Updated ACL check for groups.

Move check was completly missing.

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@6832 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index 4d632c081dde2d661f6f638825281a22ea02fb3d..a586a6695330fe92882abc801dc7958a9e8725cd 100644 (file)
--- a/plugins/admin/groups/class_groupGeneric.inc
+++ b/plugins/admin/groups/class_groupGeneric.inc
@@ -749,11 +749,18 @@ class group extends plugin
       $new_dn= $this->dn;
     }
 
+    /* Check permissions */
     $ui= get_userinfo();
-    $acl= get_permissions ($ui->dn, $ui->subtreeACL);
-    $acl= get_module_permission($acl, "group", $ui->dn);
-    if ($this-> dn == "new" && chkacl($this->acl, "create") != ""){
+    $acl= get_permissions ($new_dn, $ui->subtreeACL);
+    $acl= get_module_permission($acl, "group", $new_dn);
+    if ($this->dn == "new" && chkacl($acl, "create") != ""){
       $message[]= _("You have no permissions to create a group on this 'Base'.");
+    } elseif ($this->dn != $new_dn && $this->dn != "new"){
+      $acl= get_permissions ($new_dn, $ui->subtreeACL);
+      $acl= get_module_permission($acl, "group", $new_dn);
+      if (chkacl($acl, "create") != ""){
+        $message[]= _("You have no permissions to move a group from the original 'Base'.");
+      }
     }
 
     /* must: cn */