Updated image

[gosa.git] / gosa-core / include / class_userinfo.inc

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index 80c0440f1f5e31264db102d2dbae97d3c72c9193..c1c49ac40ddbb516ffd1e4960795dfe68ff8d0a4 100644 (file)
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -448,12 +448,6 @@ class userinfo
         /* Inspect this ACL, place the result into ACL */
         foreach ($ACL[$cpath] as $subacl){
 
-          /* Reset? Just clean the ACL and turn over to the next one... */
-          if ($subacl['type'] == 'reset'){
-            $acl= $this->cleanACL($acl, TRUE);
-            continue;
-          }
-
           if($subacl['type'] == "role") {
             echo "role skipped";
             continue;
@@ -470,6 +464,12 @@ class userinfo
             }
           }
 
+          /* Reset? Just clean the ACL and turn over to the next one... */
+          if ($subacl['type'] == 'reset'){
+            $acl= $this->cleanACL($acl, TRUE);
+            continue;
+          }
+
           /* Self ACLs? 
            */
           if($dn != $this->dn && isset($subacl['acl'][$object][0]) && (strpos($subacl['acl'][$object][0],"s") !== FALSE)){
@@ -517,7 +517,10 @@ class userinfo
                 foreach($this->ocMapping[$ocs] as $oc){
                   if (isset($subacl['acl'][$ocs.'/'.$oc])){
 
-                    if($dn != $this->dn && strpos($subacl['acl'][$ocs.'/'.$oc][0],"s") !== FALSE) continue;
+                      // Skip ACLs wich are defined for ourselfs only - if not checking against ($ui->dn)
+                      if(isset($subacl['acl'][$ocs.'/'.$oc][0]) && 
+                              $dn != $this->dn && 
+                              strpos($subacl['acl'][$ocs.'/'.$oc][0],"s") !== FALSE) continue;
 
                     foreach($subacl['acl'][$ocs.'/'.$oc] as $attr => $dummy){
                       $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$ocs.'/'.$oc][$attr]);