Updated ACL check in pluglist. The menu construction will now include self acls.

There is now only one problem left, if we are only allowed to modify ourself, we can see the user administration too.
There is only our user entry listed, but this may be a cosmetic issue.

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11401 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-core/include/class_pluglist.inc b/gosa-core/include/class_pluglist.inc
index 095620859bb274fa94c9980fad2961105ff08d62..54b5c67644a0df08132bb5b74ba0615f1a5f1ef0 100644 (file)
--- a/gosa-core/include/class_pluglist.inc
+++ b/gosa-core/include/class_pluglist.inc
@@ -80,8 +80,17 @@ class pluglist {
        }
 
 
+       /*! \brief  Check whether we are allowed to modify the given acl or nit..
+                               This function is used to check which plugins are visible.
+                               
+               @param  The acl tag to test, eg.        "users/user:self", "systems", ...
+               @return Boolean TRUE on success else FALSE
+     */
        function check_access($aclname)
        {
+               /* Split given acl string into an array. 
+                       e.g. "user,systems" => array("users","systems");
+         */
                $acls_to_check = array();
                if(preg_match("/,/",$aclname)){
                        $acls_to_check = split(",",$aclname);
@@ -90,12 +99,28 @@ class pluglist {
                }
 
                foreach($acls_to_check as $acl_to_check){
-                       $deps = $this->ui->get_module_departments($acl_to_check);
-                       if(count($deps)) return TRUE;
+               
+                       /* Check if the given acl tag is only valid for self acl entries  
+                 <plugin acl="users/user:self" class="user"...
+             */        
+                       if(preg_match("/:self$/",$acl_to_check)){
+                               $acl_to_check = preg_replace("/:self$/","",$acl_to_check);      
+                               if($this->ui->get_permissions($this->ui->dn,$acl_to_check,"") != ""){
+                                       return(TRUE);
+                               }
+                               return(FALSE);
+                       }else{
+               
+                               /* No self acls. Check if we have any acls for the given ACL type 
+                 */
+                               $deps = $this->ui->get_module_departments($acl_to_check);
+                               if(count($deps)) return TRUE;
+                       }
                }
                return (FALSE);
        }
 
+
        function gen_headlines()
        {
                $ret = array();
@@ -353,4 +378,5 @@ class pluglist {
 
        }
 }
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>