From a7d377349399c89fe2a886a55071cca0dd5c562f Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Wed, 15 Jan 2014 20:48:52 +0000 Subject: [PATCH] allow to set single account types read-only --- lam/HISTORY | 1 + lam/README | 2 +- lam/copyright | 2 +- lam/docs/manual-sources/howto.xml | 11 ++- .../manual-sources/images/configTypes2.png | Bin 40757 -> 43648 bytes lam/help/help.inc | 4 +- lam/lib/html.inc | 66 +++++++++++++++++- lam/lib/lists.inc | 6 +- lam/lib/modules.inc | 6 +- lam/lib/modules/imapAccess.inc | 6 +- lam/lib/modules/inetOrgPerson.inc | 6 +- lam/lib/modules/posixAccount.inc | 4 +- lam/lib/modules/posixGroup.inc | 4 +- lam/lib/modules/windowsUser.inc | 4 +- lam/lib/security.inc | 12 +++- lam/lib/types/dhcp.inc | 4 +- lam/lib/types/user.inc | 8 +-- lam/templates/config/conftypes.php | 18 ++++- lam/templates/delete.php | 4 +- lam/templates/massBuildAccounts.php | 2 +- lam/templates/massDoUpload.php | 2 +- lam/templates/masscreate.php | 9 ++- lam/templates/ou_edit.php | 53 +++++++------- lam/templates/pdfedit/pdfmain.php | 26 +++---- lam/templates/pdfedit/pdfpage.php | 4 +- lam/templates/profedit/profilemain.php | 32 +++++---- lam/templates/profedit/profilepage.php | 4 +- 27 files changed, 203 insertions(+), 97 deletions(-) diff --git a/lam/HISTORY b/lam/HISTORY index 4a26def9..5891c619 100644 --- a/lam/HISTORY +++ b/lam/HISTORY @@ -3,6 +3,7 @@ March 2014 4.5 - Personal: allow to set fields read-only - Added option to server profile if referrals should be followed (fixes problems with Samba 4 and AD) - LAM Pro: + -> Allow to set single account types read-only -> Separate IP restriction list for self service diff --git a/lam/README b/lam/README index 45f89438..790dff75 100644 --- a/lam/README +++ b/lam/README @@ -15,7 +15,7 @@ LAM - Readme https://www.ldap-account-manager.org/ - Copyright (C) 2003 - 2013 Roland Gruber + Copyright (C) 2003 - 2014 Roland Gruber Installation and documentation: Please see the LAM manual in docs/manual/index.html. diff --git a/lam/copyright b/lam/copyright index 9af51abd..4d6e970e 100644 --- a/lam/copyright +++ b/lam/copyright @@ -1,4 +1,4 @@ -This software is copyright (c) 2003 - 2013 by Roland Gruber +This software is copyright (c) 2003 - 2014 by Roland Gruber If you purchased a copy of LDAP Account Manager Pro then the following files are licensed under the conditions which you accepted at purchase diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml index 5411e565..f12934b9 100644 --- a/lam/docs/manual-sources/howto.xml +++ b/lam/docs/manual-sources/howto.xml @@ -19,7 +19,7 @@ https://www.ldap-account-manager.org/ - Copyright (C) 2003 - 2013 Roland Gruber + Copyright (C) 2003 - 2014 Roland Gruber <post@rolandgruber.de> Key features: @@ -1388,6 +1388,15 @@ Have fun! users. + + Read-only (LAM Pro only): + This allows to set a single account type to read-only mode. + Please note that this is a restriction on functional level (e.g. + group memberships can be changed on user page even if groups are + read-only) and is no replacement for setting up proper ACLs on + your LDAP server. + + Custom label: Here you can set a custom label for the account types. Use this if the diff --git a/lam/docs/manual-sources/images/configTypes2.png b/lam/docs/manual-sources/images/configTypes2.png index 69735f240b15d1cd9b10cedf4e3b8567283919e2..3e7bbb85cefaf44375f8d7a5b290b102ea37800f 100644 GIT binary patch literal 43648 zcmce8WmsInmMu{%!3n{GyE}~}jT79R-~j>z3Eq$d2*HB~cemgUAvld&LqkJwcc+ne zNba4PcV~XQ`R2XXAAFoXeK=iJyK2|kYp;ERRFq_%Vvt~}EQ81@shO15zn&1)*DjeXWNdF12%an{ z3C5Icd(=mPjxM)*);(=Y64mG*D=WUIZPda(gb*D%s|W4XJFpA6$B4uNUw`*vX=!=z z_vrlL3%9$bqM-c#GK>D_;3KIM!=D2b`<|4)2X$2ct&6m<>Z4_8`DCId7`2DCb)d<>BA^kvzvUqLHYGr1Qk@LIMucTRkI{HhywS zN;?Rvy6UjN`W$_)vU>s!H@$dIye@7YFz8hs^6HH{q2oeb+eX{p@$ZYl|yQJTL@9vdJE9SWCLL?XPCp3YGZhw;Xs_Y!)$>; zP%hiixue>UkwmebNFnU)=Dgc7G`?)Yp7&4Rerrr3mADg%Eq5lVBhNdJ#DRMxBqimv zHnI?4pi|{3bzhv3_p;U>cbBa~E)wKdU-qgeG_nK#@hMANT6!``yLNlWZoYM>Sid!; z#O?%EAP@jvn07w!X%6IK!Fc#NWG$<~#kvenxm)QItZd$5j^B3m=66|T;%5^kapzMf z%3E9lDafpXh|yKfb&7B`9i2TsQ!CrWO1n}D+^F6=-MlQpI#$=L+uv>;xB3Hg6n!bs z{+iBdbopYb`{{+nRz(yarTD47@$IfZP8{1<4Wt$1M!{Lx)Fe`7C@T4OvFNhZ7W8}fZ>k6Tzb`HzRQkmHjsI|Q-hnhvTaiMGQ35ggHO{1&B z(}5-bZyg;(tZhGHZuh#=7=uapxM`QJjoSkssS^+$AZ*xb<%TFyDtRdF5fw2wPRLWp zsZmk?<{Tmk$7y$#5ZqJmeBh7M;LqkHfI!*?-{0EU9G21Z&DY8) zcrQ#&2-W;p|HaS=-4W9v3lZo)~RF2Kfm1si4jaGpPM@GIiqTk!qCCsvP4;hzm zHLa~*vx|%N&<@T^Io!I|Pi$6F%sR0r`=`TiG;@(k1XAR}-ibKeCW|7#Y930BRj@14HL_|fb$&rzUnfEKKk4j5h zsJz8|VT09lYc?3U=0a(=Lva~A_!JR&O&>M%ikTj3Ys-MYCL|QVYo>$*$KTCP3DMAO z)uwPIBuoz^*24-dy88!)INszwx_?i!t-@lm3@K(hvK>w?s;)lIdgW@NvhT0v|L{+{ zvqS60O7wl3J)(2f&M!|ummxNaNe#GQEDB*lO5bRPw<@hBsGj$P(LHX(co-PU%u|-S zzTkr`2f|n#e_-(6o4 zd&}%FU4c%u9KsR5yu3UzA8xxeot!GgAcf2fUtS{`9wZ8MDz*7G<;$4pZzNu;Bq zW!ri1nlrIaJPj0tQ*m^rLpo#Gct-a7=we>VJ9Kial9fwZUo>RLT2X?(Y6nj0Nn`%$7IWWs zPzt^O@yT9S%&_ll&|u2t$xh3`8eO&R%nTf^@Lb&G0NZ#NTC9&WZ1%*;&87G7ctp3w z%fmx1O#2N7k2}BYFv9uqqcg@_S%xJK&VScDS8~bjHRqJ;EdtCqWHro{aRML;dJ|f#F`l&-MOQ^s$dJKx6BYb3f+!E#vX%=PN-Hgg1|AO} zt3U8Y_AdM5e2Uz^@*_LEJg*xrCB&inbLq#MjjNRAJY{vfU=e@tT=m+cTJ=ug2Nr!; zG^1lA@8)?#UqTK3>vP`p@Q8oCsY_R393LELb$oqQ3dX}vX{~f)TPT^Wn2vTSkNn0! zfD=s3Eu3A>`o^d{8y>TvhGc$V#f5piExclL%DhQmrk z*v}pCIpy3pjvF6v^|_^0gr_iGSu6U*u^Dc{ym@TACy(M+W*P?TqrIAKJ}+MB)#RS? z|ANDP6_w|31F?9tOCrBG{GQy$s@S5LKDVN@pttN<-XO-;2%;LY7)B z$-DRg#pdAR3b1&Np=Yc36$m#(HnOJ;8c2EKHIjSM7o@(KPNhU6u{Gh$xHkF0@D+9B zZavf9>?oJGx;N6g&3FidPAFhUuYt0`P-XK)RFs-@X!2Oahk32k>#or2!;>vviV(;1 zp6OH{8WOML<2`}Z*^43tA;`=o{KSh~_;CPsN}G|~bczt^-duK|{u0IYgRc384{1!s zwKugjJE)!>s2s-SQuNVW<%ot4trFeo8SPdD<41=pTXNAv?rvDt+ar~=w~Vt|`e?3Qrr+m?KE+z2o@%wEvS_a*-%Jeg%Mj7n zD6rwU`c8x=zWyYyz%A743=i<*I-MmvO)?{5H^L;Jg~8$SFL0)&bd;Y{Qjj};PR+4~2{v9*2)Z}eAwTU1KcoQp zm_R3+Q|(Y017D%ZDMCQblV@!DXXHGmPzL4HO6~m69Mx*WxL$M2R>PeY@@<6B^6&yr zauU1iZ7()uMXoZbRO^Jx{`;=1f(QzVQhNHXvt7FP(s%KdiqW}ui^TpL>#|RKO4|(7 zxVS`R;Q{* zA90<9(D@oP>Z`oy8{%jp^L3s~rd&S+X7Nx$<8o(+c4udW)sT@w!evQc?DalwB@cJS zz(BtaGZWF6mE=1e$^*fL{&6OnRY-LxyNLUGXfq^?B|b};VtyoF6|%~lj8nm}In{X- zS)}D%qBqq4mE91Y0;=3P9iVyez?1FDmCvxnam?OfkN<3!EJ@66JpL%Yg1~+r*UZlD z!-4nmPEsJmTlj}BQHbkuPyKvNnfvMT)t3`o;LE?Y?oEj(hh{O1pDIm{n5`jCuGhjD zUUw67l{1Wvau257K+g7x&UQh4#Mz~WZ@h`PYzN>w+zAG>cpOHDV=&`#2vNBYBoN_+ zMM&^2l57wA+xis9WMedh6lbv zo>Pdrri$VL#`}2KxpuVmT;^z;45moN7BmYf%6DH`6NrAh$!fs>D~yu6%( zY}5_5>(_tClN-S;AmIEyzd&thqt(e){n`DtN~%&c*0N& zv>*S_gMg}&J2>hvG`q7&kF9LJ9#Nf@$RNFc;T-^erAiRdP2)c-K5W&%o9-LYj0}Gq z=sj7Spnqmh-W`fn{)3ajUj&kUvej$-)9y4l_=^uk+C2h(Y1X zW~NLP7*mBbezg}kIN+#gb$yRhvp6m;F3a4l$&#Fc!bUfIcEgs)%X+i z=76ZbkhP$OlWyfH!WjIuy4pfon%`vTcX31?LC*6% zwa68Q112NeMyKlPlJ@_mSG_H-HPbZRjg^>`l$+gT(#NNnuQ0}K)0i9+V`^(Fp)8o%U|;BBb4#LO^1cIiJD(5GflLfc#2vT$&inGgtNCqjGZqE(<^ zM+JGLoW-bSP`p|z%{(*E^VN)_XeXuO7r4A&LmXkgAt=G9q4;yE{GGR5g9@TS?__hL z%KGcjTCF{z>cdv9x)>=CYWO*{7)q@v0juNUY>u^F=Idx43dW-x74Lol9cJ?%tnJel zagU6e+yM>&4czm6geoNd>Z+A4ZEPhO75lY_4N?}3i-*Ug<-r|yry>+XDWl}88NnPS ztXWIzLCqkxcQJm^OW;VNd9x86K0lpRC^W%eQDSL;0KZXJRB7+)sYx8}QhRGh^`n;G zMn(M_gKD!fxJbKH;%^#?_OVgWq12v zCyA!pYCjS!v$pQADC%`sW~{|%++tfO=>_ zTRTVTo{~=X_Aj^WWWAf%wDUSE#>6HaE{qM7rM2wa8ZXe*pjFk?u`_A^^5N(Rb7P~a z>3%hnJk#!jnC+Abn+etg=^$5fH%CVW<)QREN^zydCm$h8l}HGzEmag0MoQXX$<{4# z1pk1haieEFmRo9VO}TEZ*eFdJ6vVL+R9s930+H^pj904))Jh8pc^vaXw6#i@(w^oq zeD?FSvb5wG8vQNeuCu5*BLkN8@u9l@ga!=o%N521!5l1-DCBh2^7xY|26`b=tDxjW zUU84L)|+?s^}}p#ho!NOTZ@FwnfX>M?{xh3Y$THH+{5`U!ui4q(F2rk>n7`RFO}2V z!AN{C^_`#ec>|qmJ;;Nmo}W(KD~u zs2L78ri5C!i+9KV&v`d;oS=>}qh_SzH2t8v4!>AqRTXx(vcVJbSpn9nd4v~wKV6HS zNyfF$TpbJDilSpVtEi|Mu&n`TW2BOIhs5rx?%f#jECE>c^r!xAGRk)r8^LY&JEat) zdq&jklTx$X9R}~HF+W&?YQM|jVOKC8Uc;d7Fdt)_> zlH>hGUU@y=E|?J>KrxpPdmu$s;t5cZ$FKUGSMGd(^b!I~)T z2X5A?Kh|#1)gzwjAr`CY^X+F+#VK5nn3pebFanO&6mRC|i38wTmO~`A=CouyyU5*WB{^b222Xz5wWzj8A#91^q_kWJm2Cc zrKAiTThnZ~=#8~yDgJSD^^mn!fu|)^L3aUl`gSM+ff?lJsFmBNei9n$A0~}OFV3d8 zh>1p}2Cg8pv7CXw*UHDIpi^d>C&}2XcV1hFqVyHRfkKe7C843)zrXdyFJ;ydv58~0 z=+*=CCw6+#SA96WH{{vi+Z?2w5%47+M|(YQ4hQlNfM~T06pJ4Z~D#w!lZ zpr5|V3Uq5cymtI#KNS4&HkaQnQ7)$wn?l5H&R~XN)x!-d;cO*atQkU!w-Hwoc?0og z;eN?i3sUv0a z@ls(0>a{XwBqCxtd+%TB-(BAKkITtGBpi5zeDaYu)hEUoCudWK)pgsPzI8^8HY zLvUw+;q?yDkndYsOvKV3iinQTJR(grhH3<7LB4Nhz>vVlC@8nqp2Qj7K*Si`mnTLo zo+W#Xh4GYX zE5bkEbiQ^kA5IvZYS=_VIa6a7;y_fwWJdcpFm`<58r^q%)KSMh`NZPjaAGUI%!q-$ zRnYNL!QocysO9`>4$*jtRhS$LMaQ+$~ro@MOrnf*3(sMp)RC@&N>VDw6Xz6VW`{nK`V>(H!~z*?p1Cphb!!cjda_R#+;tM2f1E+Sl}6)2+-j&yJAR_* znL-+FTMQ7jx_{qiH67{qmkHX~Ahv;3RPkbC9EUWzWG%B^o<{yVUBj+%(I4Rh@MtX2 zz2Zp~!xPPohrE?PvwJbw4R5A8rk%9`HmD*rXQ`gMWb=R#cU6)g|cI_yk(MOTd2*YKSh~6_A?}y zOFFtF&yM!SrY3Tf%Tj9{5b$z{mq40oIyK-F{%QeAci9I&-Fpy~CJy7ik>4%GAkv0q zcSsHnRs_1xiTS*L|K3bHUd*TYw7VnU?rV+{p|D+1)cVt3-k`|llTaW(n8uSQF~eV~ z6!zsQx^b=R)7Ny&6k_h2KKHt4cpTUDIB0RaH#&pLFPWTl_Y$(U9E2aEOwO8TzoN@(^;j|X zN9}7gIrno;5f@;H)srSmEQgX8MtfB2YXFMQWqa5tLxmFxU2!UNwM!F&$OC+wv{SM1 z-hv-0epi?+JlnBobs$&qf|X|}4cmNcyaZ%Ap1<-s-Ue=3&NVV;L~f8mQf-Iuyc{ps z*x2afvlXwYNaK86-l_BWQQS>jX-Neo;r2|z_2*Z4JKjv}>~G(EYz%RxY&AlfnZ;U_ zlTi(&iYAFTg2%dcfuZlK$UuXc7|;ofGrYQ`A)r&9I9yp?&V~r7Ge)5<&Cxr^(&YzF`*zO{1-|O+);eXS zxkSxBmt-QE;MJm#O>-Y3BYXSZPE4Zjx(D$bXS)+es{^E_<>#6CnT&0wh>QjxD-@GI%X4a3}(nAae;SUQ~T_0Z}$tiHYv2^x)#@; zcAIz#bF3YFyw_Y!ne^EYxwax=Id{4-=9fd0D9s2jNfO9YOaQBnZ)umUM;CI(sn_z~ zO}_Uv$mL%AveO-di`1ptUF`h*^V2ael(@j8xdAXj zSfhLSj~|>I91aVgAEhZK=Bphg>++Nt)o1eGm@F(1aTwr)bP`jFUF{>>B--0!h{l}W zt%#V!nTA-C5a?X$Z`Sm=YrMC&8pM3eR$F<bY0#$TQ}(GheLYCK0RdFMSS4{H|7W72Rc-U=Wm* zHBwehUA^Y^vZz)&&_58HX>xFrV00i!;Qr-_W$klu8=naDAdnLEp`$#B_TIM%_Nh)P8}{1G z9(bN{)!@9fys3#hmK%O@u#r75rOGO&1)3yS7B%@2`;0BoTAaVyX5yEeTr_={u5hNc ze`bkpHM6h{rIe}{4GpZ=D5oN%x?bK=i08)}hxi;NOKM@8`SBro9!!NKZaRMYFR7M7 zGzA@T2MZD*xfINmhewCt&!2(mI^7t3yLV3`ue_RoLE)4w*IMPxhC{&&^O9;?eTtC! zeal1$sA$}IYgN%Q26lsHqJ7$aE?$vw{Og-cK8COK#ay$D{oK{-3zpw;&sIene6L=m z^0zkb%#|z!nazxiieEK3YQK85Ab^=$!1~i$*WmR;Ns(rmQJ8Z%>e-%`+h(@GXn}J) z$Lioj0h=PQkecn=A1m%$o~)M|P~+scF1)q2E|_(D{TllD^Zgais)$xF==DttzMZM5 zTAn?E-LRpHLU8@}@0U8DB6V2`3dQK?Xibdj`6$8>NZe%nRUNP3`!_{eC3-bB69wvP z{B|=ox@*miZoYF>^)3f7P%6}0+^0Jh0i8`ExKtv+Dk8zu7{PTDd~pQPu`(W=PN^gF zs9*EHIu+#15ZBE*hU4~SnuR;e;R!i{-35#}yu4;gTTGHqFatJG<;8B7;^zo4E#4lBfi-1!T~^;UsW86qZ-OMM?7OB)p`17|`5+1jol)z;12~ zzz=AKB?wuhEC-vtW*4lA=y|^nS4;6K85o2ya*6_;#|8w z6H9Y2HO+Lr7XWr#n@g*4b!9Cd(a_WOfD*SVVaDfFN*+mA>j)RAU*QEwUKAZA$8N#n z_#xvhCqCE6+S6kZ98#~_8{?T;JN@&W%vXM>&X48B_U?@4s&yzl5kiQOq4JYP1ne&P zvZus6LsotnBlTduJxW7*qC9f4O6$5z`(mma%>rNoK~C%O085NU1rTY_(YL0H&}VEU z_~42Pr|s=`^6cr>?`)=iC|O#%0`f8W!O<3)e&35h@@6zDr~0d@k*w?v;-HmrMKd9u zmsR%G_&xPw80D`6Q3~vf`@EMz)K~QV4 zfzye+_t7)9b!%JOt>k1f#jVkZWi4bT(R)`%k7LGHI}N}@T3lSL+Ey)Cf>|$cyT(0w zZS^7e_Oja6Zl-#y#mR7HG&h2tp1!m5R^-d~<`dx$n+i!>W?MDJ$|<6?=Ye~Cnwgm% zN2}V4nz!zWakyH)09V=jP3a=xBG_it-$ys0Z{VTS$-CepeVp9=4`1FHxP?*rYLQf% z`RC+#sHw?o#cc*bfBm|Ouyv!uvj&3~x9dX^oK{x&N{SY{Et2M1hX{f?fb?7w$a6Fx zv5S61_`hHhf4E3S1F@0=yy8PgkLr+du4HG&>A@L?$E1b$hcTVOCpq@8&I!#V86IqM zepbNGQql7BTdw~wQShiwjCByXOHthKEBovZ zG1JRXwAwCFdWB2R<(@ZeMS29~u3g8f_dmU4Bp6H+xbPLXH`jIVDxRK~kt7p!5(M47 zkn54{!2ABxqXR9?yulP$sga?M%8O?q9L6oYPUoC)h4P74(=mH3hLX42cOY~u_v)yl zm6*rsdf%`k16YX8&X|}O?46xYDY+%{`l^G{a7G6!`HqHTF?Lw>za@g8#J2#kc64}% zfr&Yk2C6j&bWgsOD#*SMn=Ns(2!vT?=Jy9lIVV3q-m@A?W$GCs3h5*oOgVZB*8m`u z<6t7sS>PVE5}9~v{N2lKcYAvH+bg{<+US8~8gvh4o(aQWJ0Eo%zc9C^-h=l}Vt=!N7IGKLK^lN4xTD)` zr*L)1)5dud*n5X#lwax9fFND{o#NiN+tWOevMzx8a<&>$BlX3{#x^rsq6x%C4*+Xx z3*me`XIAbxQ>Ltb_Z!u! zG}&byWi7k1cVm75ZaJFeJ=+-)(t7LDCNMv|k|PLaUgs?JB;8ccSi>y@`z|4Sn>Bob zy#54TDnQWHRm$#%`smj2gqeqBsXeeDP0@b3xFE1`25@f_v#n)Y*n8m=LbJ8X4gywr zA8)QTDC}G|)C}JCyufy=1p>yU?r=n|zh{f6oqX6Fq@DSOJ}^v>JT7HVw~-G<(_F!t7UZDkEDUK#+qlF^J`ldBwGi z8!XeS&O*z8AiD*7lh`c?>H;^O$tHe+sk zJc_xM;m==G`L~~|oA=OY1c+N$ji z2oG#v)B9v$0Y^nh9)dx_PwTx}Jk6$GeYt;gjXm!x;L$hk6fwZ5xhhBcz(4N&b8QoV z0PMTf#ZBWi!#4we%j z2418Vo~3DC&}bAWznYs%iQ_PY7t1Y0(tJ5vpRV+Zpje?uGAZnj=6{UFw!nF_{QMj( zU~l^xy4OniTGn06=a(cA5fKGt5FLufs~E7V1}z|a0cZ60Yh?c`rRshDEhT}eNPkFo z{u2s{1}g=iNMKn$a-`gd{)CHxazg{eBjDZaV72|=>|Ce%Z<%$sZ-`NTG6Z&KJ-lBZ z+6<~*`|7FoV50`tRx3`PK z$v5L09@{zS<>cgmgoWc8i2r^r3P2$f&r4**c)Hy#ZFH}Kq9SzkPEZ2m7Fxb1BoG2& zTh3zOnUBT;3f92O# z3;y#RjBbzPK~mDvUjhPl5RKaNpEM{6H2M@67#Oy={x)p50wpZ(V1#=b4XA)JzRkX;WM~y zPmLfDh@qi90NEbjS5i{)I@{fWR~LnZgd`=+Y>ee?I2C9JyY0?e4kVszjIFi#p(+Fb zY6#o0T*W{v@;DA-_UK+-DYd9ORBU;7N<>8D%Tv-*fS;iMn4g~yfItsVPiaX>Sz5fq zvoLy~1D2mF@v55zA(vHv7@?@hw$H+Ph-<$Mdo$Hxbp@&597!?4j+ z)c58p1>|=B!2=?8gC17rf$n)iC)Kyr7QW-k?RD=P)X&j|>!4epE{C#!LO zabaO$F)~I>Obq<5rCw-ANLJo_vlkGA<>3X%Ya}wO&R{Al4^2%?MYa942Ai<39`smd zrzm+3bl~1JU1`PR0Kk`lrGqL10e1FMpXh3K65Se10oei~9WjV-N*br)aBPvRq9UJwfHsqY zl9K&&Mb6kfkW^8z)}z_LyqunyaoZS`+G%+5>7@#{QoX^= z`GFZeK7QQCiAiZRE&wFwG6gfUvuoLhFj)<~*8zsm{%jWkFyj}%EKT#h5fT?SzDNrG zGn^`}gonjw6cGYegJdaqd9@DnVxGtAz0nN4zFq(a2L}IYblXFtvbVPv5)wL&0&Ze5 z3FK6O8m-pb8!r=+jIuHg!#byxJ_zzOATY4jW|*X=%#JYbz`00k^dI{mg*PCnqOaRm(LpgBlwf%gXjLr9y!9-&W80r)ldQDyfx3 zgoJ#S{m)mD*noACB^{PYIm+p@+yh84%XO{*`_jFR6JBHYnn+Ji4``32g@v_l zkY2ObnV8R2odP`|qz>Z`diIajzi?szLWs@r0+aSH1u@v9{M&%bcd8d*WR!h@bAEpQ zgiP=~!1(n+pAd8VXXXzNtK^zr9Ihk@IGi3ICkr^tbp+uH=~IgPT#aPO=vUiRTR@+! z7JOV-SO8WM;7)c%bD+Rie|L(LeGZ%iIA?N@>+$I+kfm>nW7Gex3#?5F-nS}%?L&ft z_pwR#Ol~Iln;>GSi_Ri;m|6x1Tr0_QRvmgB)3;3TF1fo|P^U~Aj zE-wBVOcYLY;bkR1R1Zx9vcD$?nJsTmDvHDRw*Pe#|3BL4|NmTszX?J)?*P)wlpvB@ zRxT;($W72QKoV*N2o@LBTFZPHKwhMGiE5NDkLvN)UobHEA{t~P^JV{_A%Y;u#Bcje zN+}JZ4Y1z_OprjpNRJ-^7yh0aagWT;cZ{ZQ^8*9^{w~Y*@&Y8^(-kN z`0gaibDXO=beDZzt^l0R9q1^9oVK>M%F4>%uLj`}ME6jB8-D|R!pg>DqIwvF4}d5U zu{0d8st5%2Pm?GMfw7H|``;4LFgL+{jzOiAYTa#*LqfY}?JfN8rw}S5H!St)e^bSm z;o#dJIN;~C&$g50A*7i)IK@*!n*61t zgv7>nef*7JIScQVvSl6h!~UUq3@@SQgDsXu_F-Nw+q~;rk65HK4?U9QJa(>`-xCn` z>^}ChsH-0XDA!+LIDtZF2VLVpPE8p$J#Fhn)^3m(?y_?6I8s{Dx-K|CTh? zy*MVuC7qNZ`-+epKhf|20lKgPsSfxv0%DFQRAJi|qoxJ6hWKZf^!(360yi}z>(Ud0 zOb3!J|#LPiL?-PlZfZNiG6o0^!pLtlSyH*&vzeU$#PweGcmMqi2{ z#De?6O8r?wgBt^#*p2EmmjAa8TfVk4KI!pp`-g=3=G?@UQ~#E{)tUyOp{SfB*I6BG zmu$S?@X>0St>>SgZd;b1@Q9Tw)J03==Z%ylyoM*`tvugrHOc6Hk)YmOD#0)!BAic7 zR>a>v3j=_;Qi`6lWdz8BIh;wO5yorS@M9Zd(O|@c3zW$iU!IX>8OW(dW~;}y)z@FF zj3Y73zc-RT3I4RIq&m|50QD4ra~Nb(EXRF*w5Ah3B3dGvA zvbSGd*V)@DySdm1&vkMwM=C#lbeWKlkeHD081)#aNeL(~NSy^6uxbXuo zu7!n#m0%}G1W;}RrEfcP&Tn7dQUEete*Q^6iOXF$=7|*U}B)H+3 zBS|X8y04w%{SLM(Arbg6MthzmylvN>lkv-Wax*Z+H(_q?U5aJU99@dFTU#V%b4W!S zyzs$5Sqy+K*E;jd4zvt;V(#ZL znT!bG+(&UO(XFi?+t!Y3$A9dOG>-uZnz)>j<>hgpy5@T=KqvRRAR4Os)Ob){62?VQ z@d{`yf4z`YKwFS9qVmUS$z<$L5)}F_>QyA@oy5pULDez-l{N>{Mo)XvA|H4_z+WxE zyYP%dDZi+VXkghu*VC=v7Z*OUGiKSFZTMjO=+Wto%}sYzpha0hv&+cguL1&Xd4HT% zqZA^Ji;ayjb2qoVnOaI9ESM}wvO&CV=Bh$G{nCr$d?$;UZMuj*ME^DVE4i2QxwQ1A zA56n2s=OSRM^P21wC*yJ`_KAk1?ZQm?zywW>xHtviJ8NV*fwueU_;kXAy8#>x4t!y zz@wmAAP-I3(`Y;xM4?uiL0>0C= zn0W&B+x`8cRWKl>Wa3(MxPpp^E7g|g%}{wxF?kEy8G*(R%vU3SGdPX~J)hfs+;0A! zp{>?oj8as|Gx>eo#U68{Y~#uE%Uy&QFx%|y!f9Jxejs$A!By}*9Pm;mUwOF&@WH7%q=Zp1%CPp zC@8{j-*T|9uC4^3EvWi0suHNGbd;2qXMZmi>0^mI3caCFkd%sf%|>i%5&H_3fuHrD zo%8I&^(7XNw&!;og-LvQcz$+p@x1U$bM77TpX0c|Edlx$y8q*z=(V&$lJH^Q#LVkw zzNKbFC+(cTGA8juHmhqKA8=(!#E7qPa&b`zQ42C(3R0PO?5AI&Dg|{)l^N%;T{zNI z0)^mT{z2<&g**Kh(%m23mj5F8wb)#n2V`7nJZ`-}jgEiO-U`?Q^n{#ye?QV05Zr=5 zZcDicpn#aEObZ3T93U2tl+8|zN1Y5JVi9QP9kMU&=`bS@R8EhEbY89#W#kLLhJ!{vnfyS)$H&btDlWv?5#JLp4?%eu&Bf$}uW;N6CV(YE3>T3Z^?UU0j z8*6JLc(@j`9|G}4>RQ3OhLX;EpEwfc9CDAk9w-w5@ zRDA&e!8|&~(*z21+2lS4o(_>D;FK)^^+~R^ur*I|y?4~2$8REXMs%v-(^_IR6wwGV#g0tu;}T}%nSvNL)?6=At_~t?62KWR63-HI zUlR>tG9&_~?vs9k-Ei5RVj_VWR}V;9~xzgGwJWzckM zOmkWu+(XINx$vm>$6h2ML5yAIQfrBZd<{*hl$91NR*oZIDjKU@tMQI3qKL)sr&DY(-S(CmBjD_>AigSZ z_T=q}8cCT+{)k9Zbib?UGgx-a{g`r|F4kc#=M9hdFX}byZJaf9nod2ZNai{BbBEkX#-Ai8tNH zJS@aO>M>y72p8<(^gV1O<$bmLQ270ag0ye@R}fE6J{A^=`5zR#fNYeVF(5NvRsjtc ztqLNmtY|BABfskV@bttN!&M;0e-_>4_uhN~kYB8}g)uYs!0sxj3BPt{DTIa`lRpAL z_p@cC^aoyEq#%8x$SNInA~gc#`2_$83pEU`s&lY#!|FC&){;iptuN zyXL*oxdZxuSA&&=5CrX?QQu4Ni;~SoM;`(TCT6m{o>HWZx&h_AZ(iPA7fv2V6ckJ% zV2vlj*a3&@{b_vb?CdO{A`=jRQCoA}Bm)Sav3)P)C8{#MIvSO1GD-+0kCg^`6{Lww?6^Z(;ahH zEhiwtxn0~I*G=k7WiTGGgUucQlP(4TeL&Uh z*5sZbgkB5;g7p^M#0*ITzLiNzlqy4=f+3l$`)9HtB#ogf*5VU4I}pu&c}cqfAawe? zq%WT8bi9!Trt>C|beZ zo%ddwjJ!A!({EbN%jzDC&txvBs+(;GX3W>G)ohI1M$f?{)6ncrHCO}v?up_%R(Gt4 zg0Jsi@!@wSr_{va_tqF^NoFb|JwCGfRnOrwn93qAJxs}t;6SQ!aF)($u#2aXnc<7P z)&-H%m&(RAPGZyDs{h5_TL#s+d~Khc2q6is!Gl|X;K38z-E9-x2_8HI2o~Jk-Q6KU zg1hSu?i+WTCg*?VdFH(HVcwdWs^`P(N~I{+Z0@_e@9tjLy4J5xW8K|v-9~PlifVCGU?NY}E8{yZz0lWBkbr7DN_&n&Wj*YQSpT^dk z{X*kz*QL1>+d2rk%r@m3)aS^{#{c)S;6g+Jyfgg=wq`y*>xQ?_!hq{x-f!g;BL&%IvxlygB%RW-ZKV^A)T8#hau34-m^_ z3eo!`L%C~>ct|M&SP0_y$i8~?*>Vc0F={B~@mf?tPnqK_mTC)|o4lL3{Rp_+M4YiV zl;wJ!Dup0f($bJUtX1z2nVh&Bt|EFlPC%CYm(XoT%jDm&A&<;E7KdJcX9zu+rzgCi zCyyY)Obgks+1c&o%kDW2l)%H> zN{Nro&u7leF||J*4CA_9MW1>)}bDc*dtLw$Bp#CynfvPV|wW9vM(h2%en%tV;2Nk(J zDq0`SYvI5^Ec^`Wj0}HL!rkVe(~X%yjQx|{+dmZKYH}9S@5*tC@(@U0(^9j& z7Z8ZJy+vbO7l=UO-9A5FJrp-GHeQ?w=Ds$H6gH}$^dWd2T5n5Zv2sOGP^Ip1R;puG zU20f&?u3S5V6FSw$(x$fG@RtzGV`j0AJehIMnAF-2gR3gzG7ntL7a0>J#793^M0_# zyJ&@t1tc>8Lc84l{x^2VM$Ep5@B__yNJvP5L7Y;QWBR)LeK>1wk8m7Lib87}OG-k( zztW)}iM8nDLFoG<<4!WNx$cQ;_N#BCIeo)6&8M^EdzIkDn{O4}#D(O|5_Ynf#bs z?4g%*#Z1u@anC9Fk(V^z>M=fUAOgv`f{=V|ccqhtwJjSzCbKyg5oP4%?N=J}NmvAp zD)WxGCK^{)Z*S61T`^fV+l`{Z?+yPvoo!<4GiAd`255!9B$;SK;9taob|eMw8LiPS-m`r~Q3&W;@nMn(Gu9Sx!VHBpMnCK4Fy7cm>n?z;42?YMq;7#N(VGB%kWZHeD0kd=Ze6BI9zU zd3ZcN{vA0aC4vhqTUdBtk;)4=A&5zd$@^0Hq0R?YWSUI?VFWcAo)cpyr-2a~kg<=3 z*7@3J(l4Q9L@XW8BNaUnZBNxcUKJ2Xf`(;uUm(}+E-g6%FK_=(yQD@$Sn27# z@qi6q9p4_B{JTx&dqzj!aC3L{?{bSj_iJx(%K2b`#Su(9%K4`2jP zhi{H8iBn_py5a>zJ%{@(DJm~Su4f=_NQx-%wJ}7~6`PZU)x zH|}U8vt?pcrKfVTp^5VQVu--$3+zJTV-c+lM!J&n0?aSs;J3qha^Mj0tPf(=#sU zq$9(ZVe0k4OOPV<_#{D-NLg)f{Mzm~XK;ZqRBRwxIsO#fDk6M)d1gBdisH08oPavo zQ$A3#@G+UYS{c|k6h?E7W?ChZ3)Wg<{F_l3ooZvCuO(zO47%Ot@>+KGc8gxTm|orx z7tdE17;U0ZavmB#$&X6dx01uyj^mboMSO97r+RE821ew@AcUsb>GifwbHMYEb9WHVqS^`k zM(%W0%3#(ANCx26HU=Qo?wWa0_47y>t69R|GHQbZ8$HIwQo&Bgral{Fiwaft!=lDo zC@_`7JggtujSI9JF=)4mLgRz;79>!iaC|_pvAXL@{l=xsnxB)4%Re@7zh8f&x~O_RcHarcHQq1)cSvZ|;fq1_Sn;*lyC&Zh~q^=cHk`47I{>CMsZImBxqwelbO4HwuCiRJ~WFYV4#GXnT zF{Y`gwSv9*-k|=iM z$fJU%=$FgZSsl^*%R`2Z5Gk+T_hl`*z+?$jZpsS|ZoG)pk%XjU_)BqK+X*icrf{=;CeM+gc8 zdw0hg#9!2Y^UrDDOKJuUt>9o|s)vEZ zXPOo5H_j@A?mxc_0xsGglfQVF4k!F}cU``HLqu|D8bJUGn>?w!DNQVDn?b>qA0s~g z^FvkURicqkf(5I@Jz3wYE(?MMM0Wm8w5K_ z?=wYyAxXc=zF|%e6PEwpfcy+D?TYCYW+ct{B<;lT4^?}>%H$8@{?PfBm0FwdM(&Sq zqJ{IK=K%r=UcCQg(@y@0{)Yc?u)GHs@&DbMlm?R3-WZvhst14jlk0<%6Rgu}$)T*I zrO!*?W;3;jin%MNt8EK=k)SKz;Ce4F z8Rgmh_y6(i91OI%pZ)nbxXpj8J!zo#|9tBU(LYtFF8`25|Nl4r4{xWgg5@h5Vr_SY zD6_1ovZ!{nW=6urslpH5R}<)e+n&B$>B_ZzmnbFh;Jb2Y&sdzaLPR6M`>r+8B}pY) zf?w_5Szspd$4dd1rb3&<9UzoJTH-J6GpixB@4iyRRcjOzfFLL)FBF;Y$+&a(#0zR- z-HP`D=g*L7v1ywRZOWqJk}1K%v-S9@WPi<2SYK~7wqMW;4b*<^5*CMc-ut6tI_?8g zB{O(pd5yc5)-EaWdv|=RU_G^r%f&jy|!qRptKClxC}GjTigU zOEFx(xF}P#SL~&WsDD3T-K_zUBVhq}8t|O*jf+8IiqN4gMVAr(?ZG^Y+YbPSHbmo+mI}uyf$s}W{-uX5p=ac$v+pS5Dtdah+J1lT0*b9Oijk3Dm~Qy~^Zd8l$LbrIP!ZukA<`r3WrN8aBpR9# zOazCZ7o!ZFs@D5h-N}JZ8|t&ao@>dse8G$ge^WxO`h$g3`}^@T+=^uUs1v4cr|MzT zv9gbk>kDI}pF7@reEywQj%@kN9>!(Anpe+ZMX5AKZ6>?x`}tbMU30o2khplR&NCo0 z5Btt*j85qufWuaPc|rt#q6%nCH;l$8RS8sw%}LrYQQ3D+!gv8m4z@9A-BH@Qhx5Xh zZ6q9Bzl*-k@m2?m8z^sZdD5VFn_w`|ZeldC2X(=&uFSGN#v(%NN#DcCWwNqXPa{|R zzn~#KYf%1kJ9s;oY;Q-c=HEAp3+_<{SK;HCv%MW=ErGm2jW>2L>*=etQfX~(Uq>Mw z>WqTKwl5*$Gr2BYE%fx5W@k6u+_WXu5`8DE{Vg$Hyp1mz9Mp`;Z+%y=Hzxq0=n5b% z^i+TAFpJ^@<0;q~-iAwssH9)*aNM-~_KY;6j_Y-fCQwz?X4I(|939=Ak8ed!P2$I^ z_a0zathyZ12wA#*8aZWs(H!<-U}(3Z`8A%PsaV;*4_)2EQoV1g_Ib1Sq7zF42BD zYKf!Y#Xc=weasA|eOiD4U)wL)G~QHh#cj7&V>BCsbaEsVt7soP&lvFeM^M8MuN#>) z|J3F}YW!SKkfg!nLjBIL_p<=tj=FI_XAC7u;`BV*pDecY5m?F@aP7eAh_$g=bQvyg zls!05Uv9J8xW{Gv>_+Ez_n7BbQfM=+skD|lO!Dx!^_+NTav@g{r}Xi&P|1SqtgKKx z-ct9j4}=7~UBQ5g$|8AM9_0J?uEy09N4!U_^o~woeX8r+Dzwf@OyIg501Kybb)9ud(dA>=^LljD@CtLe%ChMzuThh&UIP1A*K zl6GHS<=zWH0+fQYWs0FE@_#;mO%i56~b(#Y+2!vMU4nQv^q;l zopmB$wYoWH)M-*!)ZLk^0ii9pL=~6zhoyR)4-AW(mcMT91fi*%67LAw=$S01M#g`p zyDgKSGq@>lYn&DUJ$Uz#jEAG?NZ05x0TBlzE<9O1CsJao#c-=-Y}i>dC!R8`q9Tz( zyV+IIXaSU3qYHRwFx8eOR(g4*1P6CEumu6=#sP>sM<+mEBt}M-<`zmK1hhIj8Ht%F zDA1-tVj?2=^w*DoidOJyTbAFt4}><2-06N=mkDcY{gJ z{DpjuOrS&}`CS0g={Ao0&9UFPXq$eC){D71kLM%?`z>N*WbJgZZLoy^U|gH4+4CH6 zEO&w!O#duCy!V+ZG%mBcg&koD82L5S+1I~v{k@nRDcF3)cx@9|=hijoJvf+5G#~mr zo^$9!9iw#ND;QaqN#U9%op%Y_KS^LVTVcg@Y?j%nO6QF^VW z8n>6ZdJN9US8f9*7Xi~E!FXDYcs6Gzd~|en;R0e&IuYp)=f6+}d`*DWLoGSP;KHuMgctmpwIU+)(*rE;D zDje*fpFBhIi2LL+(R=9=mfVOekGZzP0$SQ+KOKfCY`IV)+bQS$=o!Dur(e(^Z`2C? zjSn^-fjf?b{OV$VndL6eAF4#$h>nMc*U-Qf5nCznYjbOh-EuY#75#q^$u>Q4tL=Lb z@$p~s@-BS*DOdungS52eZ}O6fe%{&I!h5wTorHRFsGm}Ivs+(xck5ziRsru^m%`gD zEB=upL*pMM>yNOvdh@1hcsQ*tuHAr{7yhip?NILW#W_X_@Xg5_9sN$n5QIOU7#U#) z_KyQ%a(8FBWwFlyao7&vXx65tXYHf7RUcGb5TNc;CV8s&&DW%0Et}3Z#?jQ2jCa7Y zv=bg6;@`$JJyc4~CA$c>V+=Ho&{SvwWC(`mxn2kuc9209<)Mt*c*o^xeqg5}lj z)~}VrjiE#n-83qeB;r_KHBFAG$;qQvn^(-2Y?j^tywaMQwk`T+W4tX0Ub3>O%ZC&J z7&J?A**7kyh>7f$3K#(x^0!25p{Xss?6w86&lO(!E{pkOe`Urt6_CCRu~{5FambhB zZWYS)FTQ7L6U6*Ky#Rt~$~knkXg#WxS*@NFw~3Jf7+(>QPLYsKpOb_Vx4!myqr*Bd zJ#EsnyhW9vkCEC_U!HhTg2xQtl%_zNwA}X3%QRM0813{0O~>oD8dZ8<#csJfe`Qb1 zF$sY{WILDoD4Z~Ja-_+9x3;W1^+|kQ;o<`O+gQy^y1O}0BrsOM1m9f@fUg%r6Lb0b zxUwmf@|YA1ZpZ7*DJdaR()GU4{=K84QqH~(<~Y&`O`nHSmteQr0!AT5%<;@v%*=~y z)>gF6@d*hdKSvag6f`vp-4cPy0(wd8rYYE)*D|b^hPZ80p3mziNhzeY{?px;`4_ge z^%+Ls!lk9YcMcI|wd7D2OXD{JiI>;qWAXL#@I1jJ2JA5iv+ zE&#m3YArK0mVB1fyu8ULC$&|Fz?iu^ka%uO24Y?~Ib&xg<2vq|glbbd@gy;u00(#P z@oIeLZCs7unA=9#34w`u8rWgidJHd{8V{jmP7I~DoDWsn6GZt;ciXU2L$7y;*0|c?lL@CqKOYU=Z|k+jYjwNK1oO@ zx^Z*7bd->Iw>GDKx3c>ySQ=N%Hjq= ziX*~l@b*M0L>5L0X2WQsXrR+DpRzKmuY+g@$Hh{c&unZ|od2^ca>N~SqT0O& z?{gCV(s_@=Q3qtd#83NC^G(861`W!E*gjzs=8hFJo!m}@qzb9|K|`VXG7tuuC5!0` z(Mw0iT^=>9{!9HKGy(tQKg^!vVYu`Y2{i311etdE=naACY z^9xHj6&0fh^Y1=kQBn5h=62BnR0j86E4Nptac}uP9bzaS*AsI1^qDd9E+Tij(TkS;~S#~Wi;Q&J*5w|oe_(rS9CWN!jKt>9c2=0^Rr6H=`x(Y2DPEwYdJA?)6}k3HA>NBmiuRjsyQ> z02PX3RW>CgAl8LktW40@ab}r*yj~h1lS=MHAFJu9RyK8rQLbf06RYX6d%s|c1R#N%wI@|4%9`=|Nv0h#}5)v*tI)9NEeCdiCGcG}R^0juqVwFAAcdq3p!EFj`UP+){z)!^SsswNfnFd$|;8y$nj zL_Y^uMq~mWzVSlOwT8$Vm%Tw0Vp~oED}!;|4OmDOl953Z3(IwhfHvr8xbgHhI-7@h zww2I%&Q!mr0IT#!;<>62wH_Jfi`+L7L0sC+&4mfv^mscb+ALg* zO>y7eUNIY+Iy*Zyx6{r164b(YV(1=}WM=13f`ViFg<0XXDeY=oP=hZmCAD38XZQhS zLuR=RQd_(^RV&);0{`vXmHR@{T1j4#t7oh+!D=I8Ru_Z)p7v{ z8mBaw_3(Hy@h#t5%5~c=8E>aOKJu2n)Q4%3VhY>_pNFFBIj#tT`f=Ymm^RE7jJ{la zb6ulz+M0(g-cpTf=KM=NR;my?dfJ_?bL-&Xpyl!`7>|YVt!~&!EOd3T)a~MJDT(*B zOiDwRcjiXFdb&r;<6F09qaj~WD|qbtKpswtGO|;TUgONWm zet*G})UNeU`GP}^p*2LHs`tp&5LS?z-&27{_})W1GUF$?&%yH^^VxUz(9|?l9H21g zEn@G)Tog4R->;i0SCu*33XtVG+~18U7kYAI3wvIQl_Vv(LGJTaSK10WXb%n(8{B4! zkg;0f|G?8#k94w|30dT8^Io&)`tf{qf{DH~O49bpR1{IYVVI%sgp zBl(K>e671Zky$mC%FX&IcCz=rP+8n}X&j+l&|BBIuJ=<3hzFV{Ak>qi7FvE-pCK{u z^ly5gu0X!fM6r*&?c4l50jc$a~t+-L$Nzo0XfRBrcB zeB~m~oilGXP~c9L3o0vIkhU5RuJcEo5PS;od5!Km0zNcrHB36Zet1qG-%9EKbI4KN zbGD;rPJgR7EzJKDl}XT3@Aoh!$Wtg^!eoKxGm#l>I&;p@&6Z5R3FK=@J# z(TE!Eq9Okt(RY4}|HX^I8Y`rgPZB#^fRvZe_K;nIu$ddpP8I(p=v}b$>AiAXI^6HV z+&dOb+uVD9POPD&s2Yoj-l-vIcXwV1Am!zG`1<PpmQTiMg3~} z9InL*5eZ2EL6}LYC{?pVYUrc9j~Xi`D=X%tfk_(b!^LCgU4n}Taxo^?@q7NGn2#&OW%F2?=FQwRvx^nUaL}aYJ zSz`TDEb?LVA6J-rHVZ_Bl9Rr`em{|$Wk z>#l6;W3dbR?^l|y$ixcUaSI-`I+=akDag~h`Uows1_D?-m+G=rb(upmx|1X! zup~_83V6q#RtX>9vFH1~jgsP(m^=bUr=;s-?a-;Kj+zQ@L^IQWyJ7Jt=;%uO zGDsZyYl~r!%{jG!i6um3-t)lE(F9b^7Eo+1>pR-`ldXfL$PZrLp#+>1PMuM)swG{b z4zPJx*IHuXEAj54VW5hI3hzZZ-_dfG1kyhiD~u5&3CT^X8RQxEyp-u05+^Gan_lJ) z#+I(;ujonCQjksE(oG*&3F2woHpDU^Y%YeVqS5jf9A6q@nMpUaL^#m#Mk}!rO=vf| zOk}Gv3Um+PPc;HtmmH(=mSkt)UsI*pu7@|yYu<`f)%A+wfuA9g`-fE=@ue(_ZlNHj3{d#OWx|UKo^{@J!`Bzhg*bX8=+GElp4F)dlOJ z;pWjyz)%D@Zeg{=P&aL3Wsm55XzwVfBQ|tbY?hX*ZB|-Kmv#SwYmo@AMNHn!TULNC{cfh)O}iR~FHTMpJ@4K_ z=JRTcrSgT?Gs&fvckK;y)AA8bIwP8eNJ@^mn%p1wzY;bF+y!^{g`>6QKG7izeSm}pxmFE| z+dzJ_D6PLDd195+(7232`0~grtbM6O>vSiglNA8-9FC3TzIf7c@peE93G*4q7U z@Z%*NJXZ6!Pa9`@@A)B(*pnf9a|3bg$}S_(eX-3v&t|I2U^C6GCjl7D%|gN=pIs0w zOwC!!JX>9z_F;34wX*vO4t2B z;#9F6m8N+iTKm^pz<0<(!<9|tiGOFMb(L6rl7t{zadtK+5 z=Jj3tpq#Oo+zDNELBIS#Nqlq}j413A=1P;1r@1=AUCdFRK>Q-!0pIeHQvh~&uedgo z&cL9}@QbL=sC^#uLYwO$WJ^q{48E3HtwK5Z`D31Oyym;fnpB`>X#bK$OWcRq zl87H|E>GUuT$OAvWzpEskO<9LWaNDm1~J!QGB5t-{#4uO@{haLT$vPdySL%4h~=yt zu2-u)S#XNB42BRnA#3K}P%VqorlBOMRBy56^{6zp))v z4(gA;!2d2MpU@8=v5@k(+vW3x9f8>UQa8n9E(adGQ@eA}T^!!udw|09b=!JtW+0j*AH62|(6E*t zN!9EY4^Dk?+M5UK3%hCC1<)J(At40pQVNRBH_T@CWkA~fv^~3aQ(xIBEDVUU#xkif zZz|rh5b`_rxBH>=_4XFL3h<5Js-lS`CMO3J2|mxedAr{~B1fobnbed;l=#poTMZs>3i9z_1g=_vX?KX zeV^KfZl5bwJS#>o;Smw%_Xt>Sap}sYrrj$3)S;4oFVgEtHsOHgaO)hieJn;nRHYb7 zYv(inEcCiSI0(DSPE=!Cy54SJ0Dok8WB2QZ;5S4$cdMgQ!hVL&49=XNbRiUvf{bi6RpdIju>Ei$6~s(5bP1xXEnQC|47O#n_{j zri*}xm59}zCeF%INTUiL`mCu~XS}>ij+lf59&`7~c#p{;DMi<>BSqzG4kh1=;*w*p zZM^CXPRWr~>e{>O^L=ioUAfKywR%pO5&NQ5&%g}&w3{eFBcX`cD&u#(_xc`+{OGIq%O02x9H$7A)n=D-2e&Ye_{K0l5e>g^7 zD2JQEwb&isud0ew884ja4Yi#7m1yCg4y2Bchfx@#+^Dl2%Ss#}Tt+tBMM=w#A9J)Z zwZ3@FF25`qE1bbKl&lm_mPLHNpR!QJWWWCX5EKr}8N#SnvU`)w17{e?$0QmZEtOIe zx$I4h>9ds!V_7K;m~n?>n3ov<@2!E7*04t%4}j( z4mmCur_rmtb$0`xAuQ!E?iUlrBJqv@B}W!d6Gebe$GS!XmBR|GX&8J~U_L$(!F_n? zhEFG1zb96Ba$Sr*Rvvh-NF6Q9iMb|&#nmo<$iF@%k!+lY*D89s)K0ZO?@WG+_35#D zbBk4~$8m1&zSY8&JwHYz2i^6GH8(OQPV7yYeU8-Ap4d)hC1{=wkQYn}d7W>j>qSwv zB8YgkvHMdY=`EPzb)MEcXM2HH4*NTl+HD5Ct-nolbzk#3K7Q=IysWq7s1({-0ZqH>)_6O3Y4cbFuA*qS&C9%m!@@mQsP);=Tqh1J=W;x zC!K;h-!+jhPZp_D@}X+4QtgOJ0x4J);_@JVi47)y!WxhkNZ*_pQv*|80iw_wzPs&G zZbtw;>Vyz-czo?wzzQWnl9GDya?9Gb@IO7l^p;f%oRn~6$ZxUO5X??~Nl%@OYglEr zpuw!DG*vEt`K>^%YQll?VhOw)$)n^-!2erR_dpJlZ~E0mUrP}Q&oOVPHM1S4@f zmzegh>jr+}5>c6~UJ-0rv4g}BoX;7qXO5#b0&u`^>M1}$>-WLyub*f1!*4%{#5j%8D^Vn`Jsh(&LDqVfP%N(KiHQ zZjD&LMr&zlS&t<|I&%9AMH-J?2|Y1RYM+_Wbfr{otpG7*Xk%w{le$1LI9zPy@H1(6 zo~`z9NFEP`>ww+CZvcJh%E%z%_o#9jN-^YTIDd(d77Qt}g6bX&n3+&psI*Fv>y^hL zw!QZG5a%;5ZD?}=lnj$wZu-NgN-X*w`ec{)BW96DoC34Iq+MlFE;7Xq&O$*ddFiD#so2q(KRAq2D+zD&6?;kI4W z${{gT4oX{+(JM`02CD+zp<4_bC*~`kDLLycTP&2jUSkp5Q5NBe&|q2^=0ql#x&Fe9 zCIV$&r=VOP5wNbVUD*@0p=yKIknqC$j%stLjQCTqMy{>DqZlivwWgK3e$^=TJz{#A}P{RNK zr$Y$p{N9Wz`;YD=U!Gr76bjz)91)N@HscRo%U^cPfXg>ORLzzwfdpC4!Nxp4laXZt z9;EP2PIHga3972eNB!en^^AE3&1x$`9Gu)`e_BFMUs_e0GWMF90;qG%LxmmK$89iZ z(~kJkk^z0)+&nhgy=ANHs2LC%D&s4SZd*2n>~I)LZZ4^WgS$;Y!ms-C41aWvo=^1w zym#qb8If?kaE6PE(9PR%v~6a|f$x3WI~d|0jY4$4CbkXLmHFX*INDI2ab`G#nEm?^8X z`l;^n(wEzjhyaL?5nj|0XOwmuFsNuS(J?JOFAuX>nx9`kQy?|(Hzj{s_k7zVRa>nH zCMQ@^_ksWUK0j4z0r3sp>f!=-NHU+cTi#W|a>8J1k` z!W;L%+W2_<$zpsyy{rhX0*hY~LpHX#D+Twm;hbx7to5p!9f(nRbGQY1^^yIlKcnyH zydp$F6a_@B24Gx&;k%(_+qL{Aizxf_{{X2Z;YJGtOR&74x zG#W*bDSBNnJq}!@APe_4UJ5&?+GJ@QqOvci;5?aB&+q#!g$p-1_2K2YZEzx+o^H3{ z-k>y*X*@)q$R3S}V^=?4sCtjfYwHupd^}gHmT#r20=JHFbIZeQP=` zpUbPgy)#4%mXlbl?}q3EhLZROj4Ed=&H$MB(e14g;zJmJ;DA3{-%)|q8a99>D*!*+ zrn7g_IAiW%d}FF{6{o5LA)bPEpab=H`ESLis&E%KjNcpOLp$ zmN-iaBZn3mLj{dO&~RuI60_zIU!1&QV6fRD9PeYhSZX)M=Xj&cj7kCGstzcF3wHI(Fo&Xom@g;fRNF!&n>*3qe|+?|Y#5__P= zsxD8f1%RP6@wu)fMt&%f-*X{>ZAlb)V|^89%kxP|2V{O6MVcJOFrKw$&`(jTs|$^e z$hf<>m^?+0`@2y|x^i4PjxL&n5V~`I;T{^%%br_BiwT>nzp@6wQhOV`k8>V&Ndc?A zxPXJC#?-LWTUtK4akJI}Y3!)u! zf9-w7aT*q%uH{;fSv~{!MJ_1Pva+#_v1>$vQP9U}H(p|$ElQk&bX*KQ$u9wCike21 z4=JCIrKYSZj@wlQrz-@6kUA;e2FQ1TA;Grog(u$%hIw@8Hy%&C+Xm4lmGmnpxJmP% zb;7yoWY&*2l^sG`GTHkVw9cmHmTSA?mSDU5{CvNURc&iPEr3&|$6jmXo<>53GtV}% z(VkmEhQHu5q@?sa*N_~dM4UVs=S-~WQd_Z4SoIFaxWj8U7}$7rWss7E5Eb5*R8~|N z4aDi}X=^4V(p;Gd5hB+Jv_!pI+L7yEAoqENR~D@r)KKiXSzv_=$t%s3MCfE-_*kKq z>0)QT5r`pHn2cMXfh@#kpQK9nPER$6(Vm5tbM1>+`XGx^Fw_`jd~8pXW8vzwuo@O}Mx2MxkXZ%HrEUHeI~d#={{ytp$ny3#Jx!F;mH zbi(!|FWmk5)NW_4cCvx8nr~X-T4C9z6pjKNP2d%xZ|&!Zk!i6_i!P@c#h}J*_ewM4 zZv`h_c~+sv)hMF7W?lmbYxzJX1o*nHyIZD!fKp1C1Pgur_PlN=D8#%_kbAHNtG-4p zQ+uRMDD!{OEW@~OyShRz>+2sWR$@C40u%9o-dk$k1#~1NEzv7I-EWV+So?sk=}tC~ zCl#TAh*BHKW8Tr?!nygrLJaJ|G&7Gb*r<9U@$kmd#H)ulKB&oXaGOgn$Nv86f71r6 zpRW_$o=(Ku)8E^RjqrpG2lda#yk`R_qX%Ob*6!p#TmY*bT_Y2RM6AY(=8zV{V9YMWo6xicXH9#z-9d8kyl8FjIzt$F5^79 zhK2?J08=*o>wE?jGlAFtw!=5KAvP{fZHna2Z^I!~_a&ET)$3VWy07(OQ8)l*hdDjb zS^)(*KY#1C<=+ibkUYC417cw?4FLjJ$YE9$9JW;`Tqs0m8jUJMB#d_mRTq z-k{eR*wN8ZRP;u?{{8EVB|l=|gqj5L69$zGssP}@H8}0-C@7HTD=H{3>;8cAdLITT zkIqM{51ysDIY738)P4G(^>cRi>R_q8+2ynX9Ku*x$?bX9RF^cgF_g;R3j79-pCP*) ztp;TMEY_@b1k5OaQ3voZ41_0vq%^YR=$4C3_266JheS+z9pEXT_{+!74`9GLM@E=f zS);mE!aW&T)qyu9Wtg4R2@`y5ZDnO;b@l1V2{=U2YVG_#&QisJ`Y}ppB?vDM&wN*x zD4=@J&2fYCP!%4iQ2;*&skdDNm+5(P_>3eAK(D}kBENhYInHUj>fhMN9n|^a`SY!b z!l`V@SQxZ*e{ZkZVuo2fSut1U_VyeKMhdt#l;_XUKw(LF`^?NG!1Dn>o<^CjSKYzI z;R+HydlUFnaHbMCYJmJ_RA^Qc_zS?r58!bNt)9?{3DCC1qd|bm1$LZ91_o7D3tUJ0 zzB%LLO7V0u5_sX`1g{a z9=d{57;t!hfGauOnZguq_PCv$nNfd@>W>4?4*(-CAQjT;vC!Ka2+mv^N&&R1!_PdR z8l$(@7t2Ty)DbL)xdwv`8dVyqoE#p8GZ4Jh{SqN& zP}kT9*k%E#8>_1)yEBTT`dV5^7neYQ060TK((nKYc`{qkrOnM(SXjz@f1k&V8szUU z$8;NhowvRtg9xt=o3D?Ewc8jpeEW*F1RnIK5gHVP!3bm$aQ-72 zztg8rsQjiA11Vf?{b^JzdvC8$;2~f%ck-LP@nx+>1Yu-!G=e9Wx}c~?s)13w{s>W2oXqyx!Oo7`^=ub3t>^V#ZAJ#^ zmNo64`Q-h?M0YdkE5u(-&d0P-@4(1{0X!fO*Tin8jyHyY{|MUZDT@G}K0s?gopL)| z_BEh)a&jUHt@XUWi-7)}I90kRs|I6Qc^ev$6<>gT`#3sha*PBhyiW6c7u>rsxm=c~oduDFp zh8NV*atH8qpLrI?a%DIA;|1qVfB*Cb=#$=+Lp?n`cw_=<1_E{qHG6w|adB}EkGl{; zZjlfI8U|I&fU4iWf3I|f+SO|@#JcWIGi}kC(y5jJTIm}a8czF7xsAc(PG5L%?ue>5_KUeWKbY|eJo)8#f- zR)D(>G&3)-tfUM2Nlf9gTf7pM_ww?JhyYJA0C)C{jM#u~kED{#*>hj+2*{O5-X2bG z2a_X((^EubWCmJV0Nsxb3hD#UJ@PdP(r^T147`TqQi*q$vO zqSg|Cn#l72W@L8ub#ERQRtp2IsdC`casgZoEIB#3DhKmdeu^4@YRxboEHf7c>MUa| zR!Fb#l)y#`oJ|f&DU{y#=YK}dtpeu*w0PW!h=@2muM~_gWr`mw>YPeo9b{6G1oY{E%vn!Cn8?$4T z-ic*Ga8AxNHB!Ld)ncu(6W8{GPpvA0YU&(@}8W%9L)@tCD#x$2A?`M?iJ9*D4K%v}(d~VFtpAN#watlWN zSNY$95{Z_wk|v3eNFHF(PUi4b2CC!Mi@;wDIuvVb(L0Copz8SA=5qZg*bmeYw9ucZ zjmwZ)XN}IK2TDjv8V|=!sIbWu!J1uLR zx~wMazI9|naM>VLW9hf6UGtuv_R8FiP!X6eGn-1uRj>zJ9>VF&LR!i=t5fg4(#7O! zkGyneLKBmc+>>3eQvE}+>2W;8$Szf{C`g1Jc6b$2Ju_43dtbsc*IV2Z>D70{K1=QM z{j52&IxD`CKu-j#4~=3h*ZGO{Oal~%csPvOrB`AL*Nqmlb*u&|)O*v}xUV)ZKR0&W z+G*xA`4$(xf1Skc9$(yyPvaCUX~c~xP-AsnXg8G(N)iAA1w;rDX8)BemLLt~bg1~? z4bQ8s6*Yb-^7;DW;@K0KgtsYuYv2rkLH^gnQ$w;jAwiO*fV-L+5|AH>@K>5kvUA$~ zQF2IXq=-&%K_o|gRtn$PPl3cP9B0RgKH6a}7tK~=?o-T0? z1&!XFC3HD8H6`iH(huA9jUS5hOktQrHnXlKp7iw6`{}psWPGVsL@&5!>dJf8g8YDq zedgHsiDiA$x!4Z|c-zI_}HZ?=LRYSl&xkY_9eMdG2Z7A9ZE}mjXqA zboZ_tPAmhCKFWNfoh|Tx8}eHf#Qb~^-Vpfi;p9iA4Z&W>-F>F-Bv6FbX$u$$!A_>m zk!^W*%Uwlf9h7yDvxWL}Y1L!a*xaI1e1x<*4vg7-x;)C2O_3ttC;`bFkjw_>it&Ed zY-qeyMcCdNVA*yDlShO}z*<(( z1iqidt3S>1&i({R`lu}`A=a5IL-D6KUsjuMgs9S#g4rcXRdK`JQa5c#&;9DqH={Xc zb6of`AW}$pC<=iD00hAKHmWQ8ZY9p!8Fo(KhN>_2(~=%)ydP@gpZm6fI(4tVQhZQ7 z`9uA?Sp=4H$Cobxj={IUb~Pr(ND^B%wkRV{s~)(~K@~IzSb^o(%^iNRDf+c~6{&ql zbTp^;&oCJa8R30g&NfZp&;Rk>df6u}l=!&7_=iH&cWn*v=NocrRlqP-aN=+<8~|)~ z+nXl%`1nsRP`ExF)ESKY7v-Yj3UG9_T+SnC+`_`%nl3-FhCnayK^

{su9s&8q+B zky$o#kq|tGa}R-=;6x<6xHs2J$9ojy&SIB-Su)e<-jcEOt|zQEeKmX6XE0s|W{nDy zy=_R&K-}e~sh;h&`GawV!^p26h|VX$b52(CEi8Jg-C?+6`}249!3=xSIVU)0C7oTR z+LbQqCYviA#-gO8dPAwM7r(uZ%KcSwYRSMk(`RmNWN~8sGez}>Qt4Vd zUCwO7S&`u&CG(_4v!c?1+P|K$_ZU^`c#=;=c0Xgk3>&gGpeFU1mqZg@ARSsXZSI-4 zk?Stn`rHAf4CCol&D$K$H*gH&=JW_a-o3vDIr}+}+iI_XihW4_TuTfnU;$La+pD=d z5^sKYVXYAzMf>fHFEKI40I~^a^CRhBjSqer~&CEoeiOTj!T3XWg z*eQ-tRuyint!t=j^k9~NqYZmTv%UQg(OL;sw>Z0x6>**+6GkW{@*0OEnp^isDtowB z=}%c5MgqBm;oh{f7mM!OXC$oHoBDmmt%O7lORbh=D)Ckw!DcpAR(2~jVj^7SmKjUU zT8rybj>C-*a94C5SI%ceVS;|4)WkvGLBbH7pN5W(%m)C&#U--T)z!h(jD}#sjcd6e zOUgi$pO! zLoqjE=EKP9h44F%T{RA>T(A}9b-6eg_IeE5IoaC63uo0QgKTV;%PYLPhZ(Y_p%KlL z=i|bi7`YNjU}BxWKG&+>p32Hn0>lm1^AwPw3n3&_A~H;tuU$ae76+u8c0bw0`eU&x zxQ}V2R6WGxtZZw~O7og{=!=IqIMb*VR4C;Z#r{Pe5oerwjm52yd{nNwkK*YoFjARY zKI*6XyvGSHikg98a$+p<;c0r!VHq~^qa&-VOs?}?pZUTp2^*X8$S6>kxz9IAv_~^@ z`@UWtV<|iCU#DJky^T-h6IZZ#GpaDg67^o+9V$Z#fyD@0{0 z`z)(#4L7`l^?_^Opvk+sH(7wS9U&ZemOz`!5V1h(enkQ+%rKVFdxK5)&g3A~m29$D z+y3|OL&oI{4EffFmfA!9y1!`1@A`k#cAZg8ZQDAE3WyOYQU#8nAYG}_j}WSKl`0@z zdIy03N=JH^e&|IY^w4{e7D^zrKxoo?FOt0N(R0Um_x*VH$9sG19~l`t*=xvbU2b8I?Ab-Son4+XBn#MBo14E;ZMB^o{&FuS?&y3=TdmHKf+9~^`tjln zv~sG8gJSUe1W?i>RdioAmKjX=5D2}$PoHuf*w}UHu`_tOxUd)+j&KMHwrKNSyi|0g zrlN{-th=~%i|6~DeFtgQBw-$SNi6ee40&V^SqS8_M&=WRm6*R`*!>x!*RXy;%wXCg zQuF%`LJy>*pi(sRq2?oUs_NbEoCpk6{f$(~Nz^(KuR}Fu1X7LS2&t2C%FLzih{LPL+Ril-N`$ zU0tiACz!opq<@qelUD@2NYD2KGcz-QeV0;~Rjc#=C#L?B^FrA>*b<9T9a^0Wel)r7 zghCC*_vHO|w$C)a`y4h&v=0RQPd9VM4Tm@B$k_!gbOg#|G=5vKKRhII+Y)_ldDM8D zf4sHx5tGyj&r3ks7uKbD=1LHQxf}2Et;7eA+f(QK zoGfn9G35Y@8QPMr`4EQGXU7?dfuJNb*p?=d$j~Bv90;4LJxM~?7SI0aeQqu2dKSSV zcc>irar9WdUgD_14vZ1**}J9b@A0aCjHA+*hf{ixbmVQ>YjjAA7O52MkK1=TiU(3L z49K)RLo-BJ#~u8uMuS6q=+H@;JHje`m)8m5*2pg={Iyy~Lb@O0pG^Z%fG1 za4s=En)TDF34*b;_5iwz%Ene3RlFj5+C%zHz=mfz*Zt60qNgVWUJmFVc!_L|3u2}} zY)^yrLhA~WXzT6oraD{Gv98~|an=jd|(&*wWPJ5|40tI_ls%O`IR23J(-5seQXswtM_x9B* zN)bkv4`^gpS8j@cW1N(>otgDq4DB=Lx7{(tNxZe(lf3mlnz%Q$hW%*wB&!Jy+Qat` zR-INwQ~B>01XaoRs#`d{g-(C-@1^9%HkuvtAO^u;8oo6^1VJX8h=LPXoCfePP^M@= z-$TAFQz}+H+ZPRYRyFg})2Wu$=0HQHCdEuy#arW$Dy!8*2A?V$9K8E0{r{|;0I^035~lneBau=l_@AnFHfg| zco@dpw9oAqvbs8qjKf_EFdKk@cWoy3UO7DLujr8N3|CNun)Q(r4Fv>q>DTUUuyg;? z2=hd36duOJ(q}w#(&+Oi)F>qeZ5POo%0cGzNuAgSrlzHt^IL6qAUSGZHIy7kp2o$? zs^270lXj`pDxSrv`_&D$SxEZIzJ6P>sKrv?CT*Homm7RMTUgpGbUYOx8wuSR@MA=` z_9C)wRg+D&mbt1wAT2`>o-5#b1U{N+{JUBS* ziO_Y=Bmh-$Bc=F(4WI$-ARD)Ga3>~5sQl?2!EGQ{l zU)~-hxB=mFem^#xsTLt_tE*S$R(_T*Fcn!MtYAY3f^=F|-wsF(_LsC;^&{LHnb+jm zB?~_Gy15XDQWg0Gj)@7Bm6mqfM7?3_vTMBF+7xD}rAaC6c?$S#&u;#Fju;F)lp$NS zke`O6zvlaH_jSF~6tg_WBRSd+0-uUR5pkBzvTDS((J6r3-r@A&XHw)aF z{>AnUfytI#f5p5HYYRavii*ek`xd)9z`r(icXuCDR5W`@-Dl(XMgZQwI}6?{WiKqW z?~`QOU;pU&B{EXw!-wZ27JR?zrCtZ@@MrF85|Z02pj!B|>(@xiIgoR7z+JrCf-Hgd zyVlJ zi3X2;kP>F zQN=UM>%c^>Xq1#wwIh0YPG;5NBh9!Fc${QRACBa13Z+zNiT6{cy_8jQdluCo*bZ*& z>bXoa;c>r+I|tnR=&SKOCuvWE!7oi4;clnf5>Uzp^};cmIWfQwIiTmQ9?<{!wa0La zbgo9giSst)+Qw$D^X`C|GKH(-IM?*fYHGUmm3@#Rs(cl%DysNg75{(*1@!DV61>Sv z$?4668z#JBTs>;*O_hjRQmOrvai%3=b3Px+5<{AvCeVh#T?6XjE|il@*>O){dnf91 zWilGpaDx)gS(uLOOL4x7UI*UKpSdLW?mqWqVuEzNwF42=B*B zB?kvzdm?ux%fw&dyiG3b4|$gs11Xk$JWdAY_Lu1O_J^u3q`48=;y!bjq15TvIP#X` z4!Zj8S;J^F`FHn<_h#Ngu zV7quD4-rpqPXY5im#f?^fd6e{>xJIR795r#+m%RrXn3yaCWBAh)n*T4W2~|X$5gsqpYZnuzj8_A3?`ODtKu!uX;zZ)2mVVlxBvbRyhkBQ76cnwuI$%@kD{ zTs9-TM^Mo%I45?5r6n--=T|kgHEL^XSU?C$Q{Q`` zq*zI2o1!8;bApFb^z7Xq9Z!Fo_72i3(g6#VUo0?OMcgMFN#ae+$_m3Drch7s?VwH) zJQX4)2IP|PilG>kNw9QLeX5%2nn1D$=9T#n0CJwHRdi*@YYp8eON`qImW zii7F-J(DZp(o!w~F+e$HKBP!EIw-W}1=k-!B+u#sAdu@NjGPI+4GlOCsT8+_Dh?@# ztq~iHcJJ#YWnq&>nV6`RW#j2d3QACB^LF&RPj$8xrvQAy_C~aWT3XeLk2sSXXJLOdo%5 zX?NHBLoe*ly&kx`4(Hc#?EXp4$a^0wE5la-KfdpYBmQC>5!Ok`v@Y}C1IVeGXArtVJuw=U~fCO)^E zJeBp~vz}^zz3Yj%Dw*J`Z)`AVnLmpj!Rb8nndxcJfuS4RhVt?x%)TeenaUe9`s-0%w1VY){oe;UO)DXy2s$E*78-RY#^f&taCf@ei~Z)(?5#j_}E z3LGkKvd07=ClP;#TtR;ee#$Ngj}7qBL110!;u6bI{SwaYCR(~Je^C7EA=_c_X=xtS zx4eAG4tDK#P|$KhJok9gb!d;LvRCe!jE$6^kvR7NI<~Q~k*lsfHzzgqRYI%wUA=9g z+@k>rXJ6APjQ8c0LDKFT+=FAi&h9Q0Gdk*c)va`;8+U|DCIW`UiMykB#LgY- zB)K$!WwBv?zGVt2uc8vk;4KP!U8JDUN5Q3UTDvw_d}?K7*Kcx=)^NA;F3|+Pc&xa% zo!uuzW*E#4eTFqhrt6suja&o$)dcL5j@F7%mfF{zT@UoXPD)f*pk9T0U{Mto8s$uE zG)3QB1Y#&b3JaK@jHRMQuUbw_#GHiKc^v0=#PFFI+k>BoLR&L^+t=3GPTN z?>^Z6wA!jYo)2KPjj>*<%bIZj#iqvnfGTeJr=lCfcT4UN@4|G8Qj+p_rLxVN%Z{eZ zSpb`D;`H5pULlz9=#hg@v#nB}iE)}PhVEyNhCH!RcT`f++X^0Aa8LnML2aksuQ&O< zLZwirz?Wt2&?S~XvRVmifu5%Q=q$)tUd=XA2X-VwUh6`7#?v__g;hda;x;Dj%b}D$ z`js9@VzT(4kFIgzjq9$lHL>{X^mDc}Zkbt$u=+}tb=t3+I(aM#X;bXLdoqcac@tO7 zvYFJcEyaXiG|ssobwQ>EIRhn_>JC+z89F)LiLEZt<4L-jxd$^UNdZd6e-Yt!+D1XomO!rf#+pa)<7V}Kcx%dOrj^gjTm3%;*C9*amQjX2^yu%5R%O(AW$ z(K~M6lNlKyPfqNo9Ae%AEL~K-+_`aKUS*=|(w(r7kZas( zmR`D*pzYG2?78y5P4jD9I{gl$7&6U49+KD9k2K<(jUYytEYRKp03IDdJ2)Z`z!~$4 z8(Hc_G_Lph0>LkS zz)$Z@vy|oJWYy&5#li)d=9eH$08B8d)(MbQhDc^sOF*gTv)f=Mb1c7cLM8y~9z6yF zN~SxglCQ6)$L74Qf$aYXG}O~0{~I~XQvxUp&&LPDj0LSy# zx25&!9@)h|BnhgoD5YM+c6T w<`M$`pwLs!flB{A(DIowB{kZ$BF%FRctIm3-&>U#zvF+5i9m literal 40757 zcmce;1ymf-wk=9R0)*fiJcQux4hbII-K~QMcL){&1Pku&?hXkKjk^=1ai`HnevxTLrP(MkDDZ|0Rx5L3b+eUg0 ze1q{E?*s4x?c<-y;}E4!*#-xkRXv}7_`jpM)MUAw z8t8H)jsG|;sqLI?XvBfWo$wiOc{n(|MoyBy zZ+`VXD`Nlqj$SJ5?>^0sdniv|{6ba+{oSD+#RvcNrqX|k;OX@%Ztlp_D_rSYXN0F$ z!^Vh0O zrOB;jwBGyQu_d}x8a|&Cjw5+zat_eU=tnJg_PW-leNWdZm+{dm z+GTR&hn7%@TxW{*Elg(jw&hx4iNIA^)PBF-Zyb^cWhfx=y6<@zW{k@Yn+cC(@NYZDbw~d!V4c-9 zW7F~mRg{*d&NACAENFww&1W4g?QHb+)fP~NGJL5Xls{Bp4*3g^9xu&*HdsZYJ9Tp< zbUIuh*)ludB1Jz+8^`$(e>MqXx@?F!mwe`8OO(P*b@OXI*+1%7?bW2OGgZdJ^B9Hdu z((UjF#Hcm_aVQNE(z+*04~}e~_x(VNmp1c!w}C|N`3`;1v|5QGcr1ixd10k6LptzN z@OnKMayD&M9~ZH`7bhAkAjc%v-aosWn9e5D^VfHpMr z+7=aTGm+!Dy>t+~SkFWexYX=y;8~$&?!3PxiWCyrA^Y^77*dwZXY5{d@TfP3tu+!! zmIMBjEkQG^!IrpyNOI+AiYR`>ZQc`L^jaHDak;Oyxd}Y&ayjPZ@fiBSoF8#xv4I{K z1^B0fTSk53?i8ee9dib^L-?rLK)m^NXMS6 z(o|Mg0TMYj^)TdQFOrl!0K?(B-(pJ$QRKTW6KFLvMMqRvxB_-X_Sg>l6@aMF+A6Ty znuPH#PFjr)WCn@1{A#^Y-4f=@k^o+Av(npbO7^GK8-e)DF*q3yu6>E6mwK-($J*G$ zi!CB6`(wIXh942Jr8iu!rrN=05jQ3+ZLzf}xUCJ9y`i%5d(zga8#FMUvBv2B3NsAk z;pv&5*QVe2S#9i32n6ZX)1co#6w>TgTCZ-Mo2A!EH0*X;aFRJ4sRO%7_}q6VP=Oh% z5)k3^k`HlsXlMjXPqVyrJ=%#x&TcM&AtFR{wH9qNoa~Mva(Q^K#o!^o>hl(tIzj&~ z&Lz%V`@Ge2n5%3DMso#>mG5a8xEc+2wYHOa5o(R9ve3@omL*A&r( zjcsj=ic$pkU{q}abYcBp2Bk}DU!sR7b40ZTi z!`1dg*kiqkGdN!EM|k*i4;NlfbF!Q54X0$_wuHWX_|@Jf-0*pPZfq>mLZzWGpu_2o z`gp0?T?=+uhJuPp$my`sWWouy$;+Fit7*Q4jm>7=c(ohgGeeSruu)>rk)D=zacQ6q zy{0aisW!VjUKIH9;X|1=UVQx4J?z4ejPdCP3)RLe#QdaZ+f6!j8jf5qu5Qi`gqmL% zq&!WjOmw>2I2y$!2ZuA{*I}>7jf~)()SqnqbuV{|-9|Bhc;A(U6E{$Sh}&goEIH!k z(-|Mc`_w>N`_-o{9zL(b(#^~u)|!uL(INCI^0Dpim>s7?|J+K}xrrKQ|FLW@?f)My z?Eek9!GGf^))Jhbg=YH*!>DTJs+HOnkV6H$qi3X|uqH-J==}dKs$*ot(&_5?FJ~lH z3Rko3_(2p&vhql41Sg|H{S*}uk?6b1oS1*3+D=gQa^)%1!cyduicp5*h5L9J$J17q z+o`Q?j?bp6-yvU-jqx`(;)n)yU_V?Gh-4}9H=NwcjW0^esDNF%dZz=q9cs1|*u)UL z&@v=xLi;yWKgm~hxBi}P!4KGb&|A#~uxh`jQc>qNQKoHQrJiqe%`z2HlphI%%VnsCp54-hJxH`8yiJ zkdYKdm_j8XOOo%})M5bZ;B5NSxgIQR?$yf(dFR_m*~z!vrF&*I>!;?s#{H=oYa6)g z>(*zhxN0kG3{}9tRu;NHsQ*!JQ18j{+l!8h(wroJ8mDUP^)9@zVJ9aCg>kgpD8@rk zSB1$cXw+%tV6K&ymWeBBKo0p_c|^bXnh+e%2lL>@Z@rmZ>HO8RlIvGy1ka!I?Xq{q zT%cz5bcICcv-aTh@apuif#;`idXmU?am^5a(fs(L2MB#buQyjgs6RPm;Tkf>FD~Bs z{dmUHm2jfbBGOh+;tqO#?9kL&8m=nvV=&ugI`8$B80kXgX+w2=SAOT5y@5fygAA-1 z7_i#l9N6H1Bnr1BDE9kzP1Eh!1Xr5d>4(HpioV3wBpmz>x2S8&9i)_%WxDp>>bwzM zrUqXfaL%d1cd;WwsRI-wjS)fLBmM6k6d49v+e;tiqNQ@piaQ*p>nl2vHN}6&j-Gd) zo9UT8aMP!zktn2JGp_wEf@e)ZMh=}Ry{|(SnWTVaM{aFxDWH?-;D(RhcuWkcEf!~+ z0fUQg)Gfcy%)(mLPYU*>en(D=$>(-spX19s-};f)PM(Nu$js?`PL3#LX_ahUkMXBX zRQGN5k)Zi(9fhzXL3+Gx+y*;{{f@d)6NQwtGzq7NdI^`ew&x|u)qJW(g^<^avy*6c z!RHd3whI)M$BoxD8i@|K*%#ARuKXT|L8uw!ZPB6p-djHaLN_%7pP>sqIqetu^KT23@5w9OMor({Y(-`KfRx*Xn!y` zk8gvAMR=b4DT)^f5~*@oMq|$SJ**8S)}T9x`LPv)UusI9h%oDjJY4w_NM0+w(2Fqs~S+(=j2czpx9piKC?cwJbB0g4UO{ zb?4?y**mktgx*I1S5DK&&qGhTaqw^a**9SG6YOR_xXahfc)K&NN7eYNI*(%Ah~g(k;R=Op*Svxm4v zyB*2gw+&iR;u;zn7!=fl&%B(-x{ug=cNV8pW6tb-x}K*>=XrV1GsTQo^xlO+a(HNP z5H~ULvqi3QphDzaBl)_0=Pr<0CiDC9>b-H@sV%cP1mj;l+IxYzzRAmCNg&PRdmk*# z7f#c6DA{a-kqlNZPYYaEo9#{id`$;#ISb5fv$C->NzaA4HmJ7QeCQN=!MT}a@b75mZVFA!>DyT$$eh8{C$0Mvy%Eu zQ7Jmg$HGbnwsj#2t%%5$-cBZ3Pl}@J9XkfbPLV#_pM1$`yvlOoa}VXKiSPQ3m4B zbjF*4frYnle9YgMz?4*$7cFgMYpbsMe)H7LukHTfM`Z3(+}c~MXsN1-j*Ekg{Sj)p z>Snzt2#&-=k|icSP+j2laDxHW$&2UM?Cie-PqU6!AY%~URDsnRNf11|PsWEw;fUiY za2MA`F&dcyiWTV-|`yBuh59c9Q#J@bs7#Y4wqJjhqYw*OVquv>#n3) z(BOL&5*s`fmeTmim=Y`(I0K`S*oA5;S@vfeQZyNo1g-p&l0H!W5P#jJr@Kc)KmcT2 zzVX*0pa5(2;(D-suzV28Aw5PS4?n-e$FscYAtGsrk@0R*m(ds#S>7d! zuB4VBFMveI<4cpS->+CKnWt#|x(F*ID5xnQz}pNmoGUx(EaZ9^Qs<~aD%s1uNkHIm zt&1l9T~$H}E5c7~u*%N)@Uo0)#Zri&AL4+E{8C(r7%dn>#Fr~&Q1CskKM-s*vCyr4%(u4kflZsR2!}p?G=<0F0q{C_ zkK1nwM8g}WNaOEdP?B~%E)F<3owwyXgTiKGVkSuiyrh+I^sdh!I)1-2 z^YRxur>16|d|#2r$D3U=LI%}rk%^1~x7}72 zyVPN=s}Zy?Gph0gpIJYhw@$~Ce>kNDaCG0b*^DX%s>m@~x@&#b- z*ng>{417aKh#>+Lbkf|5**7pW8sJg>y6DI zU}&&xF4^Sjw;sm`e!l{lK#nJ$LnT$n_Gc?#z#Yg%KV<+ZsV3B7DKq?BcE2}=a|`G4 z;SSqxc^0L#wTf=>EtsyzuhFoc*eRgA?6fXdLZNAIm#c*Pf9$ z+oLn=4^+M)SwPm_KQWPtA(BxuJhW0!ABOL30RnkLDi(pU0y2$A zFW-I!Zgv(nElegf8tv|G%oVe?wifHa36V}r&C$^~#_n^;1+~K5Cy%nT*X{6SDFXW; zp_1qdC33`^-o_5TL#K>7IaG2e`+LV`R#wYB!m&)-K%q#6J2-_m@rpP+`@3rKmXJx@ zp}AqE34Y08TJ^edbk%9Ft>rFHz^KM>N8M!g>AX``e4aRv&ReT@LmU=sEoSoNYKk%< zTb=iRH-xEA7S#aJ>!FQX<`^>@Dw!$rkrwB8QjQUot#)dB-i#4fzt!!gXG$qB%HAX( zf#LqfSEeHy>`W@4y{@z6R1zf!Zcx#6!2QXwvna$(Pgp3H#GdX4eNinFNl{iroA+Q@6uTk6KekoZI3`6Z?FqQm zcIVVb21a#u8s8op0fkhuGT&2*#qfA;F<_yU`$6nXtlXHF(_R0p{Egh|lpd9tRGRle zjcs}h!&_uYE1!S`U2ghy%O3ms4ZcMJ&6692$L57O`TL84u_&LwsKPeM1?M+&#c~<& zhzeLDRI+Zqa#o*r@S&5Wx2TC9kSr#fY4wDRypYIEZxdF5j4Ys>#b{kXuFAqPunj2h z-nAQK#KzL$$pC=ht@f?K78jqI|yguuxvQ(b;RB4}hzM&JjT}!np(hLp{uhzPc z7LM0Am3L05p3F}38&|z2C%4}^pp>VpOj;g2INUYGF&8NoDO5h zE$GNW*$K?64~wm^dMl#hK2Crhv!85+Vv7H6%Z_G%TJ=hmEwiy$O$`t#>gbm8W72{cdG));$n zg3_Q&vngC2fT0Df|4s-g?FFJ+bQ8d0gwei7UTe2%c^RU!>*rObyRM^-(%+>%(o9G( zB`BmPV0pH#TQP|43FI0SFyGzWG-Qt)EV%5<3Xbz%_C4S^T5q?9Me`%u9ue-By;)jS zIP^E^L%CUlX_1mL0l^3X!3#g(HVj|x>gqgu`=NHNg>;!;OEWPkCB@}!`rEzg&Qsp2b)u98hc^JH8u&De^vW zlV=X1t+Q*bNR39RP~t{^LgoUy?8*~<@M2NF>M^OSu695~RA_P&(srF5togI3CX?W$ zmS%Ow@e(zu+HDOwWA;dm4qU`+z&-uUW9UUpXRC&&WT8N?e3s(-+j~K z3cP!c*}FC1{LyR{xe}yu(Mbht#{Ca#*u3}u9mQiSO>l@%v@^;ql0ETUN=Z75kzeu0_>XPc%4p=w z)hNVec}7A(@Qb(_-ias7Zwj9Y(R%PGQUHY4m=w*HShqGc=uPmo;>wX~h-Q`|20Xl$ z1Hy$&Yfn*!oO;9{7w1F*|B34R_wTu^w$$5i&GhQ&)}O%{<|HFp)}t3VI-k#~mfvlR z=fZZ`6IAz7`F)3hN_OeS$`aptbEOWbSq;4JJC>I2s{0<93r2O%K2La${TZN}O!lw9 z9FdRUB=KMQ%|$+kbW8Vcrn#{DixG>(XZjc^O52Mc0;xYrWqHx+3cs_Y2SpptFzs6+ ziGqhDKn~p3y9nyV%qsLvHMn9^-C0% zS{p{Y)8K?d!9@&_bZScHv&#uBVF-j?&>)%$cs#2^DJ9CvO(kPRr9@fMM6*pn7e--K zP}-|D|6gOx_lj%V0F_*1|y*4@iAXl}j%o1TppFgcy?X|CJLDS4hlQgu%~)BYaHED zt*il-_=F0q7z1Knm!XATkKcFhoFr%;oWD1jA3@}C z=kpHtb05j$%ry#7lyBrO3k$pU)KhN&8v;PJ?SYtWIwjf;29nW#!FiJMBX$5Da5_SN zB{0fLqr$`8vqme|tJp?d+Y|&^g~5&qwK&V9xkc1C^fz>V}dWxZ1?ycL)q@fnzT*VCn1)DdKk z&bF0*Qf?59jT53~i;CxJoz|;QBJ)!E;zmxD6FXmye*v5=DQ?3qXKs z*jn~NPYM(=u*yJwIg)5sNAq1d(N>Q_-lUZ8S->L(CpO*d;toy8+Xzm(o0HwkWg#t# zna==9yrYjJ?>;cw>=*5%#2ANz<(^a$VMTxWRBcafZIO2vrU+B2uyCbs$CezSLdvcC znlLrnp=XWcYY`iRH#rB!s&ku>29t<44!{blB&zZT5aqaLECNEHLN($cbcaxs95KMG&*J?xdUvf7_6Q7`5wH%qD9 zO^#<8dt8)uzX`pePRMtbgWa72j6;X>)v-5g)x|#dSZ!nIF$Est<*wsRMM-3aPzt}@ zgWsHH8hPBtudjQt$vyaQ=+49dM?0fSz;;erk|Wo0r(D*d(cMoH@XX=y3ZtPxBk!L3 z`rd5n%bsq2*4fV5A%!Fg7Lx4H&t`SUuT%cgU21i>Cru+pa(Sdd|E@c=@MHy34xfA=;L93Q67bv zr7ksNi!vB*QVfO%F!yba+uL#}c1!J(fbw9PUSljsyWX_3D{!u{F&Cc}veR;zvoAb$ zgc-yQ-pF7Cr#E9B9}llPHaO^IPsV)TR2HY@RH0~a{rR>WGn1Egb5YId zI1>|-pP%4N`Hei4dzMSy5PEVv>&j+-KK$_{Q=wwZdElM_frYL0*WL zmlx{f;^G3lg*w6adBkGHC0O3vy5ZyD#Omj!bQt*f2nnVEcu|#}P8>2NB_*&{4b_%7 z!XH)@6?QX?Ip-={oSkojeePBlI7{kW{f3L#+1Oh7T@-0&r{03gt9Dm|%5X~-p-cQ$&M;#;ak!g?4sdUwZHMIe&5Zdxa5tMnV& z+{tFXniodi?7Sb(B%RD*QJP1Qj9?j>t)HJaPVosCZCWc30L$~MB9g|Sq^dIDP%rP+ znwpxr(w&EU&#?CU`1F-~Sh=XZJ+yYD22Nb5r>6&)?(_-3L%F_j0gA;j97lWmDw%*= zIynoztXPX*?cjcsMvL)NEXyHN@Vt?oQqZ-XPIc zAXIqsEU&al+AcK~c&(-+6=iyIlX)Z$gXEf>FNEx^B|UmuGPn#(b71_p+S$w_c6o*AGNz)UP|;=R8p(O^vBG}CwBDIR6uU}MXs z2~9Hh7-XxLK6p;vJwFgVx;L&6VG?=^VeZQq4hH46M#9q@FCA?9A_; zf}&NirF?_YgS-fjx*Zttis1)fE(|rkG|{~3d)B@N>+oa_*3y!Wgt9Vc{71#K!}FUx z1w7p&n6DlkPOM1Q*1SUUx6e(wr#ovF6ck;dPJuUMXx^3@G&q2>9Wbj|dZ5QUiv#yr zq*f9i-=kCe`KE(X#*~d9V^o-ktiuLY;l!K5-SXkBViWc7(300#>}Z15psa*<6Oc=T!v>lZZa%mUWV`IdTSIf8}nHJ7L%2eOTyM_ z3O+(6)gyCWrGJX-g9>R+WYG3G61m-qsenf+fTIJFhi8H^4Dn8fLU)IYLlch|lbu~% zJ;2u6eEIbwwhVd>vq8Jr>eO+|h6i*fSCM9>9OgWLUQ;(!s!|~Do51W(c3JSt|0G zDnlv@3;P$eFN|0j8bb0ffw|YUrijzin#WlNUhJbjI>F3RbUWCIt}q{Nbv$lg=uw-S zEmG0dwYDw4r48H@V99itPXzDJ{G`M25{eY%3H*W-8I>~Nl@-{JOWfuA%_QVUu@z-i zjq23r%D^2$y0|j^n*07N0|2*0A`c0n#nrMfHkJm*hrc4{<#p%cQqQCROqfl?QJ9jJ zrqfWKypifHsjT0gENGPvA{xcak?bfV2*jr*_*>8+P?b)1JQz#&Mi9=Ixc*6Y-rt`pGO@JW z+nR_nQ#mjhYscgWPi0WMC}(KvajGBqR@pe$+xsn@>1w6)&-jJXRol9yDUe2cK3S5( z>T)8S=p7RII4m-fh-e64VK4x{18^4P6bPLt1q!T`F87rA3>x-0m{}ZT8%C)QfwM^$u)`HP{%-TGuqouG& zg;E9VpMxVlhlXbt*4t5bJ|iuAX2JjP4C4+;wMq@Y-I-RZCX7_T?E z@{*swWq-DOS9f-VgkQhS%i^=4VnupR-o)xHU06vVhyBDRd{vcrP>^yF^ti>fFOsN) zJy%+oC36CGUo}y$uo45~wr@$(wv*nz_U8;6rR-V>!~C_aI44QbZPvt)Y*cJ)a!gEt z^8CModQA@Aa^T`?`j&0NE_Xx)Jp+zcKA)87fol~?i)4c>7 zZvEpF!6w-`!I5tUaN=RZBM=9C#)xZ|-@ytt=G&XsPJ2`R(`qz0y}jL)){-(PX3I#) z67qF}3vNxWlsQnm$@zRd*W;yV={(@(JA+<7=(S7)FeRngEw73b7W{hTVyAD43Eam2%;ZJrtIyicHdjXq+ zgJZtW>BC@OBv^y^N4U*=>F$r+$wjw%vznE818;y@4XQ8GK}COES5;>=*r$;A+0+z= zkge9NCSNAu4r8o@`^i5Jl|=k28{JN#{zxDDQzbWNT1*E<#eowVELTc3Mo9ysrmfU6 zHp_~hJjAxQbRN6Uccxj~@o?Yc5;`zO9+1LqQ*8+eMHRl!wXlzi>Wv`kgE%0dz8M2* zjV1%%>HP455jVQ~UtguUEA^^s%HDT;5JPV_mpEf$l;ih!GgajwOxyvcb*X23b%CiS z%91Q$n7okX(0M(UNv?9&jHY5?c@yc_U>jz+=<{po223q~{iWgCUx)c$KsquZ8x*}l zi|^{T?EeOWWF#41ADp%VQf_-50C!j|*}ksuJ=-DP=V(JzTUqAQfL<&$fi^Z4>uou& z_A5lYz7@4K^^Ay}zi%~q87lywzbZ_UQ z6+-GFhc4=0Y-lNFlM;*Txy*5v9isY<3pWu%1Q!SQ{Q6GGCws4H1!cOF`1r`6-UgM3 zOE*igRHr6ia+FjJN7K1@g8WE@RM_50Ey$9z(0=+RASjGWru(N|yWVFD3$4kjJMK7G zG5ZI#Oq|f{Y!S3zHg>gp7t%Vmb9bo8N1}N!bj{H(gX*5RP}DzIpwV|#?ClP~=5}8R z$3Aqkd}#7smrNi|fpF`1uk3QOU7`=TzSI&B95=3aQc^DWLH}fBDOoAXxO&&4Ho|>z*LOj}m1HE&~ZT zUGzVcDhueOguac z_QFh>b_6u%dk0OPM@L5&`?K7vth5?YPe;OWD!j+a%g?8xqPpCfX)X<6ESb95yGT%1 zuOs5N)g6KRJ0j=+P~1B>I=1rj#aYm*ClpOivZtn{fw6I(PVw~tfVw|QNSJFS7{~E} zP1#ILHmZXG!WtMzq^ztgkg#hdbYgQoeF69XN;zL{^y<|sPLjV8w90IQqVp!lZCzbm zK&@Yp7ZDaFQ`eKDmnX(%+8;G&17O2|0_D3;-iVTtQdU-$=hac!?uX(?v3ExKF)=Y# zELcwmjLAnTZv!A`Fglsf)v_ya`rX}K*(O;k*yW-fzsteS;i31=7`cd)zJ7W`gR8wg zt4cv*W1~ieK3ft4C8gO!?x&TN6;e{tXV0DiP)Zg(u=8NKr9mcvDI5?(y1EKG@8Re% zMN65FrZ2a;pRcre3cHdttL!e>hjQ5sFK1%9fNbC9Oh(V>Me2d}RVG+mb)t zoZenoQGMOn*||Ji^z`tM5EJ{}V|+GhW{!`KZ!Q9&u=KRwo1%4fb>-%6X!nM#w7S>a z!Jcjkj-zB~$~~O#06#J!0u33Nje~<2;31uyI8@p}qolw(?YKR1xZHA;VBkX@I903$ z9vx+-qYEvnv0H8b`V~$ngN&4PB~K=y1~j_T?(GR!^EEz`=^nA5htq7iUPwp?;0q|| z=moF2Z5B2+HXN^xmUkx$eD5!2os4vKQ^UiDs@?!0iv#WM^kH8MIqlSTq^;AOknHwYg~;w?C{+sI(Y%a&i(*#4Y50X1Y*o z;kY$q)G_?zdYLFR?#Uw=_pmD!1{$2u>BoFUnmGn3rC3?2^V3uJ({(_}03=B#r>D^a zrqI%7@CdmD1(TB+<+>JgmE__|k)(oWXJ=SpJvic@@+JVs>F~MN&XcRsJXl{BQQ)?o zJDINm4KXxhhGsv1{u~(@Srrcj8CjX>V7eqBUP|@Fix&W?IyR}LrIp6-YChxkaOduE zd$`yDn4b<1kmnU)*0r5Lp@4Rlk>sy%^mDcEqYqb7<(Yz+zVp@>9(K@(ss2bRZ%o%( zrS9e3&AGh1{K&{iAO;8oqNXkYp3r2?&!0a_%gT0l&4-i6vE`CE0P(|vA3P$Us6i)l zadoZGXgJdYOPTj!wV042IJ^E9&Y!4{rcs+KQjPvU}SufgMMf_ z1@b38PyH4bo1`;y5h+#GDZnJLWUNN!<}+=cu5p$K2na*aL{<~^QcX-OtZKlafeASg z1iLz31$=#TAg0CT&=SCN_V-I%v=Acu=t&B6nSAfApX!YGuhaDsNUR(jrunp?Kc({q z_l*bZs2c&}x2)JMH{YN3kpbR#f3uzO`t|ELJC!Hve;ri5A;aGM!c${DOsBGP2b5Nl zfJNQU-rtZ#k_pR8Nx8u;8Oghsmj#)bBg=0#2e8eH0Ee#9yn`Kg0MiBrgG~kjPiLXQ z&OlRBbAP4`(4mj0&6a2YVXp{>kDnhfLqd5eEmoWvaM|5mfB)w~k6mQcL+=2S$H&KO zXHQIgrvm2t!^1-uKJ!YGW5LKEFfuqrG>_B3aA309Z}id{SaPzl5we@3+~2g0=ScST z_J)dO12Kb9uQ|4;Yx`U>g18AVZe=A4)0MX*Q1Lz9?lS{}JXz}^U^m~mAle|`rH&W>8HkihfMN7Sk|hk7Rv2`c$AJD?ns>@;k0Al9 zkS@S$+>I1>hDjlD2Rwg=CIK3n?|mCLH#exnJYW9&@*8yihDs!%q$(waq*86%6UwMl z@8;nFOe0qy5c16m8FdEcNJiEJd=>C$ht59$I2Q8j*DX%F>-+ma0M^Ubm3jZ8va%AO z!0hbo$jCAf(MheBo8yu=T@L2RMZY-#f0mnTI$v!j3-|HkN4;hzqxtXJ;CMzrN}>`& zCATAKvva`t^t@x?gMSw6mf|@6Ss2R_Eg?^SWC85!wei%y@bv*uiV*O1m&k@q-KqU; z$od-j{GXj!8rVx^PwsS5CHjBfw&fLnVQg$%%z^ea8aTl|E@!5Fe6PPc>YbWI_}Rf` zB-^>a`~KPL_5UmT_^(Mrkiq1$Uw!YHD^BLdWk#`70MV>m-*Y%Mz)LEXC<=u9(yXn^ zEct*A13{o^ZEg@uuiGIcO~X*M`vERx0e$4~_XztGXvo&okK1_5Yr3>NnC^0M@MWo#3rCtfm>`AY?Rmi650by)Xi42Hq zI-T0UTm=VE-f=#b#ZA?ggH#M0V;4^FH2^UtFzv28v<+ zxUUiDUA)POR^vjOO$A9nVxsJBmHZE=o~CM!H=q14q;cWy_xVXA0HBK>$~tI=S`_QJAQQ` zPY0KcZ%9-XsE=%&vkl&NyURcW905<}cBi-%U0%&IL2t8a^o**pDOX&FrlqMVu{=c; zh3S!Sey4?*`b$U{?2)Iv#z?dPpl=eB0fl@TKT(|rgd1{<3+MIRxID?TNkyEJxGJ{T zW@HrqXGi)^{(;Rcc2@H4iP(g6No{_xYdUwuuGA}97=al0ZP6w1>FTBZq19KqJlCQc zU8cwoK}@zi0x>sC@RbQ<#TKhsLyW8x6wvJrOBlV@d1et$I#f= z+Spitr|=38$0ut2r*M{LyG|0_j*Qnh>Vu)NIaMNy5OldEb#S*5i_u#{U6>rlc;YyF3850zkKE{{D1Lg%lX>gjQ;J{WS`%`#UC}a^z7;ctsvqLi6f^ zoC%F;bcF_O^&N7kC=x5z+fM`n{NQ3aR<(ykbv{p~{lA9VB|bICvx5<4n(ylEwYnZh z6LBBWMtYd%Kd16GeeNfMun^7OSm1P(09l$sqecu5j)A>m*!0M{JtBY@2Tz*d$;Yt6Nn*#*#;xE;{stY z2E2!15BqjWwpBc%OY>=aTx}h2gYxX!cM?!l;D%A^wV?aLxF&!99$9WP(%1J35630n z+?_Nvr&aDG;-sH~hD9Q=u)tf<(%y?;$MxyQK}NqpP0vhoe%XJVrAR=dTQ+aXGi z=>?d+R*A`9g(QE2t)8wS!q>CUhV=CD4#$Nmz2-*KFA@MCo5*7HIios@SI_4KZ zEuQ^TqhccAp)sT=rzq9PoC@d(86Fr=VIs!kdV4fx0i^El>3H9`PW0rpU(U(Oz4X;< zqrj8F!omWL=qqRWJZu1ZK%n7Zxslv|XU{WFaRm)%r4#UauTO&m+1j#OXa!B}XvNjx z!Cm9b{R7g*N%+!8+_`}TPui3;Bb2|0mdY^L-8ek;h%1DFG1``Hutd!}2#&lw^)fU)Oy9e1~2@c>Pf{|Js=(U-u2+ z1UCf*xWMrX^=cNN%v!GgB+1o!*Vm-eAPzK%7#`h0u&H<2bwnZT^n;_@ARj<=QmWPV zHnX5&qscIr2-J94laIeMjXn(Rw!pc8Ui?{Y_ z$WD%k#TW)5%R%0}kMq_A+*aEDsW_8nMJz`pSyw|H{|d0N{|QO~YNnV@e=m{mO`g%8zo9!{y($;SSsz;dn)dX z>^=Ff`tzXv@u`WF2Uc)|${<7VSij=C_|5I@zZnal%7V}Y`D1jhefBi>2WmJQW%UE+ z$^I}Z<&Zg5LlGo3Mb)8=bIF?!5pS_+Tn1I%|2R!qw2DaQ`OpuP*N%>88j(jo5x+`H z(&A83z7s);EP&PE{U!+u;Ku`Po&RJDeMKIAV0K+P=ZkyE2?q>#6qstTyS zOLsNlGWovn#6}yv0uQ>xJ9y#uQa^u6aHP`w7e*WfK_oV!4)e4#FMgdc1w#+h*)Sr z6FeNt{|8y2_NbAoM$x0gKNG`ea3^H0>*W?hoaa*v0UmX^#3K5p1U%X@U0%qD_4MVt zV?tDF-Xk9AKa1P^0dhGl+|Xe5y8|)N+_IV^naWew%LS23I-fT!H}`5!kHy}0&T~&# zTuvIG4~xVeQ8hL!w|xLoG>u%5m;3N=JGfbi*qBynsYb->qV6p!l*U0KA5l1eAibLxidt!p6M?p>#G0SBc&?9|NmLi9BcLFNmR2Y9HU^PpRI_H1+_{xe?SE z3ETLgJ)*^#&W-K8F#A8{oKPSD4wdeOWF@Ql3grm5=%7EXQHKfM-p}tPBMGgobQXa= z;~0g-IQp&Q+xxeI8jw-BEeIgh6G(P)wOeXi{rZaAZUtoC)O<6EjT~eQ^g8Ja1*FvN za5_v4%~r4{;-U4XSkt)Qeycg^k8UjSRWyI7Ko|V1TnTxik=~J=K|tDyRrz<8j8GJa~#SaJz82W0$1`zs1@`Sn*_W17TKw8sSjm>{k2bjwT7eg2G* z4x)|VYxd6+J@U~q_{il@drX7%cm+yg|us-(- z2?!ub;c`xYK`*j;$w_3%{XPCaTod@M8P)!=cHo$rnhoyr0yYR=%rmZe5j7AF*~U@1 zxyKdj$26^K?f=>WR&)dgI;Xa_jvs4)az8#U4m{-WKeu0LmY?TA(a*Q_x`R(}yfbIuq+BMsILqHH;EhYp2UBVbDbP8l-wn$ujt#j97nXc+?Q+gagnW030%`Vy0|dt6#{OyS`PWY*n7*U zD!;bv*A_%VDQPKzMRzwygLHREODvE!=x(H?d(mCe-Q7wz(kyaM{NJ_j`x)=^ynDa< z+aAN=aL5AIx~_T6dB$=4&g3p(uQ1R*_t3gHiDho0@S3Z3wmHnux5Sz(<-$DKnl5|p zU(A81;zhV;k;Gz!CbMphX^x6_TE|C4H9m83%|69$aq+AB)xTYkSWrpi23A;3t_gif zFQMU-b=c|ltW0Ls;Wh7ktxF0=B`NRnJV2meV`6&N>BUPLb1`ShV}wic)AX);P9e~s zpZ!~GUvcOz3j`}j@Mn)R-_?6+_WUt#ks3bvbo=~IT(3>_VioP>g#6Z$-pxw1!L&X} zxc%n+Xp-?WMo?wuyR}<8>p43&!?}vad6mP7mq$=LKbOeNT&Ad?<1a!Ev>>1%zR=J~ zA}_INsn*+7%buVPb(Tk*2g1$Xq z+}ktHa$>i1*xqvAyHZ|_AQf9qPY;cT<=V+5`1%Iw#)br9d(<3NO^rkYb%v_i`3<8N zusXSUc;ArdHke#4be-s@0#BuN-eKGxko>!lP*4nZbZn(mO!g0`c;-I5_tS9fhl&c# zDh7hYXFmv9#FasWqR8AfPC%y7xO|Ax0PD{e7h-BctffU+gKxPxInO`3?kRE^D;fP( z<#w>=z#nAmue6?>&4MZliE9q7X;!|iu$cX_x`dgLDYHw_{H#!k{*3i5$TxSg*!-8B zqppsvm8OP_W`zX#1*NCNm>#OKLxI#}>v#AlSZQQl z)io6yu6vT%vR2>NRmBdzDbIu{5k8_07}&EA>WV9iUGLK_aaR1MP}75)_G_w8WPaA? z7mSFN>F3YXrbl0v#>UDq`F%%MH5OlPK`0y9A>8RhtMi4V4s=j9X6ESzi+%vnak~t) zKYNA$0tfqMmWiER6`p@cPg=)vlFR|01saLbLJzpvO-$j7e$C@>&s-H94t=)|Kf;W@08K@%)A> zj?CGPOw(2ogsA;3o(gBNtQeBc#Ke@yLG0zBk=(62KQ<4JyArjfiHT^mk%2iHr z^)4uQ7!2Ju->VF&;{RN)Rp#g<`Hiu?2|*gk3k{3RZ(rGcP;867ycdY2RVxlhE44d` z-$HqGFHc<1gOIpwj7(SC+l;&5{DFb$WEdI=W?)R{kZD<04~K%9Gy*ZbV&L(yQC+qL zSMW3C*5Op@NOSr~SdJ^=W$lyZJrme-D%gO#4Cuz12aKnen(SA)oz_+-k%|q9^KU_h z*I&{lyt4P6Op&sP>uRBJLwPzm_{oRNpLk~*_fcJ)0x|SS*0J*iNh&2EW6jOg*Bagj z30Aj}7aEq-XzWI?^Vq3GTnT$HDIHFLsE{G4uu#rb3kgarcV6A=sdSTDCN|2J#+x)f zCyP&GIN$6XO9Mka;l#Z2ePdDW6E*oO_rE`oXHvH<`E-~2HJMrHWvBg+6(u_4@ZS{m zLd)igpg-yr)_t(EP5;cXN)lvZRCkCeZpS>$Dp`GfLFiop{d0TT$BXvo)U)5Dntl+8 zoipj{dde5qMS~nDtDum!fJVKYq(rGFGpF=wgY@1Q1`SsGFLCFKc1t!{ru+BYKzb(m zxjpMSa^nVdB4`-=l=7igxoc0{d-ZpV5yIbk7jOSYm1FpOO84S#MgE|_Q{_N{cK4n4 zNdMMq_}};u43bGTTC%n!)uqCJetQn?gU{k}p^7sqK?>_!Y-`zE$r?RRuaX2_L)`WL{Q6p<*J!-1H*~}Y?!8!!nO41N8AWkp%SYa~ ze9{uPVH8+WQbfdeulyuCG`c)ik~?1No#gK?Xg13v^A}OC@k4d%AAr;UlaKO$;A;H; zKjPDWzqo$IWFORc((^*Znb=DqYe&ZWfxfPn<1p>~G?G7^upuh2#nf8TrptCVltMQ4 zh9b#Hz5071j1&1?9L96JwXADKZ2zp7d8OJh0QAE|Fv2HU-L$`Q3bvSQYCEFS$xk;RDREmCk{ZVs8__N9!RSoe?|MGrjrP|A^bRva9mkn}fXv0m z*$fAI=i+yd!9Sa#8LDHIdP7WuHD3PflDcBx z*;TOBsLV$ZGGYV15{xpuI5rwj=|3M!qx;C@=rj7%#hbVi&Bb27-Jf#P_NNDtqD?TH zsoDw-?rr!tM5D8iL(@U&{o;~KH^^WmJUA9U83~`%!PNGQw#k}o^!UXx$@O*@Z^B%2 zG0m2?Y>l4l`S!Z*z^CtT{X*q(_U@!EKcy(#Zu~ZIN>60`-sz2V`?+%MSy={2zahO{ z?MK!qe=REN@-kOn(E1SGyQ)h%I#%<};F~gyGkw^qxH#-v2BMMr%T&%yz3|aNmc?{O zdDKY!qPI_I3kuBhE$OhNDyz|W+CD5+3;Cu+ zFPd&D#URlt9RVz_xUCnW^PPHX01WigmhsO$@|~SXoVsWXB=CVo8~E47mCPNa*M^rJ z7Ni3Lba*Aj3AkGFYz7aD!p*iU4d1<+O*BQfCu5@eEoAQgxSFw>27pJ4c0=g6JCR@*)YG-V^1X!Q0N@3%7ZgM)PDX}$+=RsIugIfB&PJ}*C`@;ssKvzn>{`QRx5|cpXN*(t zyi45+El#@9qgB=^v>8Tw8HCSzxjXAn8*fk*&@3iOw7;>p2>ZH-+RKLMofg4JMv*O> zTsoC*p*OnLaB&{O>2#A|l>qC^6yKa-{FF z56J!Uk7Hs}f}G5@cz@WmfLKh*$Nko$zOhl~Xl=luyFLNYhL z7Z~F<c=z~ys7LrZ&T59i!$e~i=a9Va9hatw9Jn|kffd%DmwV~o288vxa=I>Odxk!#beFb@CML3gKstqrM}Kp4&~`fKObyd+ zQdR4sr=+ZPfKL=~@-yuOzX=z|JTj>f^k`T@@#KO!z1}+aJ_@%`^^`)GuA%Ojn>%iS zcX3xO)jI8$gA1>rT4Jv%z0w#Qd+X1{%&cDFqS^f{mARFNmphTW>};Sg{p*zrJ=`Oy zp2w}14>i>BY@ZM{iO=MwMVAF5hByy|^9Gkl3u*M;nt<*KaoX1OnOo2 ztT;7#&a5kkR{^5*2wr?{k4DcXIZqN!x0Rp@=q`0^nq1PoG7|)bIzqu;? zPNHGRGH4OcW7}pFhtYeQTWMc{Dy)X8(`rvr)1WAg1_$)!i|$MGNP6uc1>Ausv&H^I z#?y&l(#FPlr>hs46~c>+I-MaYruCTMP;toKH)^>ig59*sG} zVch*ZZZghF=9L_*nr*+H)v>?QylhS5s_;v~%(amy==b-2QIczV^*ibCaTMU}zV>q1 zn)0DDo9LsmTYS>~Qb=6<_ot_4vIS~bzdpQ}tHE67@A6H{2~Kcie9p@8 z{s-7Go}e6%dwJPRQ_xGx%8~=-=K`JFxk0+8;Z%YNSffKjpFFro9fHEcQws}`iOEiX z=HBxp5*B_48t2XT-HR57Jd}@@Y?>VH%#DnUIB1N1g0``g3I|q|;R=E$DXB0zdOG6r zS7xTt)z$2q+NnBKRbF0ee%&HP3P&?a8et`VuYU8nsgQO9`0;6!xRO?cg}J$cTG#pq zjz;&oTX(uNBk#I1LZ_Xf0FPSwrLG_M7oI%fK|(r8{d|pa%OSvx26gLM`Bh;tSz2ZD zdw!{?;)(hi@mQe+Z&%UTfcEfg<^I{uO!M@#PHy3!JK8EH`xJTC#>nWs&Ej_>61pmr z@v894(8~P{c8`{phD(&iy0gu(BA@a8J6G{- z8zE2hw{Il$_#8i6Z$BG;eVASO{?|yE*t)IZ!{FfHZ$a7w(djw5O(@#mA`Vsfut1lt zMgnXO6MVDf)^xf66!7tE?`sd&*4d zzENX zegkMhAOicpN9fkV~Jp342UP51>&2>kriqk&GeNYykEWKjm1eHgD4DBCrijUX16nPr??r z7mIv-D#r59sP>icb?$0BUhM`{Dp-N!E-rJ4iB}QV7?=lAr)9^NabP!5Et;2+aIW)c z9Y|m&+LchNTW`9E>d~YV=}ererL`Mr z3nSFoo0y21um7^TijN{@c9}yB9wHYPjRi7ZR|h_4H&YFl4x3-DKqnXlYbEx=z(joh zoNu*LA$O;HnHj=tg4;m#3Mhmr>9BBL{a%rK{KbGYUGCOzF&7{ISF4s+Bp3QWm z(C3*YTb-5WWTlmMwhV#u`an9s@lwkru@=Z4%q!aszVvpglYZN66g6>O#M2c=T*x=+j(%;C1hNPU=<@hz3?Cz6aA}*E|6^GqkhCK8_!;bAZ z6yoLG3mPhszhvLPFa#2Yo39koPhft%tCSw(QhOk#*ovrs8@z>$;da$w$F|& z(A}r)*%9M5-q+`)Lq(h+pYEcrt})=q%{iT&ZQ2tHs*7W|0?Qr98%+#oLNC!30pISG zw`^B(gRkq!7Sm1s_Y*v&xiz7AHr3AdOk3-{&f8&L&*Y3!Szpkm?v8t9O>AOY4gY zilgUlf-5)a)f_|Qf7b%+&S^yLj808$%$&FirBd?o>7UN6I>5o{0pdM!i~!lh`k%9& zi9Rh%BAF5X{_?5y1?%P;3!_MI*C+B-J4Z?8gwHO6;YM1h=D)G&&xXsk^}6) zRG|7^#Jyp(2w%i(&dfane5Vk?YtPO3Z^K_7e$4`)L7~@_I`G~v5$>=n=jO`Ya1iR# zs+HR8#eJh_w?Y(^gziN9W&6Feq1GMn=B4bgi5Wf>~1cZ z6r77GH@6SZ(nwb%lv!`aM4dUfT*rsHDr#NN4gyjS>CyY3z3OeOC~RgtRklXG(5RjyHjh~5ng zVAZw~b1iih10@R-cUQ=KQ(V6ZcMwjzrDcYV*{`uisJC0|Q`019yQ$km9GczcVIcu` z+Ubr?Z}ClV!kMRf4J$G6bXV7q&G)k}a7B!LY5V&zG?U$|yT= z{J?l){)yh#TJ{bF#p$ubl%hLVu3pwG{Gh+TKc5@_UXF;fv$H=UB5)djvUTd`@3pP> zvl!$bx^X(#rvVaF_mLNd5JHyWC;HDdH8lwdn)>>mm3ka-`yf9vjO>6=TV0|+Ix`xV zFz2g3?$6%T1a#nhlM@koLHuZx@dx&ob`x|V%7Dy@weHIfMs{gMrjxD7mt_df(Ycd9 z6!4ei8FJj^SA7w0pQ5w=z!rTykCP+L&mXC(u9uF}Tg~?P0S&Z2BsnK;A#q@MT1vZSDP4kjpV^e2 zdc5Ytflqqbq<0{@5}SkF<}gUjZPu=%A|q8V&Tj`n{U?Ft=#+>@-ArBk_jtKrBPXjtWDakq)@1a34XP+|-`JTh^yM=}$nhwn8MPM@O%7a4b5#iCoMuhw0f&{+#tj zijwR>*I&)uvC{k{X)RIPwgCHlm3lswThid_dm7lJeGC8=g-P2j6GIn!B;;%lBHyrT zjLVH-UPV&=b4RBGhu=s1TN2C7zHbuUd-6dXMnSPvp&+PoXG2BJg0ip%c*wnyuN*o0qT_c zEKpsDQF%5hp_5`VInq^P&( zj#Y9i(CUNy)#v#@*ZKDv-$64AH`zRoG}yT=`tjy2Rk+)Qq@mI=;;mrA$;rvp)02<@ zJ{T-o3Bt<8Mx##0?|j8_(>FQ#7MyVktuCt+LK{bm$4uJ4{RRbIYM;E?XAfFGNU0$ax> zpWN+9tP^TcWuXRPFt^?54i5bwj9|7#`~1?TzeITfjWXcE{jw4)A?*ZK0%r4!ba&F) z-I8?M2AAUx=9aoXtTVH$ep7Xmqv`g6CNkM_2`V5^&HMcRwXXLP;uEOm<#4*MAfQRv zEG;dhUVm|3%&~y209&4JFu^Fy3eVKHqgnW&py16HRZ}8S;VZ%+T{B8=5o#hS0~-XB>qk8!GtY=a6&r?Q5+Ta6Ux}y(pC29XeAw$- z;I0ZmIoxhoxrB<$Vz~UHbd^6g{vQP!VxdevR3c78Q0VE&+yEsDR%=Ua0(*sd0hY2V zi{Jf;oD_2SPUSY`=d+?u4GlIz3u^~+-Ilgy>r~MxIzL}u@cM_U?gTsE;=Xwc|57Ul zEZf6N`ze-bJvLQDdG$ z=uEj+M7xH+jW$}+&_M19@~#{LBK{H{fqm(Uv>*Z%WJye<1Ack}fk))#O6U`(wEj9j z-Mu-h@jHB^SOq(I-L$~%Bx*C;xL9WK)YQ}!Iok6QS{7X~o|!*Mr`-TVP%my~i{iPn zZ(nAdhc%Vk>=OdTr@g1{$KM+VUqk~p-gxfK#l^v52alx&lX-(V zKW=nl^7lVSc7I9ad9{+8$xowsupF8hQ24+Xt;EJg#bjdBetmzz^EdQ;&XR19Cq9wu z`G=+a6{do4w8LMmzSr`@>>!mWFW0Iwf#yC*Bi6gvdEovrMN%m`Qi1O zO8wTiTk+KDSe0W{x=qxRFn;$NgXR`+pA5lL@&QY!C`uX@-bkbR;{rJ0?bX6nyRMBQ z;xu>W71q=if46h1&k>NMt9hY4&)|^Tln!P_exh>j4y>@>;kb~*Nr>f8Q2U}X)-s?4i3RA59Yp<{s z_S_RZmg&NUVJf|FVK0hOecc zSYx9(rm96%I?Qy>LV^=I5YmOY% zJD0qOY_at(S62}-E-ui)-rh)h;LUV0UzE)i0_dX#?T0SY!;Rr=+j+d2IB&WOSx(bt85@5fh7zg+4K1QikyD zE$~%XTTLAoH37*KQY4iUjkE&iD%Ki*y6L1!p$0=r8t^Nwe*dmsmWBHy%{ncMa;txP z@-UZlbG4UlZ!dsbb$(sxU{qU4X=Q9mr*al%!kQA zJ0G|E0Q=>!L*9viVr7X%aCYC*YCDvSm1+#BF2xTLnC)0ZDYR9>1_vuPS!Iaex|2_^E#?s zq0tnGB-1Gabh5;H7%Bq@gbFn(%2lWbae+BG=|J!VYJ$mx2Gw*OEov&%fcKs)(mLAN z#W#JBm$R{X({KQHi@sF)%G8AXy_Tgk2E$(+?k1#$k*bCvYJ_2%TSSi$$=a!AKqa-` zbcB6n(32~>`6lgIHZ)HOgTUTkyRu6HUD)Mgji#oifUe0E|MDBTV^qaNNs`c2UH2*d_($#?7*Rm#buiC*tDZm{mWKw*TAp=R{W=?N-d9 z)2*~zHre(3o}SB1N6Ey-mX$rqG{_MD_wAPx4aJu|9)y*xO2>eoDDaGsCBL1jsc&KK=)Px~S=+h1;Z zaBF+JTleKNQQmsrCePc{72Ru=_akko66jBgxe=tf%+n_}EKGzdJOoC(vLug*t%?8W0#59269# zQ&Fh8FW?}Z#0CARIH>=>a<^8?~ZYgN8v| zQ15CnLLeH}FEk(y>&1SN80Ri&lNLqkJrRatFy^br1r9ae}5- zZ%|pKDx}9S-3pKX(I0+AOa{4Vt1kHripU6HjR7e*Q@e+i7W1G{!zrIq7tO@52-5V%-zquHV)!;$CbW{PiA$KH~9U0wbJ zEo}%T=!OB0J+GZ%JDg4Op7YR zKk^MxP%teGC3thFdy7Q;)&&z`kSnWu%6e+CUkVwYC#dKFd{|O8vdI&a1gt# zE%|t3=MB9QyD0T3AUb`oPG1KVK3PyWig5=s+=dy@kXO#QfPfVM0l?Z;02S+XC4$V* znu(hV*`O`H6Bf3F>+6x?eJsz5!%UxPh5XC2J^ywCV7VXUzx{Z!K}>JN(HiBrqY-Ut zLOm$pp?11_Ce;WA%c$Gh9sml4$8#jj@{c7xP(<&Rj97Y4jYgiWAD?lUO}mk#>R2VY z|2*xdyOLx00uuhq*fR6Y+0CP+NVcX4z+)v`}Fwt@8jQH1Kr7|C!Neh{6$(&O18>qiz9VrlX9p2KXQX!@|ibZSbWNRxaGt}lcpZq9a1d>#&4P9)X3^_vABeE#|K7iq;Ux2@((q5RCI_Ns06 zb6?Epr|%S&&PAzbo0ZO#uSNQSf{r?`DBimHOE4g8&z@z2*-^GcZp(P5vY*G_f-u!}++tF$ABNx4{KV zBtT5HuO1^&=N>Iq*&yMtX}yWGQmcZg?(0OCW7S9!h)-|miN9kF`d{cXznc%R z3y)K_cGg2EIwZZRWM5Ri4OVPNXC2`3EM2*zB}v_w-H-W}kf7=WMnY14=t}oRMGg)E z^}!dFJDrDaM?R;b*V#A@XylP#c1E#Ulz+)q%Ch_+aVTjMZH^*=Kb;%>@7@eWbf~d( z&^>84&ZqAP5_4=P;OM3lb?4`?L?fg9(lY8hJ=Z1Qa4EP>^}NsE-flaB?EesiGF)$Y z2iJ^sB$^rLka4lft9G;@{Ak0ryEoqNk87I5-`&;K-4iip^Hc4v*oLWJLP^?6!iJX} zX7T*4B!{b=07`PVM3Nm4EFAGnt$-GK#d~f8YBT|@;fKe8P*biaK6iyR;y;BoQ11k; zJp|aspLvCP|8pT{%kktRxZBpESS|o6yz~cM$v?Kg93C*PO_m@b28JvxBjx@wZrD8u zyzI)`Q(H?5m(BA1`}b;Dum4Et@=^p|i%UpIh>LHGm&ur+Yrf4rI!Umhp)m)1pYovl ze~tW$Fda-@T`_XnGg8e{36fRJ&di*hosA`@ynEyK=0|hn(~pl)Gp*WzlU1Aypke-@ z76sjcfcB-4$`*pZm{0#3qSV(=n90Gx!T4XyCx$f5+#_!!Y7BhwQ zfg~_}b_uYLz!~BE_~}z$fFyF-o&cue?)LW8u_?W0dg!CKDCJ%S;U-9fVdGX6nZSiR1>XTkIOsy=<9Xu^u4i3c; z(335I$h^o01RMtja#AWYaFGCd2uxSF-V7J&1S)~*b76uLatDWgGfRh?b;ZK3H-F>uA3g0t|D)`dU)2W^qF-_0h0y5?| zmJCWsl5o(Zs&_d7NhHA9IDh;oPWBQm1stZ}h90g0)D4^U+_$tG3c2L!x;i9pp@6hD z16yzd0E8-kEc+d$!-o%H^z7Di=k0;m$5Mx~lmUka2i=2%s^+iI(7vlpWy=vEhf{(D z(mgN`Lk|$uAk2=|Sq86O?FHoSvx5Wq01+w(G${w)8&tx{hcnOXrTUX99u$EV+*uwq0Qz`^fm@A@9qV$k)vXH}GkXA9DJ(3!x=GdW%z0f>r^&<0$S6bUTU69o zE!4vIHX|eBy`PALq+|d9Ke-A1uIDC9_(@ zOemwiV)zM0R|}>7K0jD?zdVh`M!{pFp`(N4Y8A_2_|fER#}0LL*+AqAugz*rJ44q$G*WP^WZ zb@e%5(WO2_KtR}-D8y@(Rk~P> z)df7`1XhbTP2)Zj@^^A_0UXehp_ zQsWsHgMT3u#}NMMfz;wvjU5=q!mpOH`r|>u@ZQ>52Yf|?pGqirAZXq0rrMMWEp zkdE;dYcYoJM+}fwD9xufi-n+Q$0@nSIf&Xn2Ji-g2EFB$c0ADI0g~^bcb%X+XwTVz z_KHQuBA-cdI@M~=zX@iGo+SlG}?i@K9F4a8}t6yYd2yG53lh7B&gDZ~97HLlX4`*}$r zSp#51JTeL{AhDGkIvg_nN^=t=dl^epKnE1)Bcc5XEo*(+sZqT7cy;v>OMytL^qrN! zba$D#E#*kaMQVAJRV-Yh>6aG{vGzUWcKH4Cb5|G0VU_h#Fv;OE=5ezz(sdMWC*$F* zzMxvP6oMbeqR*pE$Yr<&UP$VT8tbeLdh%)o#`+~U5dtGq8YC|R6St4zrw(X>)GI3h z!8rs+j?J{n_~fnHuKkUv@EJf#jSsbtanjN*+g=40XEHCRkY!|>j;y})H|jpyp5uMu z>VVAi(&?>5&DF~N>!Kw^A-}tTNI$!-QxBL8-iE|qpIULv|5NU*#6z8!n8@YaV*vC6 zV65oYGWXgXJb#raSI%Y-YJu%LfH2DCDEj8j+xs_s*ta#gN_!hSAk@m1)m)m(prEqd z6EWjP6JoQzD0A-=+#~#|TDSnj%Nyo@@AZkxaN25U%!KlLU7wH2^*z+e%)#vFuZP^8OkAnd{Kfu-$*iwt#ec#*LMPXCw z7suFH@j{L=;$;7QR7}3-?<`x^ClZ4nGkL$DokV8z7>e{)*tTAPE};cXk@WO$R||6C zb^Cqc;=<+Ts|ygxXZMnlgw9N<-MG_{*e&`Hc#2ri#zv;tg{71#(=7fM>gr=DvC!m8 z`}HmC!2z2EjJN9*|An+#+xz)Mc2%~>;U+iMRtHQ35{-+82f@t4%k5G9FFITiFz0_Z z#)x;)ZN*$%TxVxyM##Z|duhJ&&CzO>gPR3~5cd_{k*(O&EGvg23(RI;MFM?v z8J~`Dl|!UogDWpDSJj`!mYMhC#{t?WTf?onCA`EUG+6Yyl?7ilXF=yMmR|D>R^X=j zahxHr50LZJYhs70!1_V2FeW9Xh*cw#5P^7oFln|Lu8NKxiJZWudwyAOkW*P%sl)4n zAIO~teRnS<1`O1vF9ligY2Qit~H$3|hI|)43O;}*oH~|%L zCjXcB-^i2+NzHQ#HCuGwG&*f0BV+GrhRUi5+vB47l);spP1}}pA8WE=N=oH zIG=ZIeows)4tl=3i|1CiF=|}5)x#Rd`w{YEv2$qX$Iy`82Z2Q(Qyr$iMq|sjHRQ$$ z%=|V<7&yyl=hXxR)c*d%UI)!MIMbNSdXI5Cz)|l<^a5vnb~2x5dj=bfAiihw@L@7g z_745jgoJ? zu1>d2s4eoPRExB0UHV&ENUo}MSD_e16X$>!TVFqyP9dw)U^`kL1MkuGn7}Wrw>nHv zYL|7~nd9tQY^tuF;(rbJ9sE&j-nT!SW9hEb^)>Ii#gsnd=*Dr$@+m-tlkuipLcVIb z%kr&6qH>a0DB=*W$fnVpK5;&jy_Jbs@a2&;?o2rTFw@77U~nx|j?N+Ak*L$!VQIJp0@WjuGf6vOTx1bX7 zd|a8bh2#1Lzk2bL{li+pwB)sj$PPEY(^y|$5ZYmXJ-m^xLG|jmZ0-Gc`1&?^h2`{? zu|e9z+P##xzxOKNJP<;lK72;(RczeeOxV^u@o$aFffB}|ISj?kA}jK;^$|ir7U_ts zkQb~izl43cYU%*`bbs+FD#_^{uj66V#GBemaMZ*OWZoS$4bW}fcJ;xwDL+{vGZ&XU zQdL!*h{i_325BHjj(NXF#+JUS zKu=)VuEM4@2$g6BP8mG7j)!AW)6?J8<=0s7B^404P2JwPlY<=>m*DGPjizoc8%0IU z8n*0|QZ<^jVJ0JU^9w;4uX`zs0VGT~)VrgcPg_XHG9ss%Cyv$gc49e5B1%_@I0822 z_CGRn-aW=~MDHEmIgEWK4{SmPv;xq2Q_ONN1o=pXMDW7oJxtjuzT5qUOn&G1bCw&L zq)9NplW?JRvFTRN!eV)8gaaUcdV0Q~9bP%VoR`$DF#!z-V0I}jW}xs|S;w}k(YWa- zcbpGN7xO4m>+-Kd{2 zMy+S$(nfX_TTvEDhRdD*44gMn_7P+1m+5JXSy^-%)jt>J>zaIQ^hYu}{%moYlU!n= zDX-Ys-W|9xgl6-*jQz~nK=%rhCw+)Qcp>$gQdUMr^T3`%TTGj?zpaguk&&F6Teaka zn%^Q|9z6PD@cBC!3*Ur~k82*%|8FYWRor#Yfy4$L)4c!?qWD#os3NrQGW=&5pGsLZ zBqT&q_Z-ZTK5U+vYWea26zG56TpuiVnC}UC@Rp2x^*8~GRfI%dP_X&N&ku!wJ9mdz zuPf~O#ft}@K|-_>8ibGkO09I@KYJm97UgVgZ0t7gYg4NuKpUL;(mr(fbl;Cw=8~Ls8A-M{sHE^9wismZe z{@+~qKeJuEa;dXrUJ>Cl7)hQHwqhWC{dxgJ;4TixJ4>9$!|CgqtrbSC)Sf!UR<1^M zC>}^yg^3)3m*cpSi|X?A{QTDlz~W@RYml;#tkDUBLZvCKeL({Wba0dBzt%Z>^L+em zv>V@^xs@k13G+oERHDJ*w#HBBKRi3K7%tcZa+-3hZI$GAszqAUwcZvf3k?Whig14Q zS61Sc?akC_&go=ALhuLtW3(|@r*z;P5#5l!d01=t_fj{S5a@C3Z;xIU zm8~o3ypfkZbwuttN_ZobS}aIy6Iy_C;iu6Ts}awQsTpN%@I z9XxJ>!H7YgfkjJ{I%pCe4ZK=l41rD-*5+onquikKBz|5{y0B_t6ZXdYMe$ZtTSMJe z(_FwUu-4vw&gxxQxEqnFFNH;abB(&1P@zm8E{;I}{Za9F)V^c2+~{Cwztuxv;kjw{|UUpqeR5Q;DKY zj(QI>B%(VY@bOE3uiofaxWD6A;9;E-((7nKiCf~owMz!^PFda9J~Tg3BKcnu5Dqk7 z=_2e{oJZV|8~&AkK$%s=`{Yx+Uwaw{K9yY4xBd=JQIPh9aS2luPerBPr+W`l{7>{4 zFtz__0sMn6GNt$2+?VA}x+Zb)7tch;36Sn7kr2u)c6Y;4Y_O><0=EFiPQVvrz*#^> z%Vr(4auj#N_u$@`)}005#u)Ts8(b$$N?5P4*zf(oehlsi^lHkOuc_Ls%mmm&sJW}e#NSCC6F{H3>=zIL%ND*!Wx%O^uU-I+qp<;kk7su_q z$g$>QCYhyktzm#gT*P#Os}>;4^Xy3lecs-Xd4wdd2`86>vBIwL2xdQKaZ$dg*&-m- zMN48Uu3ufX05@L}pFJmF=rlK5&y2|f-&|~J%8&16Kx?3)rw5W=kT1q$3vu3&>M$C^ zFtIG+qO8$Y1fhE!&QGQej*K@X$zG~{{0J&DNP!hJG!wcn#c?&I zL=3|1-F48plf4;xE5Y>17RKf7wVld>cyY(87wzklJ4MXq944DBo(~;Nb^k>}+YY+) zo3VLsd>|?(@SwdNYk~~>+@sS))Z?QQTwe3y3aHh?hdS7yj$mxrOv8HEm2&2-^@!YH zV#8cUToq`%0w;>~qK9}Bn8`}68+IqU*l{>}wKG#X*d<@K*eH|j%JE+qey1|x*snR2 zs5m*Hz)ei3{V;)Tf4tMF57?D9V?n)^-F~8U!s;^k()^~(lz#ItIN`=}(Kf8E^QUrt zl>}MDp%oeMzdIc^9t1i)5uTf#eyq@0YbmCw^Ony!QnW9K6BhhYD7?T^EWKRo`YU^I z{_Ai0#1FxYGfH)s^`R`E)$Y0uJuom5Tt;W8HQg?gaoUZie}jbLurzUM8)uM9$z@rMgaj= zB>DGM{Q5@llG0kokQTt~v6LP8ZC_3^Xlo)%%d+uBfP?q3r3N5xG_tXSjSNo!$f;#k zUxIgM0sT5pCb8@fw_F{Su0u)7e7`R7aACA&==96E@gcGjrF`!9ug;Xg28)>iB23)$ zn3nb*xues`jYn%ggTwcMFPQBiLcmUkVB8@8GCP@Ev)>J}J8Nw(FWD_;q@}q$wKV>m z06cd1fqV1&W<8zAmi1NQ5#3i7stxcy`KRb`SJy|buD_{&q;CuDE@51LGCI1tfTY@) zdfBeD3=SYxBC8u2{jPOYK%{qXe~ePlumQ%@p_9gq$~#Z(VW%%#kqUV**m z0_|5#jBX_gYf~771Z#6QFY3W-mk!y;vdA2a~>JDv{3&%Kr_?HW{;uVcoK`!6mo zvc@~pNVb|zhXuwu8dt?@k#wY8LL#?y9#aZSl%7Q9q0|rMx05m=pBy2Nu<VDAC6K(!nL|a!=CFAEJCOX9JMM1?r%esJZqsr|P%afi-^K_$5a+77Li^>hs#z z@*0RAs898!w74_)<=vcIltD8JdPPz!#_5@O|B%dl@=isPYGeLTL1N2DF>#}>#MtoC z`NrO!1uf=tYwIJ0OaVN#;Rb4{lUfY8RyV;*AkQg-i9gR88R?7D4=28&`n zlvt%J2CFrt4Vp!Tg$ql4vo$mzRn9GlFY_2ht)b5-3+F7x*VM32!(kKjSS|K%5h`vX zwu4+3;VbWW{3}frL#ozn+PKcjBC?Bl?;74jYL!oL2=Nl)gP3%!mi)S7La>lpL*RM_ zXt4sI?V%?8&&4x+j?*xz_S&2LmRq-xv_lVe>asSsVbQVS@rrMeqc!tz5SJdwB_!+( z*`01N4D*6!=@5%7tu8>7BJat%E9=Qj6FL4mmasP^*n|CR-s=lVH zXz0Ce5xtHrV{5V~9{dZ>J@zfcaPV)3y5F5+Ngy0ebvai|eXXPXDfJD#v*TTOh)0IK z-jgf@Ro`jd$M*F+ZnG;3VtugK?dC9UW*gD8A99<$wP$h z&s)YT?t8d?PQNj^JxrvlsiI7=F7#5eVMyyeQHQXzhx|%!^H44uP~zg(l1gmn_jZgp5J0 z%1T2p-L5hF`WDxDHkNq?a!rfTIZpKckxY8XHAjoH1Y_ProXp$gdU)694>s^7KgfL)*e zh%u>>K2_d%snTVY<FlVsqI4JNTE)|%30nAA zd0s@QJ7ke;HxdFlHfd~>LGJN@esp%LLN;fDZ~kLdr!ft;c#zKL&vVFaT{zrCtT^Ym zNpswoD3AFgUY{eX=5(i}5k2@G=u+C$#@)xadGkn`h#q-0GS4x-3>mfHf^G)`=gLiU zPtN|X?`2isdd9fndoQsu?&8_KU$IbDu2xdYO|=s%d0|TH z@s)_5`7vmcC^N4Z$u~$gHE}d|Q!M>*Iq?hyg58|S?s;W{lugo-#evNr8R{k`^~B{b46f?qpNrp!xN=4`l8xZdD}Z@RKX*j7|*v=E6l#W9npo zZW7KH8n7_EQF _('If checked then the user will not be able to delete entries of this account type.')), "264" => array ("Headline" => _('Custom label'), "Text" => _('Here you can overwrite the display name for this account type.')), + "265" => array ("Headline" => _('Read-only'), + "Text" => _('Sets this account type to read-only.')), // 300 - 399 // profile editor, file upload "301" => array ("Headline" => _("RDN identifier"), diff --git a/lam/lib/html.inc b/lam/lib/html.inc index 5a86b089..3691554f 100644 --- a/lam/lib/html.inc +++ b/lam/lib/html.inc @@ -1728,6 +1728,10 @@ class htmlInputCheckbox extends htmlElement { protected $tableRowsToShow = array(); /** indicates that this field should not automatically be saved in the self service or server profile */ private $transient = false; + /** list of input elements to enable when checked */ + protected $elementsToEnable = array(); + /** list of input elements to disable when checked */ + protected $elementsToDisable = array(); /** @@ -1776,7 +1780,6 @@ class htmlInputCheckbox extends htmlElement { $script = ''; if ((sizeof($this->tableRowsToShow) > 0) || (sizeof($this->tableRowsToHide) > 0)) { // build onChange listener - $onChange = ' onChange="'; $onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {'; for ($i = 0; $i < sizeof($this->tableRowsToShow); $i++) { $onChange .= 'jQuery(\'#' . $this->tableRowsToShow[$i] . '\').closest(\'tr\').removeClass(\'hidden\');'; @@ -1793,7 +1796,6 @@ class htmlInputCheckbox extends htmlElement { $onChange .= 'jQuery(\'#' . $this->tableRowsToHide[$i] . '\').closest(\'tr\').removeClass(\'hidden\');'; } $onChange .= '};'; - $onChange .= '"'; // build script to set initial state $script = ''; } + // build Java script to enable/disable elements + if ((sizeof($this->elementsToEnable) > 0) || (sizeof($this->elementsToDisable) > 0)) { + // build onChange listener + $onChange .= 'if (jQuery(\'#' . $this->name . ':checked\').val() !== undefined) {'; + for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) { + $onChange .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', false);'; + } + for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) { + $onChange .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', true);'; + } + $onChange .= '}'; + $onChange .= 'else {'; + for ($i = 0; $i < sizeof($this->elementsToEnable); $i++) { + $onChange .= 'jQuery(\'#' . $this->elementsToEnable[$i] . '\').prop(\'disabled\', true);'; + } + for ($i = 0; $i < sizeof($this->elementsToDisable); $i++) { + $onChange .= 'jQuery(\'#' . $this->elementsToDisable[$i] . '\').prop(\'disabled\', false);'; + } + $onChange .= '};'; + // build script to set initial state + $script = ''; + } + if (!empty($onChange)) { + $onChange = ' onChange="' . $onChange . '"'; + } echo ''; echo $script; if ($this->transient) { @@ -1868,6 +1910,26 @@ class htmlInputCheckbox extends htmlElement { $this->transient = $transient; } + /** + * This will disable the given input elements when the checkbox is checked. + * The given IDs can be of any input element (e.g. select, checkbox, ...). + * + * @param array $elements IDs of elements to disable + */ + public function setElementsToDisable($elements) { + $this->elementsToDisable = $elements; + } + + /** + * This will enable the given input elements when the checkbox is checked. + * The given IDs can be of any input element (e.g. select, checkbox, ...). + * + * @param array $elements IDs of elements to enable + */ + public function setElementsToEnable($elements) { + $this->elementsToEnable = $elements; + } + } /** diff --git a/lam/lib/lists.inc b/lam/lib/lists.inc index 06ab87f0..34328810 100644 --- a/lam/lib/lists.inc +++ b/lam/lib/lists.inc @@ -486,7 +486,7 @@ class lamList { $group->addElement($editLink); $toolCount++; // delete link - if (checkIfWriteAccessIsAllowed() && checkIfDeleteEntriesIsAllowed($this->type)) { + if (checkIfWriteAccessIsAllowed($this->type) && checkIfDeleteEntriesIsAllowed($this->type)) { $deleteLink = new htmlLink('', "deletelink.php?type=" . $this->type . "&DN='" . rawurlencode($account['dn']) . "'", '../../graphics/delete.png'); $deleteLink->setTitle(_("Delete")); $group->addElement($deleteLink); @@ -539,7 +539,7 @@ class lamList { protected function listDoPost() { // check if button was pressed and if we have to add/delete an account or call file upload if (isset($_POST['new']) || isset($_POST['del']) || isset($_POST['fileUpload'])){ - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->type)) { die(); } // add new account @@ -748,7 +748,7 @@ class lamList { $left = new htmlGroup(); // button part $left->alignment = htmlElement::ALIGN_LEFT; - if (checkIfWriteAccessIsAllowed()) { + if (checkIfWriteAccessIsAllowed($this->type)) { // add button if (checkIfNewEntriesAreAllowed($this->type)) { $newButton = new htmlButton('new', $this->labels['newEntry']); diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index 3100875a..cdcbe809 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -843,7 +843,7 @@ class accountContainer { exit; } // module actions - if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed()) { + if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed($this->type)) { $result = call_user_func(array(&$this->module[$this->order[$this->current_page]], 'process_'.$this->subpage)); if (is_array($result)) { // messages were returned, check for errors for ($i = 0; $i < sizeof($result); $i++) { @@ -965,7 +965,7 @@ class accountContainer { } echo '

'; echo "type."-bright\" border=0 width=\"100%\" style=\"border-collapse: collapse;\">\n"; - if (checkIfWriteAccessIsAllowed()) { + if (checkIfWriteAccessIsAllowed($this->type)) { echo "type."-bright\">\n"; @@ -1673,7 +1673,7 @@ class accountContainer { * @return array list of status messages */ function save_account() { - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->type)) { die(); } $this->finalDN = $this->dn_orig; diff --git a/lam/lib/modules/imapAccess.inc b/lam/lib/modules/imapAccess.inc index 6b7f871a..1f58fef5 100644 --- a/lam/lib/modules/imapAccess.inc +++ b/lam/lib/modules/imapAccess.inc @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2010 - 2011 Pavel Pozdniak - 2010 - 2013 Roland Gruber + 2010 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -188,7 +188,7 @@ class imapAccess extends baseModule { */ function display_html_attributes() { $return = new htmlTable(); - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->get_scope())) { return $return; } $prefix = $this->getMailboxPrefix(); @@ -335,7 +335,7 @@ class imapAccess extends baseModule { */ function process_attributes() { $errors = array(); - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->get_scope())) { return $errors; } $prefix = $this->getMailboxPrefix(); diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc index 02b0be0c..7eb1a5e0 100644 --- a/lam/lib/modules/inetOrgPerson.inc +++ b/lam/lib/modules/inetOrgPerson.inc @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2005 - 2013 Roland Gruber + 2005 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1672,7 +1672,7 @@ class inetOrgPerson extends baseModule implements passwordService { } } // password buttons - if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed() && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) { + if (!in_array('posixAccount', $modules) && checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes['userPassword'][0]) && !$this->isAdminReadOnly('userPassword')) { $fieldContainer->addElement(new htmlSubTitle(_('Password')), true); $pwdContainer = new htmlTable(); if (pwd_is_enabled($this->attributes['userPassword'][0])) { @@ -2516,7 +2516,7 @@ class inetOrgPerson extends baseModule implements passwordService { *
) */ function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) { - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->get_scope())) { die(); } // mail sending is LAM Pro only diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc index de6fc757..762739d4 100644 --- a/lam/lib/modules/posixAccount.inc +++ b/lam/lib/modules/posixAccount.inc @@ -1429,7 +1429,7 @@ class posixAccount extends baseModule implements passwordService { $return->addElement(new htmlTableExtendedSelect('loginShell', $shelllist, $selectedShell, _('Login shell'), 'loginShell'), true); } // password buttons - if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->getPasswordAttrName()][0])) { + if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->getPasswordAttrName()][0])) { $return->addElement(new htmlOutputText(_('Password'))); $pwdContainer = new htmlTable(); if (pwd_is_enabled($this->attributes[$this->getPasswordAttrName()][0])) { @@ -2172,7 +2172,7 @@ class posixAccount extends baseModule implements passwordService { *
) */ function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) { - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->get_scope())) { die(); } // on first call generate list of ldap operations diff --git a/lam/lib/modules/posixGroup.inc b/lam/lib/modules/posixGroup.inc index d7fa1637..4c0d6a27 100644 --- a/lam/lib/modules/posixGroup.inc +++ b/lam/lib/modules/posixGroup.inc @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2007 - 2013 Roland Gruber + 2007 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -201,7 +201,7 @@ class posixGroup extends baseModule implements passwordService { $return->addElement(new htmlTableExtendedInputField(_('Description'), 'description', $description, 'description'), true); } // password buttons - if (checkIfWriteAccessIsAllowed() && isset($this->attributes[$this->passwordAttrName][0])) { + if (checkIfWriteAccessIsAllowed($this->get_scope()) && isset($this->attributes[$this->passwordAttrName][0])) { $return->addElement(new htmlOutputText(_('Password'))); $pwdContainer = new htmlTable(); if (pwd_is_enabled($this->attributes[$this->passwordAttrName][0])) { diff --git a/lam/lib/modules/windowsUser.inc b/lam/lib/modules/windowsUser.inc index ebb2a160..a9e539d7 100644 --- a/lam/lib/modules/windowsUser.inc +++ b/lam/lib/modules/windowsUser.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2013 Roland Gruber + Copyright (C) 2013 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1427,7 +1427,7 @@ class windowsUser extends baseModule implements passwordService { *
) */ function doUploadPostActions(&$data, $ids, $failed, &$temp, &$accounts) { - if (!checkIfWriteAccessIsAllowed()) { + if (!checkIfWriteAccessIsAllowed($this->get_scope())) { die(); } // on first call generate list of ldap operations diff --git a/lam/lib/security.inc b/lam/lib/security.inc index 8ee5ea5e..904db586 100644 --- a/lam/lib/security.inc +++ b/lam/lib/security.inc @@ -236,14 +236,22 @@ function logNewMessage($level, $message) { /** * Checks if write access to LDAP is allowed. * + * @param String $scope account type (e.g. user) * @return boolean true, if allowed */ -function checkIfWriteAccessIsAllowed() { +function checkIfWriteAccessIsAllowed($scope = null) { if (!isset($_SESSION['config'])) { return false; } if ($_SESSION['config']->getAccessLevel() >= LAMConfig::ACCESS_ALL) { - return true; + $typeSettings = $_SESSION['config']->get_typeSettings(); + if ($scope == null) { + return true; + } + elseif (!isset($typeSettings['readOnly_' . $scope]) || !$typeSettings['readOnly_' . $scope]) { + // check if write for this type is allowed + return true; + } } return false; } diff --git a/lam/lib/types/dhcp.inc b/lam/lib/types/dhcp.inc index ac807d05..c3f30ad1 100644 --- a/lam/lib/types/dhcp.inc +++ b/lam/lib/types/dhcp.inc @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2008 Thomas Manninger - 2009 - 2013 Roland Gruber + 2009 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -244,7 +244,7 @@ class lamDHCPList extends lamList { * @param htmlGroup $right right part */ protected function addExtraInputElementsToTopArea(&$left, &$right) { - if (checkIfWriteAccessIsAllowed()) { + if (checkIfWriteAccessIsAllowed($this->type)) { $left->addElement(new htmlSpacer('20px', null)); $dhcpButton = new htmlButton('dhcpDefaults', $this->labels['dhcpDefaults']); $dhcpButton->setIconClass('settingsButton'); diff --git a/lam/lib/types/user.inc b/lam/lib/types/user.inc index f291e53a..29d6f382 100644 --- a/lam/lib/types/user.inc +++ b/lam/lib/types/user.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2005 - 2013 Roland Gruber + Copyright (C) 2005 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -293,13 +293,13 @@ class user extends baseType { } $statusTable .= '
\n"; $this->printCommonControls($tabindex); echo "
'; $tipContent = $statusTable; - if (checkIfWriteAccessIsAllowed()) { + if (checkIfWriteAccessIsAllowed('user')) { $tipContent .= '
"hint" '; $tipContent .= _('Please click to lock/unlock this account.'); } $dialogDiv = $this->buildAccountStatusDialogDiv($unixAvailable, $unixLocked, $sambaAvailable, $sambaLocked, $ppolicyAvailable, $ppolicyLocked, $windowsAvailable, $windowsLocked); $onClick = ''; - if (checkIfWriteAccessIsAllowed()) { + if (checkIfWriteAccessIsAllowed('user')) { $onClick = 'onclick="showConfirmationDialog(\'' . _('Change account status') . '\', \'' . _('Ok') . '\', \'' . _('Cancel') . '\', \'lam_accountStatusDialog\', \'inputForm\', \'lam_accountStatusResult\');"'; } return $dialogDiv . 'status   '; @@ -664,7 +664,7 @@ class lamUserList extends lamList { * @return lamListTool[] tools */ protected function getAdditionalTools() { - if (isLAMProVersion() && checkIfPasswordChangeIsAllowed()) { + if (isLAMProVersion() && checkIfPasswordChangeIsAllowed() && checkIfWriteAccessIsAllowed('user')) { $passwordTool = new lamListTool(_('Change password'), 'key.png', 'changePassword.php'); return array($passwordTool); } diff --git a/lam/templates/config/conftypes.php b/lam/templates/config/conftypes.php index 1d0a321b..ea10b7b9 100644 --- a/lam/templates/config/conftypes.php +++ b/lam/templates/config/conftypes.php @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2004 - 2013 Roland Gruber + Copyright (C) 2004 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -280,7 +280,18 @@ if (sizeof($activeTypes) > 0) { if (isset($typeSettings['hidden_' . $activeTypes[$i]])) { $hidden = $typeSettings['hidden_' . $activeTypes[$i]]; } - $advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261'), true); + $advancedOptionsContent->addElement(new htmlTableExtendedInputCheckbox('hidden_' . $activeTypes[$i], $hidden, _('Hidden'), '261')); + if (isLAMProVersion() && ($conf->getAccessLevel() == LAMConfig::ACCESS_ALL)) { + $advancedOptionsContent->addElement(new htmlSpacer('20px', null)); + $isReadOnly = false; + if (isset($typeSettings['readOnly_' . $activeTypes[$i]])) { + $isReadOnly = $typeSettings['readOnly_' . $activeTypes[$i]]; + } + $readOnly = new htmlTableExtendedInputCheckbox('readOnly_' . $activeTypes[$i], $isReadOnly, _('Read-only'), '265'); + $readOnly->setElementsToDisable(array('hideNewButton_' . $activeTypes[$i], 'hideDeleteButton_' . $activeTypes[$i])); + $advancedOptionsContent->addElement($readOnly); + } + $advancedOptionsContent->addNewLine(); // custom label $customLabel = ''; if (isset($typeSettings['customLabel_' . $activeTypes[$i]])) { @@ -403,6 +414,9 @@ function checkInput() { // set if deletion of entries is allowed $key = "hideDeleteButton_" . $accountTypes[$i]; $typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on')); + // set if account type is read-only + $key = "readOnly_" . $accountTypes[$i]; + $typeSettings[$key] = (isset($_POST[$key]) && ($_POST[$key] == 'on')); } } // save input diff --git a/lam/templates/delete.php b/lam/templates/delete.php index 19944979..0018a41e 100644 --- a/lam/templates/delete.php +++ b/lam/templates/delete.php @@ -72,7 +72,7 @@ if (isset($_GET['type']) && isset($_SESSION['delete_dn'])) { logNewMessage(LOG_ERR, 'Invalid type: ' . $_GET['type']); die(); } - if (!checkIfDeleteEntriesIsAllowed($_GET['type'])) { + if (!checkIfDeleteEntriesIsAllowed($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) { logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_GET['type']); die(); } @@ -142,7 +142,7 @@ elseif (isset($_POST['cancelAllOk'])) { } if (isset($_POST['delete'])) { - if (!checkIfDeleteEntriesIsAllowed($_POST['type'])) { + if (!checkIfDeleteEntriesIsAllowed($_POST['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) { logNewMessage(LOG_ERR, 'User tried to delete entries of forbidden type '. $_POST['type']); die(); } diff --git a/lam/templates/massBuildAccounts.php b/lam/templates/massBuildAccounts.php index 7f1e5ee8..7474be3d 100644 --- a/lam/templates/massBuildAccounts.php +++ b/lam/templates/massBuildAccounts.php @@ -97,7 +97,7 @@ if (isAccountTypeHidden($scope)) { logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope); die(); } -if (!checkIfNewEntriesAreAllowed($scope)) { +if (!checkIfNewEntriesAreAllowed($scope) || !checkIfWriteAccessIsAllowed($scope)) { logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope); die(); } diff --git a/lam/templates/massDoUpload.php b/lam/templates/massDoUpload.php index b398165e..89f1477e 100644 --- a/lam/templates/massDoUpload.php +++ b/lam/templates/massDoUpload.php @@ -68,7 +68,7 @@ if (isAccountTypeHidden($scope)) { logNewMessage(LOG_ERR, 'User tried to access hidden upload: ' . $scope); die(); } -if (!checkIfNewEntriesAreAllowed($scope)) { +if (!checkIfNewEntriesAreAllowed($scope) || !checkIfWriteAccessIsAllowed($scope)) { logNewMessage(LOG_ERR, 'User tried to access forbidden upload: ' . $scope); die(); } diff --git a/lam/templates/masscreate.php b/lam/templates/masscreate.php index c674b6ea..fd0c575e 100644 --- a/lam/templates/masscreate.php +++ b/lam/templates/masscreate.php @@ -81,7 +81,8 @@ $types = $_SESSION['config']->get_ActiveTypes(); $count = sizeof($types); for ($i = 0; $i < $count; $i++) { $myType = new $types[$i](); - if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) || !checkIfNewEntriesAreAllowed($types[$i])) { + if (!$myType->supportsFileUpload() || isAccountTypeHidden($types[$i]) + || !checkIfNewEntriesAreAllowed($types[$i]) || !checkIfWriteAccessIsAllowed($types[$i])) { unset($types[$i]); } } @@ -145,7 +146,7 @@ $selectedType = array(); if (isset($_REQUEST['type'])) { $selectedType[] = $_REQUEST['type']; } -else { +elseif (!empty($types)) { $selectedType[] = $types[0]; } $typeSelect = new htmlTableExtendedSelect('type', $typeList, $selectedType, _("Account type")); @@ -206,7 +207,9 @@ $table->addElement($moduleGroup, true); // ok button $table->addElement(new htmlSpacer(null, '20px'), true); -$table->addElement(new htmlButton('submit', _('Ok')), true); +if (!empty($types)) { + $table->addElement(new htmlButton('submit', _('Ok')), true); +} parseHtml(null, $table, array(), false, $tabindex, 'user'); ?> diff --git a/lam/templates/ou_edit.php b/lam/templates/ou_edit.php index 5a23ca6a..a973c1d5 100644 --- a/lam/templates/ou_edit.php +++ b/lam/templates/ou_edit.php @@ -164,7 +164,7 @@ function display_main($message, $error) { $types = array(); $typeList = $_SESSION['config']->get_ActiveTypes(); for ($i = 0; $i < sizeof($typeList); $i++) { - if (isAccountTypeHidden($typeList[$i])) { + if (isAccountTypeHidden($typeList[$i]) || !checkIfWriteAccessIsAllowed($typeList[$i])) { continue; } $types[$typeList[$i]] = getTypeAlias($typeList[$i]); @@ -179,31 +179,34 @@ function display_main($message, $error) { } $options[$title] = $elements; } - // new OU - $container->addElement(new htmlOutputText(_("New organisational unit"))); - $parentOUSelect = new htmlSelect('parentOU', $options, array()); - $parentOUSelect->setContainsOptgroups(true); - $parentOUSelect->setHasDescriptiveElements(true); - $parentOUSelect->setRightToLeftTextDirection(true); - $parentOUSelect->setSortElements(false); - $container->addElement($parentOUSelect); - $container->addElement(new htmlInputField('newOU')); - $container->addElement(new htmlButton('createOU', _("Ok"))); - $container->addElement(new htmlHelpLink('601'), true); - $container->addElement(new htmlSpacer(null, '10px'), true); - - // delete OU - $container->addElement(new htmlOutputText(_("Delete organisational unit"))); - $deleteableOUSelect = new htmlSelect('deleteableOU', $options, array()); - $deleteableOUSelect->setContainsOptgroups(true); - $deleteableOUSelect->setHasDescriptiveElements(true); - $deleteableOUSelect->setRightToLeftTextDirection(true); - $deleteableOUSelect->setSortElements(false); - $container->addElement($deleteableOUSelect); - $container->addElement(new htmlOutputText('')); - $container->addElement(new htmlButton('deleteOU', _("Ok"))); - $container->addElement(new htmlHelpLink('602'), true); + if (!empty($options)) { + // new OU + $container->addElement(new htmlOutputText(_("New organisational unit"))); + $parentOUSelect = new htmlSelect('parentOU', $options, array()); + $parentOUSelect->setContainsOptgroups(true); + $parentOUSelect->setHasDescriptiveElements(true); + $parentOUSelect->setRightToLeftTextDirection(true); + $parentOUSelect->setSortElements(false); + $container->addElement($parentOUSelect); + $container->addElement(new htmlInputField('newOU')); + $container->addElement(new htmlButton('createOU', _("Ok"))); + $container->addElement(new htmlHelpLink('601'), true); + + $container->addElement(new htmlSpacer(null, '10px'), true); + + // delete OU + $container->addElement(new htmlOutputText(_("Delete organisational unit"))); + $deleteableOUSelect = new htmlSelect('deleteableOU', $options, array()); + $deleteableOUSelect->setContainsOptgroups(true); + $deleteableOUSelect->setHasDescriptiveElements(true); + $deleteableOUSelect->setRightToLeftTextDirection(true); + $deleteableOUSelect->setSortElements(false); + $container->addElement($deleteableOUSelect); + $container->addElement(new htmlOutputText('')); + $container->addElement(new htmlButton('deleteOU', _("Ok"))); + $container->addElement(new htmlHelpLink('602'), true); + } parseHtml(null, $container, array(), false, $tabindex, 'user'); echo ("\n"); diff --git a/lam/templates/pdfedit/pdfmain.php b/lam/templates/pdfedit/pdfmain.php index 924ef8b1..ee9084f7 100644 --- a/lam/templates/pdfedit/pdfmain.php +++ b/lam/templates/pdfedit/pdfmain.php @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Michael Duergner - 2005 - 2013 Roland Gruber + 2005 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -73,7 +73,7 @@ if(isset($_POST['createNewTemplate'])) { $scopes = $_SESSION['config']->get_ActiveTypes(); $sortedScopes = array(); for ($i = 0; $i < sizeof($scopes); $i++) { - if (isAccountTypeHidden($scopes[$i])) { + if (isAccountTypeHidden($scopes[$i]) || !checkIfWriteAccessIsAllowed($scopes[$i])) { continue; } $sortedScopes[$scopes[$i]] = getTypeAlias($scopes[$i]); @@ -171,16 +171,18 @@ include '../main_header.php'; } // new template - $container->addElement(new htmlSubTitle(_('Create a new PDF structure')), true); - $newPDFContainer = new htmlTable(); - $newScopeSelect = new htmlSelect('scope', $availableScopes); - $newScopeSelect->setHasDescriptiveElements(true); - $newScopeSelect->setWidth('15em'); - $newPDFContainer->addElement($newScopeSelect); - $newPDFContainer->addElement(new htmlSpacer('10px', null)); - $newPDFContainer->addElement(new htmlButton('createNewTemplate', _('Create'))); - $container->addElement($newPDFContainer, true); - $container->addElement(new htmlSpacer(null, '10px'), true); + if (!empty($availableScopes)) { + $container->addElement(new htmlSubTitle(_('Create a new PDF structure')), true); + $newPDFContainer = new htmlTable(); + $newScopeSelect = new htmlSelect('scope', $availableScopes); + $newScopeSelect->setHasDescriptiveElements(true); + $newScopeSelect->setWidth('15em'); + $newPDFContainer->addElement($newScopeSelect); + $newPDFContainer->addElement(new htmlSpacer('10px', null)); + $newPDFContainer->addElement(new htmlButton('createNewTemplate', _('Create'))); + $container->addElement($newPDFContainer, true); + $container->addElement(new htmlSpacer(null, '10px'), true); + } // existing templates $configProfiles = getConfigProfiles(); diff --git a/lam/templates/pdfedit/pdfpage.php b/lam/templates/pdfedit/pdfpage.php index eaf77423..4f6f0a92 100644 --- a/lam/templates/pdfedit/pdfpage.php +++ b/lam/templates/pdfedit/pdfpage.php @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Michael Duergner - 2007 - 2013 Roland Gruber + 2007 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -69,7 +69,7 @@ if(isset($_POST['type'])) { } } -if (isAccountTypeHidden($_GET['type'])) { +if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) { logNewMessage(LOG_ERR, 'User tried to access hidden PDF structure: ' . $_GET['type']); die(); } diff --git a/lam/templates/profedit/profilemain.php b/lam/templates/profedit/profilemain.php index a0141a5c4..a1f06fe9 100644 --- a/lam/templates/profedit/profilemain.php +++ b/lam/templates/profedit/profilemain.php @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2012 Roland Gruber + Copyright (C) 2003 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -51,7 +51,7 @@ $types = $_SESSION['config']->get_ActiveTypes(); $profileClasses = array(); $profileClassesTemp = array(); for ($i = 0; $i < sizeof($types); $i++) { - if (isAccountTypeHidden($types[$i])) { + if (isAccountTypeHidden($types[$i]) || !checkIfWriteAccessIsAllowed($types[$i])) { continue; } $profileClassesTemp[getTypeAlias($types[$i])] = array( @@ -152,20 +152,22 @@ if (isset($_GET['savedSuccessfully'])) { } // new profile -$container->addElement(new htmlSubTitle(_('Create a new profile')), true); -$sortedTypes = array(); -for ($i = 0; $i < sizeof($profileClasses); $i++) { - $sortedTypes[$profileClasses[$i]['title']] = $profileClasses[$i]['scope']; +if (!empty($profileClasses)) { + $container->addElement(new htmlSubTitle(_('Create a new profile')), true); + $sortedTypes = array(); + for ($i = 0; $i < sizeof($profileClasses); $i++) { + $sortedTypes[$profileClasses[$i]['title']] = $profileClasses[$i]['scope']; + } + natcasesort($sortedTypes); + $newContainer = new htmlTable(); + $newProfileSelect = new htmlSelect('createProfile', $sortedTypes); + $newProfileSelect->setHasDescriptiveElements(true); + $newProfileSelect->setWidth('15em'); + $newContainer->addElement($newProfileSelect); + $newContainer->addElement(new htmlSpacer('10px', null)); + $newContainer->addElement(new htmlButton('createProfileButton', _('Create')), true); + $container->addElement($newContainer, true); } -natcasesort($sortedTypes); -$newContainer = new htmlTable(); -$newProfileSelect = new htmlSelect('createProfile', $sortedTypes); -$newProfileSelect->setHasDescriptiveElements(true); -$newProfileSelect->setWidth('15em'); -$newContainer->addElement($newProfileSelect); -$newContainer->addElement(new htmlSpacer('10px', null)); -$newContainer->addElement(new htmlButton('createProfileButton', _('Create')), true); -$container->addElement($newContainer, true); $container->addElement(new htmlSpacer(null, '10px'), true); diff --git a/lam/templates/profedit/profilepage.php b/lam/templates/profedit/profilepage.php index f9d1bfd3..e039a010 100644 --- a/lam/templates/profedit/profilepage.php +++ b/lam/templates/profedit/profilepage.php @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2012 Roland Gruber + Copyright (C) 2003 - 2014 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -61,7 +61,7 @@ if (!$_SESSION['ldap'] || !$_SESSION['ldap']->server()) { if (isset($_POST['profname'])) $_GET['edit'] = $_POST['profname']; if (isset($_POST['accounttype'])) $_GET['type'] = $_POST['accounttype']; -if (isAccountTypeHidden($_GET['type'])) { +if (isAccountTypeHidden($_GET['type']) || !checkIfWriteAccessIsAllowed($_GET['type'])) { logNewMessage(LOG_ERR, 'User tried to access hidden account type profile: ' . $_GET['type']); die(); }