Added acl checks

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11076 594d385d-05f5-0310-b6e9-bd551577e9d8

diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
index f29b615551a5424e9993caaf65f330f0d9a9c702..a3059782a8d694e14486b62062e8a9387d159aa7 100644 (file)
--- a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
+++ b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
@@ -46,6 +46,8 @@ class sudo extends plugin
 
   public $ignore_account = TRUE;
 
+  public $orig_dn;
+
   /*! \brief  Returns to the base department for sudo roles.
               This department is then used to store new roles.
       @param  Object  GOsa configuration object.
@@ -126,6 +128,8 @@ class sudo extends plugin
           "regex"           => "*");
       session::set("sysfilter", $sysfilter);
     }
+
+    $this->orig_dn = $this->dn;
   }
 
 
@@ -581,6 +585,12 @@ class sudo extends plugin
       }
     }
 
+    /* Check if we are allowed to create or move this object
+     */
+    if($this->orig_dn == "new" && !$this->acl_is_createable($this->get_sudoers_ou($this->config))){
+      $message[] = msgPool::permCreate();
+    }
+
     return ($message);
   }