From a209b8b948fef8cc850932667156e73046619764 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Wed, 28 May 2008 10:07:07 +0000
Subject: [PATCH] Added acl checks

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@11076 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
index f29b61555..a3059782a 100644
--- a/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
+++ b/gosa-plugins/sudo/admin/sudo/class_sudoGeneric.inc
@@ -46,6 +46,8 @@ class sudo extends plugin
 
   public $ignore_account = TRUE;
 
+  public $orig_dn;
+
   /*! \brief  Returns to the base department for sudo roles.
               This department is then used to store new roles.
       @param  Object  GOsa configuration object.
@@ -126,6 +128,8 @@ class sudo extends plugin
           "regex"           => "*");
       session::set("sysfilter", $sysfilter);
     }
+
+    $this->orig_dn = $this->dn;
   }
 
 
@@ -581,6 +585,12 @@ class sudo extends plugin
       }
     }
 
+    /* Check if we are allowed to create or move this object
+     */
+    if($this->orig_dn == "new" && !$this->acl_is_createable($this->get_sudoers_ou($this->config))){
+      $message[] = msgPool::permCreate();
+    }
+
     return ($message);
   }
 
-- 
2.30.2