Fixed acl handling in lists.n -Acls were not checked correctl. If we had permissions...

author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 8 Mar 2010 08:07:27 +0000 (08:07 +0000)

committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>

Mon, 8 Mar 2010 08:07:27 +0000 (08:07 +0000)
author hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 8 Mar 2010 08:07:27 +0000 (08:07 +0000)
committer hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Mon, 8 Mar 2010 08:07:27 +0000 (08:07 +0000)
diff --git a/gosa-core/include/class_filterLDAP.inc b/gosa-core/include/class_filterLDAP.inc

index 34aff04a8e5652b6c00a9e61cb5bdb8df7dbb459..13405cee8e14ebf6f296c7f4abbb177fb01ae178 100644 (file)
--- a/gosa-core/include/class_filterLDAP.inc
+++ b/gosa-core/include/class_filterLDAP.inc
@@ -2,17 +2,17 @@
  
  class filterLDAP {
  
-  static function query($base, $scope, $filter, $attributes, $category, $objectStorage= array(""))
+  static function query($parent,$base, $scope, $filter, $attributes, $category, $objectStorage= array(""))
    {
      $config= session::global_get('config');
      $ldap= $config->get_ldap_link(TRUE);
      $flag= ($scope == "sub")?GL_SUBSEARCH:0;
-    $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
+    $result= filterLDAP::get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
      return $result;
    }
  
  
-  static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
+  static function get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
    {
      $ui= session::global_get('ui');
      $config= session::global_get('config');
@@ -110,12 +110,13 @@ class filterLDAP {
            $result[]= $attrs;
          }else{
  
-          /* Sort in every value that fits the permissions */
-          foreach ($category as $o){
-            if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
-                (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
+          // Check entry permission
+          $obj = $parent->headpage->getObjectType($parent->headpage->objectTypes, $attrs['objectClass']);
+          if(isset($obj['category'])){
+
+            $o = $obj['category']."/".$obj['class'];
+            if(preg_match("/r/",$ui->get_permissions($dn,$o))){
                $result[]= $attrs;
-              break;
              }
            }
          }
author	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 8 Mar 2010 08:07:27 +0000 (08:07 +0000)
committer	hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
	Mon, 8 Mar 2010 08:07:27 +0000 (08:07 +0000)