allow listing of acl groups and its members (with the acl module) foerste
authorMatthias Förste foerste@schlittermann.de
Tue, 13 Dec 2011 13:01:23 +0100
branchfoerste
changeset 63 96f567261e87
parent 62 69e1077f1de3
child 64 6a6c18cddf46
allow listing of acl groups and its members (with the acl module)
acl.pm
--- a/acl.pm	Tue Dec 13 09:22:25 2011 +0100
+++ b/acl.pm	Tue Dec 13 13:01:23 2011 +0100
@@ -27,6 +27,7 @@
 
 sub list_by_user($@);
 sub list_by_folder($);
+sub list_groups(@);
 sub uniq(@);
 sub verbose(@);
 sub prompt($$);
@@ -42,6 +43,7 @@
 sub AT_GROUP();
 sub AT_FORWARDINGADDRESS();
 sub AT_QUOTA();
+sub AT_ACLGROUPS();
 
 sub import(@) {
     $Cf = shift;
@@ -54,6 +56,7 @@
     import constant AT_ADDRESS           => $Cf->ldap_at_address;
     import constant AT_GROUP             => $Cf->ldap_at_group;
     import constant AT_FORWARDINGADDRESS => $Cf->ldap_at_forwardingaddress;
+    import constant AT_ACLGROUPS         => $Cf->ldap_at_aclgroups;
 
     $ubase = OU_ACCOUNTS . "," . $Cf->ldap_base;
     $abase = OU_ALIASES . "," . $Cf->ldap_base;
@@ -91,10 +94,11 @@
         push @{$nspat}, [qr/\Q$n\E($_->[1]|$)/, $_->[1]];
     }
 
-    if    ( $Cf->list )   { _list() }
+    if ( $Cf->add ) { _modify() }
+    elsif ( $Cf->delete ) { $Cf->acl('delete') ; _modify() }
+    elsif ( $Cf->list )   { _list() }
     elsif ( $Cf->modify ) { _modify() }
-    elsif ( $Cf->delete ) { $Cf->acl('delete') ; _modify() }
-    else { die "Need action (--delete|--modify|--list)\n" }
+    else { die "Need action (--add|--delete|--list|--modify)\n" }
 
 }
 
@@ -174,7 +178,12 @@
 
     die "option acl_admin required\n" unless $Cf->acl_admin;
 
-    if (@ARGV) {
+    if ($Cf->aclgroups) {
+
+        warn "--folder option ignored when listing groups" unless $Cf->folder ~~ [];
+        list_groups(@ARGV);
+
+    } elsif (@ARGV) {
 
 #        my $uid = $ARGV[0];
 #        # searching by more than use user may be too expensive
@@ -196,6 +205,41 @@
 
 }
 
+sub list_groups(@) {
+
+    @_ = ('*') unless @_;
+    my @ag = split ',', $Cf->imap_aclgroups;
+    my $ag_att = AT_ACLGROUPS;
+    my $filter = "(&($ag_att=*)"
+               . "(|" . join( "", map { "(uid=$_)" } @_ ) . "))";
+    my $r = $ldap->search(
+        attrs  => ['uid', AT_ACLGROUPS],
+        filter => $filter,
+        base   => $ubase,
+    );
+    die $r->error if $r->code;
+
+    unless ($r->count) {
+        print ("No aclgroups found in ldap\n");
+        exit 0;
+    }
+
+    my $users;
+    while (my $e = ($r->shift_entry)) {
+        my $uid = $e->get_value('uid');
+        my @ag_cur = split ',', $e->get_value($ag_att);
+        for (@ag) {
+            $users->{$_} = defined $users->{$_}
+            ? [@{$users->{$_}}, $uid]
+            : [ $uid ]
+            if $_ ~~ @ag_cur
+        }
+    }
+
+    print "$_:\n\t", join("\n\t", @{$users->{$_}}), "\n\n" for keys %{$users};
+
+}
+
 sub list_by_user($@) {
 
     my $imap = shift;