LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Caching expiration of ACLs assigned to LDAP groups 

Fixes #2867
pull/222/head
Francis Lachapelle 2016-09-26 16:22:44 -04:00
parent 5cb85c4f4f
commit 44aa1352e4
2 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -25,6 +25,7 @@ Bug fixes
- [core] strip protocol value from proxyAddresses attribute (#3182)
- [core] we now search in all domain sources for Apple Calendar
- [core] properly handle groups in Apple Calendar's delegation
- [core] fixed caching expiration of ACLs assigned to LDAP groups (#2867)
3.1.5 (2016-08-10)
------------------

36
SoObjects/SOGo/SOGoGCSFolder.m
View File

@ -1725,7 +1725,7 @@ static NSArray *childRecordFields = nil;
{
EOQualifier *qualifier;
NSString *uid, *uids, *qs, *objectPath, *domain;
NSMutableArray *usersAndGroups;
NSMutableArray *usersAndGroups, *groupsMembers;
NSMutableDictionary *aclsForObject;
SOGoGroup *group;
unsigned int i;
@ -1734,23 +1734,40 @@ static NSArray *childRecordFields = nil;
{
domain = [[context activeUser] domain];
usersAndGroups = [NSMutableArray arrayWithArray: users];
groupsMembers = [NSMutableArray array];
for (i = 0; i < [usersAndGroups count]; i++)
{
uid = [usersAndGroups objectAtIndex: i];
if (![uid hasPrefix: @"@"])
{
// Prefix the UID with the character "@" when dealing with a group
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
if (group)
[usersAndGroups replaceObjectAtIndex: i
withObject: [NSString stringWithFormat: @"@%@", uid]];
{
NSArray *members;
SOGoUser *user;
unsigned int j;
// Fetch members to remove them from the cache along the group
members = [group members];
for (j = 0; j < [members count]; j++)
{
user = [members objectAtIndex: j];
[groupsMembers addObject: [user login]];
}
// Prefix the UID with the character "@" when dealing with a group
[usersAndGroups replaceObjectAtIndex: i
withObject: [NSString stringWithFormat: @"@%@", uid]];
}
}
}
objectPath = [objectPathArray componentsJoinedByString: @"/"];
aclsForObject = [[SOGoCache sharedCache] aclsForPath: objectPath];
if (aclsForObject)
{
// Remove users, groups and groups members from the cache
[aclsForObject removeObjectsForKeys: usersAndGroups];
[aclsForObject removeObjectsForKeys: groupsMembers];
[[SOGoCache sharedCache] setACLs: aclsForObject
forPath: objectPath];
}
@ -1805,6 +1822,7 @@ static NSArray *childRecordFields = nil;
NSMutableArray *newRoles;
SOGoGroup *group;
objectPath = [objectPathArray componentsJoinedByString: @"/"];
aUID = uid;
if (![uid hasPrefix: @"@"])
{
@ -1812,7 +1830,12 @@ static NSArray *childRecordFields = nil;
domain = [[context activeUser] domain];
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
if (group)
aUID = [NSString stringWithFormat: @"@%@", uid];
{
aUID = [NSString stringWithFormat: @"@%@", uid];
// Remove all roles when defining ACLs for a group
[[SOGoCache sharedCache] setACLs: nil
forPath: objectPath];
}
}
[self removeAclsForUsers: [NSArray arrayWithObject: aUID]
forObjectAtPath: objectPathArray];
@ -1823,12 +1846,11 @@ static NSArray *childRecordFields = nil;
[newRoles removeObject: SOGoRole_PublicUser];
[newRoles removeObject: SOGoRole_AuthorizedSubscriber];
[newRoles removeObject: SOGoRole_None];
objectPath = [objectPathArray componentsJoinedByString: @"/"];
if (![newRoles count])
[newRoles addObject: SOGoRole_None];
[self _cacheRoles: newRoles forUser: uid
[self _cacheRoles: newRoles forUser: aUID
forObjectAtPath: objectPath];
[self _commitRoles: newRoles forUID: aUID forObject: objectPath];