Adding ACL checking for ActiveSync. Removing duplicated menu Items. Hiding menu and functionalities depends on ACL.

Changinf package xml with adding file tasks.

3 files changed, 45 insertions, 17 deletions

diff --git a/lib/KolabAdmin/include/menu.php b/lib/KolabAdmin/include/menu.php
index b079453..e1bc874 100644
--- a/lib/KolabAdmin/include/menu.php
+++ b/lib/KolabAdmin/include/menu.php
@@ -3,7 +3,8 @@
  *  Copyright (c) 2004 Klarälvdalens Datakonsult AB
  *
  *    Written by Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
- *
+ *	  Updated by Bogomil Shopov <shopov@kolabsys.com>	
+ * 
  *  This  program is free  software; you can redistribute  it and/or
  *  modify it  under the terms of the GNU  General Public License as
  *  published by the  Free Software Foundation; either version 2, or
@@ -20,8 +21,28 @@
 
 require_once('locale.php');
 
+/*
+ * z-Push part for activesync
+ * 
+ * */
+ 
+include_once '@www_dir@/z-push/config.php';
+$showasmenu=true;
+if(defined('KOLAB_LDAP_ACL') and KOLAB_LDAP_ACL !=""){
+	$showasmenu=false;
+	$filter = '(member='.$_SESSION['auth_user'].')';
+	$result = $ldap->search( KOLAB_LDAP_ACL, $filter);
+	if (ldap_count_entries($ldap->connection, $result) > 0)
+		$showasmenu=true;
+}
+
+/*
+ * end z-push activesync part
+ * */
+
 $menuitems = array();
 
+
 if( $auth->group() == "admin" || $auth->group() == "maintainer" || $auth->group() == 'domain-maintainer' ) {
   $menuitems['user'] = array( 'name' => _('Users'),
 							  'url'  => $topdir.'/user/',
@@ -39,14 +60,14 @@ if( $auth->group() == "admin" || $auth->group() == "maintainer" || $auth->group(
 												 array( 'name' => _('Forward Email'),
 														'url'  => 'forward.php' ),
 												 array( 'name' => _('Vacation'),
-														'url'  => 'vacation.php' ),
-												array( 'name' => _('ActiveSync'),
-														'url'  => 'activesync.php' ),
-																		));
-																		
+														'url'  => 'vacation.php' )
+																	));
+if($showasmenu){
+	
 	$menuitems['activesync'] = array( 'name' => _('ActiveSync'),
 							  'url'  => $topdir.'/user/activesync.php',
-							  'title' => _('ActiveSync'));																		
+							  'title' => _('ActiveSync'));	
+ }																
 }
 if( $auth->group() == "admin" || $auth->group() == "maintainer") {
   $menuitems['addressbook'] = array( 'name' => _('Addressbook'),
diff --git a/package.xml b/package.xml
index 572b22c..c60bc4b 100644
--- a/package.xml
+++ b/package.xml
@@ -121,7 +121,9 @@
       <file name="headers.php" role="php" />
       <file name="ldap.class.php" role="php" />
       <file name="locale.php" role="php" />
-      <file name="menu.php" role="php" />
+      <file name="menu.php" role="php" >
+      	<replace from="@www_dir@" to="www_dir" type="pear-config"/>
+      	</file>
       <file name="mysmarty.php" role="php" />
       <file name="passwd.php" role="php" />
       <file name="Sieve.php" role="php" />
@@ -244,14 +246,15 @@
       <file name="sf.php" role="www" />
      </dir> <!-- /www/admin/sharedfolder -->
      <dir name="user">
-      <file name="activesync.php" role="www" />
+      <file name="activesync.php" role="php">
+      	<replace from="@www_dir@" to="www_dir" type="pear-config"/>
+      </file>
       <file name="deliver.php" role="www" />
       <file name="forward.php" role="www" />
       <file name="index.php" role="www" />
       <file name="user.php" role="www" />
       <file name="vacation.php" role="www" />
-      <file name="activesync.php" role="www" />
-     </dir> <!-- /www/admin/user -->
+      </dir> <!-- /www/admin/user -->
      <file name="custom.css" role="www" />
      <file name="favicon.ico" role="www" />
      <file name="favicon.png" role="www" />
diff --git a/www/admin/user/activesync.php b/www/admin/user/activesync.php
index 0b211cb..0c51e96 100755
--- a/www/admin/user/activesync.php
+++ b/www/admin/user/activesync.php
@@ -27,12 +27,8 @@ require_once('KolabAdmin/include/authenticate.php');
 require_once('KolabAdmin/include/form.class.php');
 require_once('KolabAdmin/include/passwd.php');
 
-//try to include ALL possible configuration files
-@include_once '/kolab/var/kolab/www/z-push/config.php';
-@include_once '/etc/z-push/config.php';
-@include_once '/usr/share/z-push/config.php';
-@include_once '/var/www/z-push/config.php';
-
+//include z-Push config file file
+include_once '@www_dir@/z-push/config.php';
 
 
 //define errors array
@@ -43,6 +39,14 @@ if((@include_once 'Horde/Kolab/Kolab_Zpush/lib/kolabActivesyncData.php') === fal
 	$errors[] =_('zPush in not enabled in your system.');
 }
 
+//check for permissions ACL from zpush config file
+if(defined('KOLAB_LDAP_ACL') and KOLAB_LDAP_ACL !=""){
+	$filter = '(member='.$_SESSION['auth_user'].')';
+	$result = $ldap->search( KOLAB_LDAP_ACL, $filter);
+	if (ldap_count_entries($ldap->connection, $result) == 0)
+		$errors[] ="You don't have permissions to manage your activeSync devices.";
+}
+
 /*read from her value of the KOLAB_LAXPIC
  -1 = allow the user to select (or if the constant doesn't exist) 
  0  = same as the annotations (no lax mode just jpeg)