ACL: Display user/group names (from ldap) instead of acl identifier

pull/6811/head
Aleksander Machniak 6 years ago
parent 7846505fa4
commit 7fa5180fcc

@ -28,6 +28,7 @@ CHANGELOG Roundcube Webmail
- Elastic: Fix keyboard navigation in some menus, e.g. the contact menu - Elastic: Fix keyboard navigation in some menus, e.g. the contact menu
- Elastic: Fix visual issue with long buttons in .boxwarning (#6797) - Elastic: Fix visual issue with long buttons in .boxwarning (#6797)
- Larry: Fix regression where menu actions didn't work with keyboard (#6740) - Larry: Fix regression where menu actions didn't work with keyboard (#6740)
- ACL: Display user/group names (from ldap) instead of acl identifier
- Password: Added ldap_exop driver (#4992) - Password: Added ldap_exop driver (#4992)
- Managesieve: Fix bug where global includes were requested for vacation (#6716) - Managesieve: Fix bug where global includes were requested for vacation (#6716)
- Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686) - Managesieve: Use RFC-compliant line endings, CRLF instead of LF (#6686)

@ -257,15 +257,14 @@ rcube_webmail.prototype.acl_add_row = function(o, sel)
cl = items[cl]; cl = items[cl];
if (cl == 'user') if (cl == 'user')
td.addClass(cl).append($('<a>').text(o.username)); td.addClass(cl).attr('title', o.title).append($('<a>').text(o.display));
else else
td.addClass(this.className + ' ' + rcmail.acl_class(o.acl, cl)).html('<span/>'); td.addClass(this.className + ' ' + rcmail.acl_class(o.acl, cl)).html('<span/>');
$(this).replaceWith(td); $(this).replaceWith(td);
}); });
row.attr('id', 'rcmrow'+id); row = row.attr({id: 'rcmrow' + id, 'data-userid': o.username}).get(0);
row = row.get(0);
this.env.acl[id] = o.acl; this.env.acl[id] = o.acl;
@ -339,7 +338,7 @@ rcube_webmail.prototype.acl_init_form = function(id)
}); });
if (!this.env.acl_specials.length || $.inArray(id, this.env.acl_specials) < 0) if (!this.env.acl_specials.length || $.inArray(id, this.env.acl_specials) < 0)
val = $('td.user', row).text(); val = $(row).data('userid');
else else
type = id; type = id;
} }

@ -439,13 +439,18 @@ class acl extends rcube_plugin
// filter out virtual rights (c or d) the server may return // filter out virtual rights (c or d) the server may return
$userrights = array_intersect($rights, $supported); $userrights = array_intersect($rights, $supported);
$userid = rcube_utils::html_identifier($user); $userid = rcube_utils::html_identifier($user);
$title = null;
if (!empty($this->specials) && in_array($user, $this->specials)) { if (!empty($this->specials) && in_array($user, $this->specials)) {
$user = $this->gettext($user); $username = $this->gettext($user);
}
else {
$username = $this->resolve_acl_identifier($user, $title);
} }
$table->add_row(array('id' => 'rcmrow'.$userid)); $table->add_row(array('id' => 'rcmrow' . $userid, 'data-userid' => $user));
$table->add('user', html::a(array('id' => 'rcmlinkrow'.$userid), rcube::Q($user))); $table->add(array('class' => 'user text-nowrap', 'title' => $title),
html::a(array('id' => 'rcmlinkrow' . $userid), rcube::Q($username)));
foreach ($items as $key => $right) { foreach ($items as $key => $right) {
$in = $this->acl_compare($userrights, $right); $in = $this->acl_compare($userrights, $right);
@ -515,9 +520,15 @@ class acl extends rcube_plugin
if ($user != $_SESSION['username'] && $username != $_SESSION['username']) { if ($user != $_SESSION['username'] && $username != $_SESSION['username']) {
if ($this->rc->storage->set_acl($mbox, $user, $acl)) { if ($this->rc->storage->set_acl($mbox, $user, $acl)) {
$ret = array('id' => rcube_utils::html_identifier($user), $display = $this->resolve_acl_identifier($username, $title);
'username' => $username, 'acl' => implode($acl), 'old' => $oldid); $this->rc->output->command('acl_update', array(
$this->rc->output->command('acl_update', $ret); 'id' => rcube_utils::html_identifier($user),
'username' => $username,
'title' => $title,
'display' => $display,
'acl' => implode($acl),
'old' => $oldid
));
$result++; $result++;
} }
} }
@ -608,8 +619,9 @@ class acl extends rcube_plugin
} }
} }
if (count($list) == count($supported)) if (count($list) == count($supported)) {
return rcube::Q($this->gettext('aclfull')); return rcube::Q($this->gettext('aclfull'));
}
return html::tag('ul', $attrib, implode("\n", $list)); return html::tag('ul', $attrib, implode("\n", $list));
} }
@ -636,11 +648,14 @@ class acl extends rcube_plugin
$cnt1 = count($res); $cnt1 = count($res);
$cnt2 = count($acl2); $cnt2 = count($acl2);
if ($cnt1 == $cnt2) if ($cnt1 == $cnt2) {
return 2; return 2;
else if ($cnt1) }
if ($cnt1) {
return 1; return 1;
else }
return 0; return 0;
} }
@ -787,4 +802,51 @@ class acl extends rcube_plugin
return $user; return $user;
} }
/**
* Resolve acl identifier to user/group name
*/
protected function resolve_acl_identifier($id, &$title = null)
{
if ($this->init_ldap()) {
$groups = $this->rc->config->get('acl_groups');
$prefix = $this->rc->config->get('acl_group_prefix');
$group_field = $this->rc->config->get('acl_group_field', 'name');
// Unfortunately this works only if group_field=name,
// list_groups() allows searching by group name only
if ($groups && $prefix && $group_field === 'name' && strpos($id, $prefix) === 0) {
$gid = substr($id, strlen($prefix));
$result = $this->ldap->list_groups($gid, rcube_addressbook::SEARCH_STRICT);
if (count($result) === 1 && ($record = $result[0])) {
if ($record[$group_field] === $gid) {
$display = $record['name'];
if ($display != $gid) {
$title = sprintf('%s (%s)', $display, $gid);
}
return $display;
}
}
return $id;
}
$this->ldap->set_pagesize('2');
// Note: 'uid' works here because we overwrite fieldmap in init_ldap() above
$result = $this->ldap->search('uid', $id, rcube_addressbook::SEARCH_STRICT);
if ($result->count === 1 && ($record = $result->first())) {
if ($record['uid'] === $id) {
$title = rcube_addressbook::compose_search_name($record);
$display = rcube_addressbook::compose_list_name($record);
return $display;
}
}
}
return $id;
}
} }

@ -3,7 +3,7 @@
"type": "roundcube-plugin", "type": "roundcube-plugin",
"description": "IMAP Folders Access Control Lists Management (RFC4314, RFC2086).", "description": "IMAP Folders Access Control Lists Management (RFC4314, RFC2086).",
"license": "GPLv3+", "license": "GPLv3+",
"version": "1.7", "version": "1.8",
"authors": [ "authors": [
{ {
"name": "Aleksander Machniak", "name": "Aleksander Machniak",

Loading…
Cancel
Save