From 11c017bd61920ce04d9d340c7ff22601777bb86a Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 8 Mar 2010 08:07:27 +0000
Subject: [PATCH] Fixed acl handling in lists.n -Acls were not checked
 correctl. If we had permissions to view only phones, we got all systems
 listed, due to the fact that get_psermission can not differentiate between
 object types. We have to do this manually, not just iterate through all
 possible combinations of acl-categrory M     
 /root/2.6/gosa-all/gosa/include/class_filterLDAP.inc dn and check if there is
 a -r- in the result.

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.6@16323 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/include/class_filterLDAP.inc | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/gosa-core/include/class_filterLDAP.inc b/gosa-core/include/class_filterLDAP.inc
index 34aff04a8..13405cee8 100644
--- a/gosa-core/include/class_filterLDAP.inc
+++ b/gosa-core/include/class_filterLDAP.inc
@@ -2,17 +2,17 @@
 
 class filterLDAP {
 
-  static function query($base, $scope, $filter, $attributes, $category, $objectStorage= array(""))
+  static function query($parent,$base, $scope, $filter, $attributes, $category, $objectStorage= array(""))
   {
     $config= session::global_get('config');
     $ldap= $config->get_ldap_link(TRUE);
     $flag= ($scope == "sub")?GL_SUBSEARCH:0;
-    $result= filterLDAP::get_list($base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
+    $result= filterLDAP::get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flag | GL_SIZELIMIT);
     return $result;
   }
 
 
-  static function get_list($base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
+  static function get_list($parent,$base, $filter, $attributes, $category, $objectStorage, $flags= GL_SUBSEARCH)
   {
     $ui= session::global_get('ui');
     $config= session::global_get('config');
@@ -110,12 +110,13 @@ class filterLDAP {
           $result[]= $attrs;
         }else{
 
-          /* Sort in every value that fits the permissions */
-          foreach ($category as $o){
-            if((preg_match("/\//",$o) && preg_match("/r/",$ui->get_permissions($dn,$o))) ||
-                (!preg_match("/\//",$o) && preg_match("/r/",$ui->get_category_permissions($dn, $o)))){
+          // Check entry permission
+          $obj = $parent->headpage->getObjectType($parent->headpage->objectTypes, $attrs['objectClass']);
+          if(isset($obj['category'])){
+
+            $o = $obj['category']."/".$obj['class'];
+            if(preg_match("/r/",$ui->get_permissions($dn,$o))){
               $result[]= $attrs;
-              break;
             }
           }
         }
-- 
2.30.2