LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Caching expiration of ACLs assigned to LDAP groups 

Fixes #2867
pull/222/head
Francis Lachapelle 2016-09-26 16:22:44 -04:00
parent 5cb85c4f4f
commit 44aa1352e4
2 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -25,6 +25,7 @@ Bug fixes
- [core] strip protocol value from proxyAddresses attribute (#3182) - [core] strip protocol value from proxyAddresses attribute (#3182)
- [core] we now search in all domain sources for Apple Calendar - [core] we now search in all domain sources for Apple Calendar
- [core] properly handle groups in Apple Calendar's delegation - [core] properly handle groups in Apple Calendar's delegation
- [core] fixed caching expiration of ACLs assigned to LDAP groups (#2867)
3.1.5 (2016-08-10) 3.1.5 (2016-08-10)
------------------ ------------------

36
SoObjects/SOGo/SOGoGCSFolder.m
View File

@ -1725,7 +1725,7 @@ static NSArray *childRecordFields = nil;
{ {
EOQualifier *qualifier; EOQualifier *qualifier;
NSString *uid, *uids, *qs, *objectPath, *domain; NSString *uid, *uids, *qs, *objectPath, *domain;
NSMutableArray *usersAndGroups; NSMutableArray *usersAndGroups, *groupsMembers;
NSMutableDictionary *aclsForObject; NSMutableDictionary *aclsForObject;
SOGoGroup *group; SOGoGroup *group;
unsigned int i; unsigned int i;
@ -1734,23 +1734,40 @@ static NSArray *childRecordFields = nil;
{ {
domain = [[context activeUser] domain]; domain = [[context activeUser] domain];
usersAndGroups = [NSMutableArray arrayWithArray: users]; usersAndGroups = [NSMutableArray arrayWithArray: users];
groupsMembers = [NSMutableArray array];
for (i = 0; i < [usersAndGroups count]; i++) for (i = 0; i < [usersAndGroups count]; i++)
{ {
uid = [usersAndGroups objectAtIndex: i]; uid = [usersAndGroups objectAtIndex: i];
if (![uid hasPrefix: @"@"]) if (![uid hasPrefix: @"@"])
{ {
// Prefix the UID with the character "@" when dealing with a group
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain]; group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
if (group) if (group)
[usersAndGroups replaceObjectAtIndex: i {
withObject: [NSString stringWithFormat: @"@%@", uid]]; NSArray *members;
SOGoUser *user;
unsigned int j;
// Fetch members to remove them from the cache along the group
members = [group members];
for (j = 0; j < [members count]; j++)
{
user = [members objectAtIndex: j];
[groupsMembers addObject: [user login]];
}
// Prefix the UID with the character "@" when dealing with a group
[usersAndGroups replaceObjectAtIndex: i
withObject: [NSString stringWithFormat: @"@%@", uid]];
}
} }
} }
objectPath = [objectPathArray componentsJoinedByString: @"/"]; objectPath = [objectPathArray componentsJoinedByString: @"/"];
aclsForObject = [[SOGoCache sharedCache] aclsForPath: objectPath]; aclsForObject = [[SOGoCache sharedCache] aclsForPath: objectPath];
if (aclsForObject) if (aclsForObject)
{ {
// Remove users, groups and groups members from the cache
[aclsForObject removeObjectsForKeys: usersAndGroups]; [aclsForObject removeObjectsForKeys: usersAndGroups];
[aclsForObject removeObjectsForKeys: groupsMembers];
[[SOGoCache sharedCache] setACLs: aclsForObject [[SOGoCache sharedCache] setACLs: aclsForObject
forPath: objectPath]; forPath: objectPath];
} }
@ -1805,6 +1822,7 @@ static NSArray *childRecordFields = nil;
NSMutableArray *newRoles; NSMutableArray *newRoles;
SOGoGroup *group; SOGoGroup *group;
objectPath = [objectPathArray componentsJoinedByString: @"/"];
aUID = uid; aUID = uid;
if (![uid hasPrefix: @"@"]) if (![uid hasPrefix: @"@"])
{ {
@ -1812,7 +1830,12 @@ static NSArray *childRecordFields = nil;
domain = [[context activeUser] domain]; domain = [[context activeUser] domain];
group = [SOGoGroup groupWithIdentifier: uid inDomain: domain]; group = [SOGoGroup groupWithIdentifier: uid inDomain: domain];
if (group) if (group)
aUID = [NSString stringWithFormat: @"@%@", uid]; {
aUID = [NSString stringWithFormat: @"@%@", uid];
// Remove all roles when defining ACLs for a group
[[SOGoCache sharedCache] setACLs: nil
forPath: objectPath];
}
} }
[self removeAclsForUsers: [NSArray arrayWithObject: aUID] [self removeAclsForUsers: [NSArray arrayWithObject: aUID]
forObjectAtPath: objectPathArray]; forObjectAtPath: objectPathArray];
@ -1823,12 +1846,11 @@ static NSArray *childRecordFields = nil;
[newRoles removeObject: SOGoRole_PublicUser]; [newRoles removeObject: SOGoRole_PublicUser];
[newRoles removeObject: SOGoRole_AuthorizedSubscriber]; [newRoles removeObject: SOGoRole_AuthorizedSubscriber];
[newRoles removeObject: SOGoRole_None]; [newRoles removeObject: SOGoRole_None];
objectPath = [objectPathArray componentsJoinedByString: @"/"];
if (![newRoles count]) if (![newRoles count])
[newRoles addObject: SOGoRole_None]; [newRoles addObject: SOGoRole_None];
[self _cacheRoles: newRoles forUser: uid [self _cacheRoles: newRoles forUser: aUID
forObjectAtPath: objectPath]; forObjectAtPath: objectPath];
[self _commitRoles: newRoles forUID: aUID forObject: objectPath]; [self _commitRoles: newRoles forUID: aUID forObject: objectPath];