends rcube_plugin } } - if (count($list) == count($supported)) + if (count($list) == count($supported)) { return rcube::Q($this->gettext('aclfull')); + } return html::tag('ul', $attrib, implode("\n", $list)); } @@ -636,12 +648,15 @@ class acl extends rcube_plugin $cnt1 = count($res); $cnt2 = count($acl2); - if ($cnt1 == $cnt2) + if ($cnt1 == $cnt2) { return 2; - else if ($cnt1) + } + + if ($cnt1) { return 1; - else - return 0; + } + + return 0; } /** @@ -787,4 +802,51 @@ class acl extends rcube_plugin return $user; } + + /** + * Resolve acl identifier to user/group name + */ + protected function resolve_acl_identifier($id, &$title = null) + { + if ($this->init_ldap()) { + $groups = $this->rc->config->get('acl_groups'); + $prefix = $this->rc->config->get('acl_group_prefix'); + $group_field = $this->rc->config->get('acl_group_field', 'name'); + + // Unfortunately this works only if group_field=name, + // list_groups() allows searching by group name only + if ($groups && $prefix && $group_field === 'name' && strpos($id, $prefix) === 0) { + $gid = substr($id, strlen($prefix)); + $result = $this->ldap->list_groups($gid, rcube_addressbook::SEARCH_STRICT); + + if (count($result) === 1 && ($record = $result[0])) { + if ($record[$group_field] === $gid) { + $display = $record['name']; + if ($display != $gid) { + $title = sprintf('%s (%s)', $display, $gid); + } + + return $display; + } + } + + return $id; + } + + $this->ldap->set_pagesize('2'); + // Note: 'uid' works here because we overwrite fieldmap in init_ldap() above + $result = $this->ldap->search('uid', $id, rcube_addressbook::SEARCH_STRICT); + + if ($result->count === 1 && ($record = $result->first())) { + if ($record['uid'] === $id) { + $title = rcube_addressbook::compose_search_name($record); + $display = rcube_addressbook::compose_list_name($record); + + return $display; + } + } + } + + return $id; + } } diff --git a/plugins/acl/composer.json b/plugins/acl/composer.json index a51cce323..7b80e4eaf 100644 --- a/plugins/acl/composer.json +++ b/plugins/acl/composer.json @@ -3,7 +3,7 @@ "type": "roundcube-plugin", "description": "IMAP Folders Access Control Lists Management (RFC4314, RFC2086).", "license": "GPLv3+", - "version": "1.7", + "version": "1.8", "authors": [ { "name": "Aleksander Machniak",