X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_userinfo.inc;h=36c5072553e9296ae2ec100b25c9e40d5103ce8f;hb=6e04f2e6bcdfe38a342086628aaa1249fb707047;hp=4564beda636538f426378333b8065fb0b547ad09;hpb=38c1322dc329b507e35859071a446ad54c8b36a7;p=gosa.git

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index 4564beda6..36c507255 100644
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -36,7 +36,7 @@ class userinfo
   var $ocMapping= array();
   var $groups= array();
   var $result_cache =array();
-  var $ignoreACl = FALSE;
+  var $ignoreACL = FALSE;
   var $ACLperPath = array();
   var $ACLperPath_usesFilter = array();
 
@@ -80,7 +80,7 @@ class userinfo
   public function reset_acl_cache()
   {
     /* Initialize ACL_CACHE */
-    session::set('ACL_CACHE',array());
+    session::global_set('ACL_CACHE',array());
   }
 
   function loadACL()
@@ -158,8 +158,9 @@ class userinfo
 
           /* Inspect members... */
           foreach ($type['members'] as $grp => $grpdsc){
+
             /* Some group inside the members that is relevant for us? */
-            if (in_array_ics(preg_replace('/^G:/', '', $grp), $this->groups)){
+            if (in_array_ics(@LDAP::convert(preg_replace('/^G:/', '', $grp)), $this->groups)){
               $interresting= TRUE;
             }
 
@@ -196,8 +197,9 @@ class userinfo
     $without_self_acl = $all_acl = array();
     foreach($this->ACL as $dn => $acl){
       $sdn =$dn;
-      while(strpos($dn,",") !== FALSE){
-
+      $first= TRUE; // Run at least once 
+      while(strpos($dn,",") !== FALSE || $first){
+        $first = FALSE;
         if(isset($this->ACL[$dn])){
           $all_acl[$sdn][$dn] = $this->ACL[$dn];
           $without_self_acl[$sdn][$dn] = $this->ACL[$dn]; 
@@ -212,7 +214,7 @@ class userinfo
             /* Remove all acl entries which are especially for the current user (self acl)
              */
             foreach($acl_set['acl'] as $object => $object_acls){
-              if(strpos($object_acls[0],"s")){
+              if(isset($object_acls[0]) && strpos($object_acls[0],"s")){
                 unset($without_self_acl[$sdn][$dn][$acl_id]['acl'][$object]);
               }
             }
@@ -328,7 +330,7 @@ class userinfo
     }
 
     /* Push cache answer? */
-    $ACL_CACHE = &session::get('ACL_CACHE');
+    $ACL_CACHE = &session::global_get('ACL_CACHE');
     if (isset($ACL_CACHE["$dn+$object+$attribute"])){
       $ret = $ACL_CACHE["$dn+$object+$attribute"];
       if($skip_write){
@@ -526,7 +528,7 @@ class userinfo
     }
 
     /* Use cached results if possilbe */
-    $ACL_CACHE = &session::get('ACL_CACHE');
+    $ACL_CACHE = &session::global_get('ACL_CACHE');
 
     if(!is_array($module)){
       $module = array($module);
@@ -602,6 +604,11 @@ class userinfo
 
     foreach(str_split($newACL) as $char){
 
+      /* Skip "self" ACLs without combination of rwcdm, they have no effect.
+         -self flag without read/write/create/...
+       */
+      if(empty($char)) continue;
+
       /* Skip permanent and subtree entries */
       if (preg_match('/[sp]/', $acl[$char])){
         continue;