Added missing permission check to faiManagement::remove

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@15093 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-plugins/fai/admin/fai/class_faiManagement.inc b/gosa-plugins/fai/admin/fai/class_faiManagement.inc
index 1719e82c3c599acca4263b48117057f5aa8afb50..8fd3847eb0a6b8efb5a0791972cc0b9a109e62c7 100644 (file)
--- a/gosa-plugins/fai/admin/fai/class_faiManagement.inc
+++ b/gosa-plugins/fai/admin/fai/class_faiManagement.inc
@@ -392,22 +392,36 @@ class faiManagement extends management
     $ldap = $this->config->get_ldap_link();
     $ldap->cd($this->config->current['BASE']); 
 
+    $disallowed = array();
     foreach($this->dns as $key => $dn){
       $ldap->cat($dn);
       if($ldap->count()){
         $attrs = $ldap->fetch();
         $type= $this->get_type($attrs);
-        $str = management::removeEntryConfirmed($action,array($dn),$all,$type[0],$type[2],$type[1]);
-        if($str) return($str);
 
-        // Now save changes
-        FAI::save_release_changes_now();
-        $to_del = FAI::clean_up_releases($dn);
-        foreach($to_del as $dn){
-          $ldap->rmdir_recursive($dn);
+        $acl  = $this->ui->get_permissions($dn,"fai/".$type[1]);
+        if(preg_match("/d/",$acl)){
+
+          // Now save changes
+          management::removeEntryConfirmed($action,array($dn),$all,$type[0],$type[2],$type[1]);
+          FAI::save_release_changes_now();
+          $to_del = FAI::clean_up_releases($dn);
+          foreach($to_del as $dn){
+            $ldap->rmdir_recursive($dn);
+          }
+
+        } else {
+          $disallowed[] = $dn;
+          new log("security","fai/".get_class($this),$dn,array(),"Tried to trick deletion.");
         }
       }
     }
+
+    /* Normally this shouldn't be reached, send some extra
+       logs to notify the administrator */
+    if(count($disallowed)){ 
+      msg_dialog::display(_("Permission error"), msgPool::permDelete($disallowed), ERROR_DIALOG);
+    }
   }