From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 11 Jul 2007 11:03:18 +0000 (+0000)
Subject: Updated ACL check for groups.
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=8d990ac6d07f1ed78ac842004be930dd9352300e;p=gosa.git

Updated ACL check for groups.
Move check was completly missing.


git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@6832 594d385d-05f5-0310-b6e9-bd551577e9d8
---

diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index 4d632c081..a586a6695 100644
--- a/plugins/admin/groups/class_groupGeneric.inc
+++ b/plugins/admin/groups/class_groupGeneric.inc
@@ -749,11 +749,18 @@ class group extends plugin
       $new_dn= $this->dn;
     }
 
+    /* Check permissions */
     $ui= get_userinfo();
-    $acl= get_permissions ($ui->dn, $ui->subtreeACL);
-    $acl= get_module_permission($acl, "group", $ui->dn);
-    if ($this-> dn == "new" && chkacl($this->acl, "create") != ""){
+    $acl= get_permissions ($new_dn, $ui->subtreeACL);
+    $acl= get_module_permission($acl, "group", $new_dn);
+    if ($this->dn == "new" && chkacl($acl, "create") != ""){
       $message[]= _("You have no permissions to create a group on this 'Base'.");
+    } elseif ($this->dn != $new_dn && $this->dn != "new"){
+      $acl= get_permissions ($new_dn, $ui->subtreeACL);
+      $acl= get_module_permission($acl, "group", $new_dn);
+      if (chkacl($acl, "create") != ""){
+        $message[]= _("You have no permissions to move a group from the original 'Base'.");
+      }
     }
 
     /* must: cn */