Updated department handling for the rootDSE entry.

[gosa.git] / gosa-core / include / class_userinfo.inc

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index 68df16329fc379e91c59f7e48d215c1d9feda283..4045821ba85e0d5311ce31f6360678db2e522c6c 100644 (file)
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -368,7 +368,9 @@ class userinfo
             continue;
           }
 
-          /* If attribute is "", we want to know, if we've *any* permissions here... */
+          /* If attribute is "", we want to know, if we've *any* permissions here... 
+              Merge global class ACLs [0] with attributes specific ACLs [attribute].
+           */
           if ($attribute == "" && isset($subacl['acl'][$object])){
             foreach($subacl['acl'][$object] as $attr => $dummy){
               $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]);
@@ -424,7 +426,7 @@ class userinfo
 
   /* Extract all departments that are accessible (direct or 'on the way' to an
      accessible department) */
-  function get_module_departments($module)
+  function get_module_departments($module, $skip_self_acls = FALSE )
   {
     
     /* If we are forced to skip ACLs checks for the current user 
@@ -472,6 +474,10 @@ class userinfo
       foreach($infos as $info){
         $found = FALSE;
         foreach($info['acl'] as $cat => $data){
+
+          /* Skip self acls? */
+          if($skip_self_acls && isset($data['0']) && preg_match("//s",$data['0'])) continue;
+
           if(is_array($module)){
             foreach($module as $mod){
               if(preg_match("/^".normalizePreg($mod)."/",$cat)){
@@ -506,7 +512,7 @@ class userinfo
       $acl = "";
       foreach($module as $mod){
         if(preg_match("/\//",$mod)){
-          $acl.=  $this->get_permissions($dn,$mod,"0");
+          $acl.=  $this->get_permissions($dn,$mod);
         }else{
           $acl.=  $this->get_category_permissions($dn,$mod);
         }