1377 |
|
|
1378 |
// helper function |
// helper function |
1379 |
function unroll_perm($u,$t,$user,$perm) { |
function unroll_perm($u,$t,$user,$perm) { |
1380 |
// check user |
|
1381 |
|
// check user FIX |
1382 |
if ($t & trmask_not && ($u==$user)) continue; |
if ($t & trmask_not && ($u==$user)) continue; |
1383 |
if (!($t & trmask_not) && ($u!=$user)) continue; |
if (!($t & trmask_not) && ($u!=$user)) continue; |
1384 |
|
|
1404 |
$path = "/"; |
$path = "/"; |
1405 |
while (count($path_arr)) { |
while (count($path_arr)) { |
1406 |
if (substr($path,strlen($path)-1,1) != "/") $path.="/"; |
if (substr($path,strlen($path)-1,1) != "/") $path.="/"; |
|
$path.=array_shift($path_arr); |
|
1407 |
$tr = $trustees[$path]; |
$tr = $trustees[$path]; |
|
|
|
1408 |
if (isset($tr)) { |
if (isset($tr)) { |
1409 |
// first apply trustee for all |
// first apply trustee for all |
1410 |
if (isset($tr['*'])) { |
if (isset($tr['*'])) { |
1412 |
unset($tr['*']); |
unset($tr['*']); |
1413 |
} |
} |
1414 |
// then apply group policies |
// then apply group policies |
1415 |
foreach ($tr as $u=>$t) { |
foreach ($tr as $g=>$t) { |
1416 |
if ($t & trmask_group && in_group($user,$u)) { |
if ($t & trmask_group && in_group($user,$g)) { |
1417 |
// resolv user |
// resolv user |
1418 |
$t = $t & ~trmask_group; |
$t = $t & ~trmask_group; |
1419 |
$u = $user; |
$perm = unroll_perm($user,$t,$user, $perm); |
1420 |
$perm = unroll_perm($u,$t,$user, $perm); |
unset($tr[$g]); |
|
unset($tr[$u]); |
|
1421 |
} |
} |
1422 |
} |
} |
1423 |
// then apply use policy |
// then apply user policy |
1424 |
if (isset($tr[$user])) { |
if (isset($tr[$user])) { |
1425 |
$perm = unroll_perm($user,$tr[$user],$user, $perm); |
$perm = unroll_perm($user,$tr[$user],$user, $perm); |
1426 |
unset($tr[$user]); |
unset($tr[$user]); |
1427 |
} |
} |
1428 |
|
$path.=array_shift($path_arr); |
1429 |
} |
} |
1430 |
|
|
1431 |
} |
} |