Updated ACLs

[gosa.git] / gosa-core / include / class_userinfo.inc

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index f972e99628a9f331570649c9b266154ccb9e046b..bcff8c8360da076be418a7c04a057d5195278b50 100644 (file)
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -177,7 +177,7 @@ class userinfo
             }
 
             /* Wildcard? */
-            if (preg_match('/^\*/',  $grp)){
+            if (preg_match('/^G:\*/',  $grp)){
               $interresting= TRUE;
             }
           }
@@ -258,7 +258,7 @@ class userinfo
 
   function get_category_permissions($dn, $category, $any_acl = FALSE)
   {
-    return(@$this->get_permissions($dn,$category.'/0',""));
+    return($this->get_permissions($dn,$category.'/0',""));
   }
 
   
@@ -359,6 +359,27 @@ class userinfo
       return($ret);
     }
 
+    /* Check for correct category and class values... */
+    if(strpos($object,'/') !== FALSE){
+      list($aclCategory, $aclClass) = split("/", $object);
+    }else{
+      $aclCategory = $object;
+    }
+    if(!isset($this->ocMapping[$aclCategory])){
+      trigger_error("Invalid ACL category '".$aclCategory."'! ({$object})");
+      return("");
+    }elseif(isset($aclClass) && !in_array($aclClass, $this->ocMapping[$aclCategory])){
+      trigger_error("Invalid ACL class '".$aclClass."'! ({$object})");
+      return("");
+    }
+    if(isset($aclClass) &&class_available($aclClass)){
+      $plInfo = call_user_func(array($aclClass, 'plInfo'));
+      if(!empty($attribute) && !isset($plInfo['plProvidedAcls'][$attribute])){
+        trigger_error("Invalid ACL attribute '".$attribute."'! ({$object})");
+        return("");
+      }
+    }
+
     /* Detect the set of ACLs we have to check for this object 
      */
     $adn = $dn;