From 8d990ac6d07f1ed78ac842004be930dd9352300e Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 11 Jul 2007 11:03:18 +0000
Subject: [PATCH] Updated ACL check for groups. Move check was completly
 missing.

git-svn-id: https://oss.gonicus.de/repositories/gosa/branches/2.5@6832 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 plugins/admin/groups/class_groupGeneric.inc | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/plugins/admin/groups/class_groupGeneric.inc b/plugins/admin/groups/class_groupGeneric.inc
index 4d632c081..a586a6695 100644
--- a/plugins/admin/groups/class_groupGeneric.inc
+++ b/plugins/admin/groups/class_groupGeneric.inc
@@ -749,11 +749,18 @@ class group extends plugin
       $new_dn= $this->dn;
     }
 
+    /* Check permissions */
     $ui= get_userinfo();
-    $acl= get_permissions ($ui->dn, $ui->subtreeACL);
-    $acl= get_module_permission($acl, "group", $ui->dn);
-    if ($this-> dn == "new" && chkacl($this->acl, "create") != ""){
+    $acl= get_permissions ($new_dn, $ui->subtreeACL);
+    $acl= get_module_permission($acl, "group", $new_dn);
+    if ($this->dn == "new" && chkacl($acl, "create") != ""){
       $message[]= _("You have no permissions to create a group on this 'Base'.");
+    } elseif ($this->dn != $new_dn && $this->dn != "new"){
+      $acl= get_permissions ($new_dn, $ui->subtreeACL);
+      $acl= get_module_permission($acl, "group", $new_dn);
+      if (chkacl($acl, "create") != ""){
+        $message[]= _("You have no permissions to move a group from the original 'Base'.");
+      }
     }
 
     /* must: cn */
-- 
2.30.2