1393 |
} |
} |
1394 |
|
|
1395 |
// helper function |
// helper function |
1396 |
function unroll_perm($u,$t,$user,$perm) { |
function unroll_perm($u,$t,$user,$perm,$one_level) { |
1397 |
|
|
1398 |
// check user FIX |
if ($t & trmask_one_level && !$one_level) return $perm; |
1399 |
if ($t & trmask_not && ($u==$user)) continue; |
|
1400 |
if (!($t & trmask_not) && ($u!=$user)) continue; |
// user is user whose trustee is this |
1401 |
|
if ($t & trmask_not && ($u==$user)) return $perm; |
1402 |
|
if (!($t & trmask_not) && ($u!=$user)) return $perm; |
1403 |
|
|
1404 |
if ($t & trmask_deny) { |
if ($t & trmask_deny) { |
1405 |
if ($t & trmask_clear) { |
if ($t & trmask_clear) { |
1431 |
$tmppath.=array_shift($path_arr); |
$tmppath.=array_shift($path_arr); |
1432 |
$debug.= ">> $tmppath "; |
$debug.= ">> $tmppath "; |
1433 |
|
|
|
# clear one level flag |
|
|
$perm['allow'] &= ~trmask_one_level; |
|
|
$perm['deny'] &= ~trmask_one_level; |
|
|
|
|
1434 |
if (! isset($trustees[$tmppath])) continue; |
if (! isset($trustees[$tmppath])) continue; |
1435 |
$tr = $trustees[$tmppath]; |
$tr = $trustees[$tmppath]; |
1436 |
|
|
1437 |
|
$one_level = (!count($path_arr)); |
1438 |
|
$debug.=" O($one_level) "; |
1439 |
|
|
1440 |
if (isset($tr)) { |
if (isset($tr)) { |
1441 |
// first apply trustee for all |
// first apply trustee for all |
1442 |
if (isset($tr['*'])) { |
if (isset($tr['*'])) { |
1443 |
$perm = unroll_perm($user,$tr['*'],$user, $perm); |
$perm = unroll_perm($user,$tr['*'],'*', $perm, $one_level); |
1444 |
unset($tr['*']); |
unset($tr['*']); |
1445 |
} |
} |
1446 |
// then apply group policies |
// then apply group policies |
1448 |
if ($t & trmask_group && in_group($user,$g)) { |
if ($t & trmask_group && in_group($user,$g)) { |
1449 |
// resolv user |
// resolv user |
1450 |
$t = $t & ~trmask_group; |
$t = $t & ~trmask_group; |
1451 |
$perm = unroll_perm($user,$t,$user, $perm); |
$perm = unroll_perm($user,$t,$g, $perm, $one_level); |
1452 |
unset($tr[$g]); |
unset($tr[$g]); |
1453 |
} |
} |
1454 |
} |
} |
1455 |
// then apply user policy |
// then apply user policy |
1456 |
if (isset($tr[$user])) { |
if (isset($tr[$user])) { |
1457 |
$perm = unroll_perm($user,$tr[$user],$user, $perm); |
$perm = unroll_perm($user,$tr[$user],$user, $perm,$one_level); |
1458 |
unset($tr[$user]); |
unset($tr[$user]); |
1459 |
} |
} |
1460 |
} |
} |