From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 23 Jun 2008 05:59:27 +0000 (+0000)
Subject: Updated ACL check in pluglist. The menu construction will now include self acls.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=819d8bd355f1863298f90c92178a5fccc30015d3;p=gosa.git

Updated ACL check in pluglist. The menu construction will now include self acls.
There is now only one problem left, if we are only allowed to modify ourself, we can see the user administration too.
There is only our user entry listed, but this may be a cosmetic issue.


git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11401 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/gosa-core/include/class_pluglist.inc b/gosa-core/include/class_pluglist.inc
index 095620859..54b5c6764 100644
--- a/gosa-core/include/class_pluglist.inc
+++ b/gosa-core/include/class_pluglist.inc
@@ -80,8 +80,17 @@ class pluglist {
 	}
 
 
+	/*! \brief  Check whether we are allowed to modify the given acl or nit..
+				This function is used to check which plugins are visible.
+				
+		@param	The acl tag to test, eg. 	"users/user:self", "systems", ...
+		@return	Boolean TRUE on success else FALSE
+     */
 	function check_access($aclname)
 	{
+		/* Split given acl string into an array. 
+			e.g. "user,systems" => array("users","systems");
+         */
 		$acls_to_check = array();
 		if(preg_match("/,/",$aclname)){
 			$acls_to_check = split(",",$aclname);
@@ -90,12 +99,28 @@ class pluglist {
 		}
 
 		foreach($acls_to_check as $acl_to_check){
-			$deps = $this->ui->get_module_departments($acl_to_check);
-			if(count($deps)) return TRUE;
+		
+			/* Check if the given acl tag is only valid for self acl entries  
+                 <plugin acl="users/user:self" class="user"...
+             */	
+			if(preg_match("/:self$/",$acl_to_check)){
+				$acl_to_check = preg_replace("/:self$/","",$acl_to_check);	
+				if($this->ui->get_permissions($this->ui->dn,$acl_to_check,"") != ""){
+					return(TRUE);
+				}
+				return(FALSE);
+			}else{
+		
+				/* No self acls. Check if we have any acls for the given ACL type 
+                 */
+				$deps = $this->ui->get_module_departments($acl_to_check);
+				if(count($deps)) return TRUE;
+			}
 		}
 		return (FALSE);
 	}
 
+
 	function gen_headlines()
 	{
 		$ret = array();
@@ -353,4 +378,5 @@ class pluglist {
 
 	}
 }
+// vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>