X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_acl.inc;h=c79a7f2876dd4fa1344e67d1abbfa47127236b95;hb=534bedd511854e012e6453f3c1a97e947fdbd139;hp=ce577b39d0d2bc1f573b3dde8a24477d11333fb7;hpb=aa89f24a74bb13b3739abde5b0b4d31534172b75;p=gosa.git

diff --git a/gosa-core/include/class_acl.inc b/gosa-core/include/class_acl.inc
index ce577b39d..c79a7f287 100644
--- a/gosa-core/include/class_acl.inc
+++ b/gosa-core/include/class_acl.inc
@@ -20,6 +20,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+/*! \brief ACL management plugin */ 
 class acl extends plugin
 {
   /* Definitions */
@@ -116,6 +117,7 @@ class acl extends plugin
       }
       $this->groups['G:'.$attrs['dn']]= $attrs['cn'][0].' ['.$dsc.']';
     }
+    $this->groups['G:*']= _("All users");
     ksort($this->groups);
 
     /* Roles */
@@ -270,17 +272,17 @@ class acl extends plugin
     foreach($_POST as $name => $post){
 
       /* Actions... */
-      if (preg_match('/^acl_edit_.*_x/', $name)){
+      if (preg_match('/^acl_edit_[0-9]*$/', $name)){
         $this->dialogState= 'create';
         $firstedit= TRUE;
         $this->dialog= TRUE;
-        $this->currentIndex= preg_replace('/^acl_edit_([0-9]+).*$/', '\1', $name);
+        $this->currentIndex= preg_replace('/^acl_edit_([0-9]*)$/', '\1', $name);
         $this->loadAclEntry();
         continue;
       }
 
-      if (preg_match('/^cat_edit_.*_x/', $name)){
-        $this->aclObject= preg_replace('/^cat_edit_([^_]+)_.*$/', '\1', $name);
+      if (preg_match('/^cat_edit_.*$/', $name)){
+        $this->aclObject= preg_replace('/^cat_edit_(.*)$/', '\1', $name);
         $this->dialogState= 'edit';
         foreach ($this->ocMapping[$this->aclObject] as $oc){
           if (isset($this->aclContents[$oc])){
@@ -295,22 +297,25 @@ class acl extends plugin
         continue;
       }
 
-      if (preg_match('/^acl_del_.*_x/', $name)){
-        unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]+).*$/', '\1', $name)]);
+      if (preg_match('/^acl_del_[0-9]*$/', $name)){
+        unset($this->gosaAclEntry[preg_replace('/^acl_del_([0-9]*)$/', '\1', $name)]);
         continue;
       }
 
-      if (preg_match('/^cat_del_.*_x/', $name)){
-        $idx= preg_replace('/^cat_del_([^_]+)_.*$/', '\1', $name);
+      if (preg_match('/^cat_del_.*$/', $name)){
+        $idx= preg_replace('/^cat_del_(.*)$/', '\1', $name);
         foreach ($this->ocMapping[$idx] as $key){
-          unset($this->aclContents["$idx/$key"]);
+          if(isset($this->aclContents[$idx]))
+            unset($this->aclContents[$idx]);
+          if(isset($this->aclContents["$idx/$key"]))
+            unset($this->aclContents["$idx/$key"]);
         }
         continue;
       }
 
       /* Sorting... */
-      if (preg_match('/^sortup_.*_x/', $name)){
-        $index= preg_replace('/^sortup_([0-9]+).*$/', '\1', $name);
+      if (preg_match('/^sortup_[0-9]*$/', $name)){
+        $index= preg_replace('/^sortup_([0-9]*)$/', '\1', $name);
         if ($index > 0){
           $tmp= $this->gosaAclEntry[$index];
           $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index-1];
@@ -318,8 +323,8 @@ class acl extends plugin
         }
         continue;
       }
-      if (preg_match('/^sortdown_.*_x/', $name)){
-        $index= preg_replace('/^sortdown_([0-9]+).*$/', '\1', $name);
+      if (preg_match('/^sortdown_[0-9]*$/', $name)){
+        $index= preg_replace('/^sortdown_([0-9]*)$/', '\1', $name);
         if ($index < count($this->gosaAclEntry)-1){
           $tmp= $this->gosaAclEntry[$index];
           $this->gosaAclEntry[$index]= $this->gosaAclEntry[$index+1];
@@ -330,7 +335,7 @@ class acl extends plugin
 
       /* ACL saving... */
       if (preg_match('/^acl_.*_[^xy]$/', $name)){
-        list($dummy, $object, $attribute, $value)= split('_', $name);
+        list($dummy, $object, $attribute, $value)= explode('_', $name);
 
         /* Skip for detection entry */
         if ($object == 'dummy') {
@@ -348,7 +353,8 @@ class acl extends plugin
         }
       }
 
-      if(isset($_POST['selected_role'])){
+      // Remember the selected ACL role.
+      if(isset($_POST['selected_role']) && $_POST['aclType'] == 'role'){
         $this->aclContents = "";
         $this->aclContents = base64_decode($_POST['selected_role']);
       }
@@ -489,19 +495,15 @@ class acl extends plugin
         $field2= array("string" => $link);
 
         if($this->acl_is_writeable("")){
-          $action.= "<input type='image' name='sortup_$key' alt='up' 
-            title='"._("Up")."' src='images/lists/sort-up.png' align='top'>";
-          $action.= "<input type='image' name='sortdown_$key' alt='down' 
-            title='"._("Down")."' src='images/lists/sort-down.png'>";
+          $action.= image('images/lists/sort-up.png', 'sortup_'.$key);
+          $action.= image('images/lists/sort-down.png', 'sortdown_'.$key);
         } 
     
         if($this->acl_is_readable("")){
-          $action.= "<input class='center' type='image' src='images/lists/edit.png' 
-            alt='"._("Edit")."' name='acl_edit_$key' title='".msgPool::editButton(_("ACL"))."'>";
+          $action.= image('images/lists/edit.png','acl_edit_'.$key,msgPool::editButton(_("ACL")));
         }
         if($this->acl_is_removeable("")){
-          $action.= "<input class='center' type='image' src='images/lists/trash.png' 
-            alt='"._("Delete")."' name='acl_del_$key' title='".msgPool::delButton(_("ACL"))."'>";
+          $action.= image('images/lists/trash.png','acl_del_'.$key,msgPool::delButton(_("ACL")));
         }
 
         $field3= array("string" => $action, "attach" => "style='border-right:0px;width:50px;text-align:right;'");
@@ -544,12 +546,10 @@ class acl extends plugin
 
         $actions ="";
         if($this->acl_is_readable("")){
-          $actions= "<input class='center' type='image' src='images/lists/edit.png' 
-            alt='"._("Edit")."' name='cat_edit_$section' title='".msgPool::editButton(_("category ACL"))."'>";
+          $actions.= image('images/lists/edit.png','cat_edit_'.$section, msgPool::editButton(_("category ACL")));
         }
         if($this->acl_is_removeable()){
-          $actions.= "<input class='center' type='image' src='images/lists/trash.png' 
-            alt='"._("Delete")."' name='cat_del_$section' title='".msgPool::delButton(_("category ACL"))."'>";
+          $actions.= image('images/lists/trash.png','cat_del_'.$section, msgPool::delButton(_("category ACL")));
         }   
 
         $field1= array("string" => $dsc, "attach" => "style='width:100px'");
@@ -574,6 +574,9 @@ class acl extends plugin
 
       /* Generate list */
       $tmp= array();
+      if ($this->target == "group" && !isset($this->recipients["G:*"])){
+        $tmp["G:*"]= _("All users");
+      }
       foreach (array("user" => "users", "group" => "groups") as $field => $arr){
         if ($this->target == $field){
           foreach ($this->$arr as $key => $value){
@@ -700,33 +703,33 @@ class acl extends plugin
     $style = "style='width:100px;'";
 
     if($this->acl_is_writeable("")){
-      $display .= "<input ".$style." type='button' name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" value='Toggle C'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" value='Toggle M'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" value='Toggle D'> - ";
-      $display .= "<input ".$style." type='button' name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" value='Toggle R'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" value='Toggle W'> - ";
+      $display .= "<button type='button' ".$style." name='toggle_all_create' onClick=\"acl_toggle_all('_0_c$');\" >Toggle C</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_move'   onClick=\"acl_toggle_all('_0_m$');\" >Toggle M</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_remove' onClick=\"acl_toggle_all('_0_d$');\" >Toggle D</button> - ";
+      $display .= "<button type='button' ".$style." name='toggle_all_read'   onClick=\"acl_toggle_all('_0_r$');\" >Toggle R</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_write'  onClick=\"acl_toggle_all('_0_w$');\" >Toggle W</button> - ";
 
-      $display .= "<input ".$style." type='button' name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" value='R+'>";
-      $display .= "<input ".$style." type='button' name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" value='W+'>";
+      $display .= "<button type='button' ".$style." name='toggle_all_sub_read'  onClick=\"acl_toggle_all('[^0]_r$');\" >R+</button>";
+      $display .= "<button type='button' ".$style." name='toggle_all_sub_write'  onClick=\"acl_toggle_all('[^0]_w$');\" >W+</button>";
 
       $display .= "<br>";
 
       $style = "style='width:50px;'";
-      $display .= "<input ".$style." type='button' name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" value='C+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" value='C-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" value='M+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" value='M-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" value='D+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" value='D-'> - ";
-      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" value='R+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" value='R-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" value='W+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" value='W-'> - ";
-
-      $display .= "<input ".$style." type='button' name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" value='R+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" value='R-'>";
-      $display .= "<input ".$style." type='button' name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" value='W+'>";
-      $display .= "<input ".$style." type='button' name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" value='W-'>";
+      $display .= "<button type='button' ".$style." name='set_true_all_create' onClick=\"acl_set_all('_0_c$',true);\" >C+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_create' onClick=\"acl_set_all('_0_c$',false);\" >C-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_move' onClick=\"acl_set_all('_0_m$',true);\" >M+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_move' onClick=\"acl_set_all('_0_m$',false);\" >M-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_remove' onClick=\"acl_set_all('_0_d$',true);\" >D+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_remove' onClick=\"acl_set_all('_0_d$',false);\" >D-</button> - ";
+      $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('_0_r$',true);\" >R+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('_0_r$',false);\" >R-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('_0_w$',true);\" >W+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('_0_w$',false);\" >W-</button> - ";
+
+      $display .= "<button type='button' ".$style." name='set_true_all_read' onClick=\"acl_set_all('[^0]_r$',true);\" >R+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_read' onClick=\"acl_set_all('[^0]_r$',false);\" >R-</button>";
+      $display .= "<button type='button' ".$style." name='set_true_all_write' onClick=\"acl_set_all('[^0]_w$',true);\" >W+</button>";
+      $display .= "<button type='button' ".$style." name='set_false_all_write' onClick=\"acl_set_all('[^0]_w$',false);\" >W-</button>";
     }
 
     /* Build general objects */
@@ -762,34 +765,27 @@ class acl extends plugin
         $back_color = "#C8C8C8";
       }
 
-      if(session::global_get('js')) {
-        if(isset($_SERVER['HTTP_USER_AGENT']) && 
-             (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
-             (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
-                     "\n    <td align='right' style='background-color:{$back_color};height:1.8em;'>".
-                     "\n    <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
-                     "\n  </tr>";
-        } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
-                     "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
-                     "\n    <input type='button' onclick='divGOsa_toggle(\"$tname\");' value='"._("Show/hide advanced settings")."' /></td>".
-                     "\n  </tr>";
-        } else {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
-                     "\n  </tr>";
-        }
+      if(isset($_SERVER['HTTP_USER_AGENT']) && 
+          (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || 
+          (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
+        $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+          "\n  <tr>".
+          "\n    <td style='background-color:{$back_color};height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+          "\n    <td align='right' style='background-color:{$back_color};height:1.8em;'>".
+          "\n    <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+          "\n  </tr>";
+      } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
+        $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+          "\n  <tr>".
+          "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=".($cols-1)."><b>"._("Object").": $name</b></td>".
+          "\n    <td align='right' style='background-color:#C8C8C8;height:1.8em;'>".
+          "\n    <button type='button' onclick=\"$('{$tname}').toggle();\">"._("Show/hide advanced settings")."</button></td>".
+          "\n  </tr>";
       } else {
-          $display.= "\n<table style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
-                     "\n  <tr>".
-                     "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
-                     "\n  </tr>";
+        $display.= "\n<table summary='{$name}' style='width:100%;border:1px solid #A0A0A0' cellspacing=0 cellpadding=2>".
+          "\n  <tr>".
+          "\n    <td style='background-color:#C8C8C8;height:1.8em;' colspan=$cols><b>"._("Object").": $name</b></td>".
+          "\n  </tr>";
       }
 
       /* Generate options */
@@ -818,13 +814,13 @@ class acl extends plugin
             (preg_match("/gecko/i",$_SERVER['HTTP_USER_AGENT'])) || (preg_match("/presto/i",$_SERVER['HTTP_USER_AGENT']))) {
           $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
                      "\n    <td colspan=".$cols.">".
-                     "\n      <div id='$tname' style='overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
-                     "\n        <table style='width:100%;'>";
+                     "\n      <div id='$tname' style='overflow:hidden; display:none;vertical-align:top;width:100%;'>".
+                     "\n        <table style='width:100%;' summary='{$name}'>";
         } else if (isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/ie/i",$_SERVER['HTTP_USER_AGENT'])) {
           $display.= "\n  <tr id='tr_$tname' style='vertical-align:top;height:0px;'>".
                      "\n    <td colspan=".$cols.">".
-                     "\n      <div id='$tname' style='position:absolute;overflow:hidden;visibility:hidden;height:0px;vertical-align:top;width:100%;'>".
-                     "\n        <table style='width:100%;'>";
+                     "\n      <div id='$tname' style='position:absolute;overflow:hidden;display:none;;vertical-align:top;width:100%;'>".
+                     "\n        <table style='width:100%;' summary='{$name}'>";
         }else{
         }
       }
@@ -920,7 +916,7 @@ class acl extends plugin
   static function explodeACL($acl)
   {
 
-    $list= split(':', $acl);
+    $list= explode(':', $acl);
     if(count($list) == 5){
       list($index, $type,$member,$permission,$filter)= $list;
       $filter = base64_decode($filter);
@@ -972,29 +968,35 @@ class acl extends plugin
     if ($ms == $acl){
       return $a;
     }
-    $ma= split(',', $ms);
+    $ma= explode(',', $ms);
 
     /* Decode dn's, fill with informations from LDAP */
     $ldap= $config->get_ldap_link();
     foreach ($ma as $memberdn){
+      // Check for wildcard here
       $dn= base64_decode($memberdn);
-      $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+      if ($dn != "*") {
+        $ldap->cat($dn, array('cn', 'objectClass', 'description', 'uid'));
+
+        /* Found entry... */
+        if ($ldap->count()){
+          $attrs= $ldap->fetch();
+          if (in_array_ics('gosaAccount', $attrs['objectClass'])){
+            $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+          } else {
+            $a['G:'.$dn]= $attrs['cn'][0];
+            if (isset($attrs['description'][0])){
+              $a['G:'.$dn].= " [".$attrs['description'][0]."]";
+            }
+          }
 
-      /* Found entry... */
-      if ($ldap->count()){
-        $attrs= $ldap->fetch();
-        if (in_array_ics('gosaAccount', $attrs['objectClass'])){
-          $a['U:'.$dn]= $attrs['cn'][0]." [".$attrs['uid'][0]."]";
+        /* ... or not */
         } else {
-          $a['G:'.$dn]= $attrs['cn'][0];
-          if (isset($attrs['description'][0])){
-            $a['G:'.$dn].= " [".$attrs['description'][0]."]";
-          }
+          $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
         }
 
-      /* ... or not */
       } else {
-        $a['U:'.$dn]= sprintf(_("Unknown entry '%s'!"), $dn);
+        $a['G:*']= sprintf(_("All users"));
       }
     }
 
@@ -1006,14 +1008,14 @@ class acl extends plugin
   {
     /* Rip acl off the string, seperate by ',' and place it in an array */
     $as= preg_replace('/^[^:]+:[^:]+:[^:]*:([^:]*).*$/', '\1', $acl);
-    $aa= split(',', $as);
+    $aa= explode(',', $as);
     $a= array();
 
     /* Dis-assemble single ACLs */
     foreach($aa as $sacl){
       
       /* Dis-assemble field ACLs */
-      $ao= split('#', $sacl);
+      $ao= explode('#', $sacl);
       $gobject= "";
       foreach($ao as $idx => $ssacl){
 
@@ -1032,7 +1034,7 @@ class acl extends plugin
         } else {
 
           /* All other entries get appended... */
-          list($field, $facl)= split(';', $ssacl);
+          list($field, $facl)= explode(';', $ssacl);
           $a[$gobject][$field]= $facl;
         }
 
@@ -1068,20 +1070,22 @@ class acl extends plugin
       }
     }
 
+
     /* Summarize members */
-    if ($summary != ""){
-      $summary.= ", ";
-    }
-    if (count($entry['members'])){
-      $summary.= _("Members").": ";
-      foreach ($entry['members'] as $cn){
-        $cn= preg_replace('/ \[.*$/', '', $cn);
-        $summary.= $cn.", ";
+    if(!($this instanceOf aclrole)){
+      if ($summary != ""){
+        $summary.= ", ";
+      }
+      if (count($entry['members'])){
+        $summary.= _("Members").": ";
+        foreach ($entry['members'] as $cn){
+          $cn= preg_replace('/ \[.*$/', '', $cn);
+          $summary.= $cn.", ";
+        }
+      } else {
+        $summary.= "<font color='red'><i>"._("inactive")."&nbsp;-&nbsp;"._("No members")."</i></font>";
       }
-    } else {
-      $summary.= "<font color='red'><i>"._("inactive")."&nbsp;-&nbsp;"._("No members")."</i></font>";
     }
-
     return (preg_replace('/, $/', '', $summary));
   }
 
@@ -1268,37 +1272,56 @@ class acl extends plugin
   /* Remove acls defined for $src */
   function remove_acl()
   {
-    $this->remove_acl_for_dn($this->dn);
+    acl::remove_acl_for($this->dn);
   }
 
 
   /* Remove acls defined for $src */
-  function remove_acl_for_dn($src = "")
-  {
-    if($src == ""){
-      $src = $this->dn;
-    }
-    $ldap = $this->config->get_ldap_link();
-    $ldap->cd($this->config->current['BASE']);
-    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($src)."*))",array("gosaAclEntry","dn"));
-    while($attrs = $ldap->fetch()){
-      $acl = new acl($this->config,$this->parent,$attrs['dn']);
-      foreach($acl->gosaAclEntry as $id => $entry){
-        foreach($entry['members'] as $m_id => $member){
-          if($m_id == "U:".$src){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
-            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for user %s on object %s.",$src,$attrs['dn']));
-          }
-          if($m_id == "G:".$src){
-            unset($acl->gosaAclEntry[$id]['members'][$m_id]);
-            gosa_log("modify","groups/acl",$attrs['dn'],array(),sprintf("Removed acl for group %s on object %s.",$src,$attrs['dn']));
-          }
-        }
+  static function remove_acl_for($dn)
+  {                                  
+    global $config;                  
+
+    $ldap = $config->get_ldap_link();
+    $ldap->cd($config->current['BASE']);
+    $ldap->search("(&(objectClass=gosaAcl)(gosaAclEntry=*".base64_encode($dn)."*))",array("gosaAclEntry","dn"));
+    $new_entries= array();                                                                                      
+    while($attrs = $ldap->fetch()){                                                                             
+      if (!isset($attrs['gosaAclEntry'])) {                                                                     
+        continue;                                                                                               
+      }                                                                                                         
+      unset($attrs['gosaAclEntry']['count']);                                                                   
+
+      // Remove entry directly
+      foreach($attrs['gosaAclEntry'] as $id => $entry){
+        $parts= explode(':',$entry);                     
+        $members= explode(',',$parts[2]);                
+        $new_members= array();                         
+        foreach($members as $member) {                 
+          if (base64_decode($member) != $dn) {         
+            $new_members[]= $member;                   
+          } else {                                     
+            gosa_log("modify","users/acl",$attrs['dn'],array(),sprintf("Removed acl for %s on object %s.",$dn,$attrs['dn']));
+          }                                                                                                                  
+        }                                                                                                                    
+
+        /* We can completely remove the entry if there are no members anymore */
+        if (count($new_members)) {                                              
+          $parts[2]= implode(",", $new_members);                                
+          $new_entries[]= implode(":", $parts);                                 
+        }                                                                       
+      }                                                                         
+
+      // There should be a modification, so write it back
+      $ldap->cd($attrs['dn']);
+      $new_attrs= array("gosaAclEntry" => $new_entries);
+      $ldap->modify($new_attrs);
+      if (!$ldap->success()){
+        msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $dn, LDAP_MOD, get_class()), ERROR_DIALOG);
       }
-      $acl -> save();
     }
   }
 
+
   function update_acl_membership($src,$dst)
   {
     $ldap = $this->config->get_ldap_link();