Skip to content

Commit

Permalink
Caching expiration of ACLs assigned to LDAP groups
Browse files Browse the repository at this point in the history 
Fixes #2867
  • Loading branch information
@cgx
cgx committed Sep 26, 2016
1 parent 7daa672 commit 5ada002
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 7 deletions.
1 change: 1 addition & 0 deletions NEWS
View file
Expand Up @@ -22,6 +22,7 @@ Bug fixes
- [eas] properly escape all email and address fields
- [eas] properly generate yearly rrule
- [core] strip protocol value from proxyAddresses attribute (#3182)
- [core] fixed caching expiration of ACLs assigned to LDAP groups (#2867)
- [web] handle binary content transfer encoding when displaying mails

2.3.14 (2016-08-17)
Expand Down
36 changes: 29 additions & 7 deletions SoObjects/SOGo/SOGoGCSFolder.m
View file
Expand Up @@ -1740,7 +1740,7 @@ - (void) removeAclsForUsers: (NSArray *) users
{
EOQualifier *qualifier;
NSString *uid, *uids, *qs, *objectPath, *domain;
NSMutableArray *usersAndGroups;
NSMutableArray *usersAndGroups, *groupsMembers;
NSMutableDictionary *aclsForObject;
SOGoGroup *group;
unsigned int i;
Expand All @@ -1749,23 +1749,40 @@ - (void) removeAclsForUsers: (NSArray *) users
{
domain = [[context activeUser] domain];
usersAndGroups = [NSMutableArray arrayWithArray: users];
groupsMembers = [NSMutableArray array];
for (i = 0; i < [usersAndGroups count]; i++)
{
uid = [usersAndGroups objectAtIndex: i];
if (![uid hasPrefix: @"@"])
{
// Prefix the UID with the character "@" when dealing with a group
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
if (group)
[usersAndGroups replaceObjectAtIndex: i
withObject: [NSString stringWithFormat: @"@%@", uid]];
{
NSArray *members;
SOGoUser *user;
unsigned int j;

// Fetch members to remove them from the cache along the group
members = [group members];
for (j = 0; j < [members count]; j++)
{
user = [members objectAtIndex: j];
[groupsMembers addObject: [user login]];
}

// Prefix the UID with the character "@" when dealing with a group
[usersAndGroups replaceObjectAtIndex: i
withObject: [NSString stringWithFormat: @"@%@", uid]];
}
}
}
objectPath = [objectPathArray componentsJoinedByString: @"/"];
aclsForObject = [[SOGoCache sharedCache] aclsForPath: objectPath];
if (aclsForObject)
{
// Remove users, groups and groups members from the cache
[aclsForObject removeObjectsForKeys: usersAndGroups];
[aclsForObject removeObjectsForKeys: groupsMembers];
[[SOGoCache sharedCache] setACLs: aclsForObject
forPath: objectPath];
}
Expand Down Expand Up @@ -1813,14 +1830,20 @@ - (void) setRoles: (NSArray *) roles
NSMutableArray *newRoles;
SOGoGroup *group;

objectPath = [objectPathArray componentsJoinedByString: @"/"];
aUID = uid;
if (![uid hasPrefix: @"@"])
{
// Prefix the UID with the character "@" when dealing with a group
domain = [[context activeUser] domain];
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
if (group)
aUID = [NSString stringWithFormat: @"@%@", uid];
{
aUID = [NSString stringWithFormat: @"@%@", uid];
// Remove all roles when defining ACLs for a group
[[SOGoCache sharedCache] setACLs: nil
forPath: objectPath];
}
}
[self removeAclsForUsers: [NSArray arrayWithObject: aUID]
forObjectAtPath: objectPathArray];
Expand All @@ -1831,12 +1854,11 @@ - (void) setRoles: (NSArray *) roles
[newRoles removeObject: SOGoRole_PublicUser];
[newRoles removeObject: SOGoRole_AuthorizedSubscriber];
[newRoles removeObject: SOGoRole_None];
objectPath = [objectPathArray componentsJoinedByString: @"/"];

if (![newRoles count])
[newRoles addObject: SOGoRole_None];

[self _cacheRoles: newRoles forUser: uid
[self _cacheRoles: newRoles forUser: aUID
forObjectAtPath: objectPath];

[self _commitRoles: newRoles forUID: aUID forObject: objectPath];
Expand Down

0 comments on commit 5ada002

Please sign in to comment.