[tokkee]

tokkee.org

Code

projects / gosa.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Updated integrated smarty to 2.6.22
[gosa.git] / gosa-core / include / class_userinfo.inc
diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index bec139e58cc9afc352cedd4e0356893e5da3a590..1966462bf8b04b64b64935de471452f11860a6ca 100644 (file)
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -80,7 +80,7 @@ class userinfo
   public function reset_acl_cache()
   {
     /* Initialize ACL_CACHE */
-    session::set('ACL_CACHE',array());
+    session::global_set('ACL_CACHE',array());
   }
 
   function loadACL()
@@ -196,8 +196,9 @@ class userinfo
     $without_self_acl = $all_acl = array();
     foreach($this->ACL as $dn => $acl){
       $sdn =$dn;
-      while(strpos($dn,",") !== FALSE){
-
+      $first= TRUE; // Run at least once 
+      while(strpos($dn,",") !== FALSE || $first){
+        $first = FALSE;
         if(isset($this->ACL[$dn])){
           $all_acl[$sdn][$dn] = $this->ACL[$dn];
           $without_self_acl[$sdn][$dn] = $this->ACL[$dn]; 
@@ -328,11 +329,11 @@ class userinfo
     }
 
     /* Push cache answer? */
-    $ACL_CACHE = &session::get('ACL_CACHE');
+    $ACL_CACHE = &session::global_get('ACL_CACHE');
     if (isset($ACL_CACHE["$dn+$object+$attribute"])){
       $ret = $ACL_CACHE["$dn+$object+$attribute"];
       if($skip_write){
-        $ret = str_replace('w', '',$ret);
+        $ret = str_replace(array('w','c','d','m'), '',$ret);
       }
       return($ret);
     }
@@ -422,7 +423,7 @@ class userinfo
 
           /* Self ACLs? 
            */
-          if($dn != $this->dn && isset($subacl['acl'][$object][0]) && strpos($subacl['acl'][$object][0],"s")){
+          if($dn != $this->dn && isset($subacl['acl'][$object][0]) && (strpos($subacl['acl'][$object][0],"s") !== FALSE)){
             continue;
           }
 
@@ -466,6 +467,9 @@ class userinfo
               if($attribute == ""){    
                 foreach($this->ocMapping[$ocs] as $oc){
                   if (isset($subacl['acl'][$ocs.'/'.$oc])){
+
+                    if($dn != $this->dn && strpos($subacl['acl'][$ocs.'/'.$oc][0],"s") !== FALSE) continue;
+
                     foreach($subacl['acl'][$ocs.'/'.$oc] as $attr => $dummy){
                       $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$ocs.'/'.$oc][$attr]);
                     }
@@ -474,6 +478,7 @@ class userinfo
                 }
               }else{
                 if(isset($subacl['acl'][$ocs.'/'.$oc][0])){
+                  if($dn != $this->dn && strpos($subacl['acl'][$ocs.'/'.$oc][0],"s") !== FALSE) continue;
                   $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$ocs.'/'.$oc][0]);
                 }
               }
@@ -504,7 +509,7 @@ class userinfo
 
     /* Remove write if needed */
     if ($skip_write){
-      $ret= str_replace('w', '', $ret);
+      $ret = str_replace(array('w','c','d','m'), '',$ret);
     }
     return ($ret);
   }
@@ -522,7 +527,7 @@ class userinfo
     }
 
     /* Use cached results if possilbe */
-    $ACL_CACHE = &session::get('ACL_CACHE');
+    $ACL_CACHE = &session::global_get('ACL_CACHE');
 
     if(!is_array($module)){
       $module = array($module);
@@ -545,7 +550,7 @@ class userinfo
           foreach($info['acl'] as $cat => $data){
 
             /* Skip self acls? */
-            if($skip_self_acls && isset($data['0']) && strpos($data['0'], "s")) continue;
+            if($skip_self_acls && isset($data['0']) && (strpos($data['0'], "s") !== FALSE)) continue;
             if(preg_match("/^".preg_quote($mod, '/')."/",$cat)){
               $found =TRUE;
               break;
@@ -557,7 +562,7 @@ class userinfo
               $dn = preg_replace("/^[^,]+,/","",$dn);
             }
             if(isset($this->config->idepartments[$dn])){
-              $deps[] = $dn;
+              $deps[$dn] = $dn;
             }
           }
         }
@@ -565,7 +570,7 @@ class userinfo
 
       /* For all gosaDepartments */
       foreach ($this->config->departments as $dn){
-        if(in_array($dn,$deps)) continue;
+        if(isset($deps[$dn])) continue;
         $acl = "";
         if(strpos($mod, '/')){
           $acl.=  $this->get_permissions($dn,$mod);
@@ -573,14 +578,15 @@ class userinfo
           $acl.=  $this->get_category_permissions($dn,$mod,TRUE);
         }
         if(!empty($acl)) {
-          $deps[] = $dn;
+          $deps[$dn] = $dn;
         }
       }
 
       $ACL_CACHE['MODULE_DEPARTMENTS'][$mod] = $deps;
       $res = array_merge($res,$deps);
-    } 
-    return ($res);
+    }
+
+    return (array_values($res));
   }
 
 
@@ -597,6 +603,11 @@ class userinfo
 
     foreach(str_split($newACL) as $char){
 
+      /* Skip "self" ACLs without combination of rwcdm, they have no effect.
+         -self flag without read/write/create/...
+       */
+      if(empty($char)) continue;
+
       /* Skip permanent and subtree entries */
       if (preg_match('/[sp]/', $acl[$char])){
         continue;
GONICUS system administrator (SVN clone)