From 6299685c6f6af4b51898764cfada4df31b502bc6 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Fri, 20 Jun 2008 13:56:12 +0000
Subject: [PATCH] Updated ACL function "get_permissions" skip ACL merge if ACL
 type is "Self-ACL" and the checked object is not $ui->dn

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11399 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/include/class_userinfo.inc | 66 +++++++++++++++-------------
 1 file changed, 36 insertions(+), 30 deletions(-)

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index cbac37f14..34634669f 100644
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -310,6 +310,7 @@ class userinfo
     $path= split(',', $dn);
     $path= array_reverse($path);
 
+
     /* Walk along the path to evaluate the acl */
     $cpath= "";
     foreach ($path as $element){
@@ -341,26 +342,40 @@ class userinfo
             continue;
           }
 
-         /* With user filter */
-         if (isset($subacl['filter']) && !empty($subacl['filter'])){
-           $sdn = preg_replace("/^[^,]*+,/","",$dn);
-           $ldap->cd($sdn);
-           $ldap->ls($subacl['filter'],$sdn);
-           if(!$ldap->count()){
-             continue;
-           }else{
-             $found = FALSE; 
-             while($attrs = $ldap->fetch()){
-               if($attrs['dn'] == $dn){
-                 $found = TRUE;
-                 break;
-               }
-             }
-             if(!$found){
-               continue;
-             }
-           }
-         }
+          /* With user filter */
+          if (isset($subacl['filter']) && !empty($subacl['filter'])){
+            $sdn = preg_replace("/^[^,]*+,/","",$dn);
+            $ldap->cd($sdn);
+            $ldap->ls($subacl['filter'],$sdn);
+            if(!$ldap->count()){
+              continue;
+            }else{
+              $found = FALSE; 
+              while($attrs = $ldap->fetch()){
+                if($attrs['dn'] == $dn){
+                  $found = TRUE;
+                  break;
+                }
+              }
+              if(!$found){
+                continue;
+              }
+            }
+          }
+
+          /* Self ACLs? 
+           */
+          if(isset($subacl['acl'][$object][0]) && preg_match("/s/",$subacl['acl'][$object][0]) && $dn != $this->dn){
+            continue;
+          }
+
+          /* If attribute is "", we want to know, if we've *any* permissions here... */
+          if ($attribute == "" && isset($subacl['acl'][$object])){
+            foreach($subacl['acl'][$object] as $attr => $dummy){
+              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]);
+            }
+            continue;
+          }
 
           /* Per attribute ACL? */
           if (isset($subacl['acl'][$object][$attribute])){
@@ -379,15 +394,6 @@ class userinfo
             $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl']['all'][0]);
             continue;
           }
-
-          /* If attribute is "", we want to know, if we've *any* permissions here... */
-          if ($attribute == "" && isset($subacl['acl'][$object])){
-            foreach($subacl['acl'][$object] as $attr => $dummy){
-              $acl= $this->mergeACL($acl, $subacl['type'], $subacl['acl'][$object][$attr]);
-            }
-            continue;
-          }
-
         }
       }
     }
@@ -563,7 +569,7 @@ class userinfo
         }
       }
     }
-
+    
     $ACL_CACHE = &session::get('ACL_CACHE');
     $ACL_CACHE['MODULE_DEPARTMENTS'][serialize($module)] = $deps;
     return ($deps);
-- 
2.30.2