X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Finclude%2Fclass_userinfo.inc;h=423694c8a7df021ab160120ec0dcd4ff85b21b9e;hb=06cc53394cf695b3bc663073e526d7d94e4bb2d6;hp=34634669f6820a9cc018ef91773df2f297b9f89b;hpb=6299685c6f6af4b51898764cfada4df31b502bc6;p=gosa.git

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index 34634669f..423694c8a 100644
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -284,6 +284,9 @@ class userinfo
         then return all permissions.
      */
     if($this->ignore_acl_for_current_user()){
+      if($skip_write){
+        return("rcdm");
+      }
       return("rwcdm");
     }
 
@@ -310,7 +313,6 @@ class userinfo
     $path= split(',', $dn);
     $path= array_reverse($path);
 
-
     /* Walk along the path to evaluate the acl */
     $cpath= "";
     foreach ($path as $element){
@@ -369,7 +371,9 @@ class userinfo
             continue;
           }
 
-          /* If attribute is "", we want to know, if we've *any* permissions here... */
+          /* If attribute is "", we want to know, if we've *any* permissions here... 
+              Merge global class ACLs [0] with attributes specific ACLs [attribute].
+           */
           if ($attribute == "" && isset($subacl['acl'][$object])){
             foreach($subacl['acl'][$object] as $attr => $dummy){
               $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]);
@@ -425,7 +429,7 @@ class userinfo
 
   /* Extract all departments that are accessible (direct or 'on the way' to an
      accessible department) */
-  function get_module_departments($module)
+  function get_module_departments($module, $skip_self_acls = FALSE )
   {
     
     /* If we are forced to skip ACLs checks for the current user 
@@ -464,8 +468,6 @@ class userinfo
       }
     }
 
-    
-
     /* Search for per object ACLs. 
      */
     $this->config->get_departments();
@@ -475,6 +477,10 @@ class userinfo
       foreach($infos as $info){
         $found = FALSE;
         foreach($info['acl'] as $cat => $data){
+
+          /* Skip self acls? */
+          if($skip_self_acls && isset($data['0']) && preg_match("//s",$data['0'])) continue;
+
           if(is_array($module)){
             foreach($module as $mod){
               if(preg_match("/^".normalizePreg($mod)."/",$cat)){
@@ -503,73 +509,20 @@ class userinfo
 
     /* For all gosaDepartments */
     foreach ($this->config->departments as $dn){
-      $acl= array("r" => "", "w" => "", "c" => "", "d" => "", "m" => "", "a" => "");
-
-      /* Build dn array */
-      $path= split(',', $dn);
-      $path= array_reverse($path);
-
-      /* Walk along the path to evaluate the acl */
-      $cpath= "";
-      foreach ($path as $element){
-
-        /* Clean potential ACLs for each level */
-        $acl= $this->cleanACL($acl);
-
-        if ($cpath == ""){
-          $cpath= $element;
-        } else {
-          $cpath= $element.','.$cpath;
-        }
-        if (isset($this->ACL[$cpath])){
-
-          /* Inspect this ACL, place the result into ACL */
-          foreach ($this->ACL[$cpath] as $subacl){
-
-            /* Reset? Just clean the ACL and turn over to the next one... */
-            if ($subacl['type'] == 'reset'){
-              $acl= $this->cleanACL($acl, TRUE);
-              continue;
-            }
-    
-            if($subacl['type'] == 'role'){
-              echo "role skipped";
-              continue;
-            }
-
-            /* Per object ACL? */
-            foreach ($objects as $object){
-              if (isset($subacl['acl']["$module/$object"])){
-                foreach($subacl['acl']["$module/$object"] as $attribute => $dcl){
-                  $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/$object"][$attribute]);
-                }
-              }
-            }
-
-            /* Global ACL? */
-            if (isset($subacl['acl']["$module/all"][0])){
-              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["$module/all"][0]);
-              continue;
-            }
-
-            /* Global ACL? */
-            if (isset($subacl['acl']["all"][0])){
-              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']["all"][0]);
-              continue;
-            }
-          }
-        }
+      if(!is_array($module)){
+        $module = array($module);
       }
-
-      /* Add department, if we have (some) permissions for the required module */
-      foreach ($acl as $val){
-        if ($val != ""){
-          $deps[]= $dn;
-          break;
+      $acl = "";
+      foreach($module as $mod){
+        if(preg_match("/\//",$mod)){
+          $acl.=  $this->get_permissions($dn,$mod);
+        }else{
+          $acl.=  $this->get_category_permissions($dn,$mod);
         }
       }
+      if($acl !== "") $deps[] = $dn;
     }
-    
+  
     $ACL_CACHE = &session::get('ACL_CACHE');
     $ACL_CACHE['MODULE_DEPARTMENTS'][serialize($module)] = $deps;
     return ($deps);
@@ -691,7 +644,7 @@ class userinfo
    */ 
   function ignore_acl_for_current_user()
   {
-    return(isset($this->config->current['IGNORE_ACL']) && $this->config->current['IGNORE_ACL'] == $this->dn);
+    return($this->config->get_cfg_value("ignore_acl") == $this->dn);
   }
 
 }