From d4e793e1e7258ff24fda0f2b32f082d3b01c51aa Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Mon, 7 Nov 2005 09:20:16 +0000
Subject: [PATCH] Base selection

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@1846 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 plugins/personal/generic/class_user.inc | 48 +++++++++++++++++++++----
 1 file changed, 42 insertions(+), 6 deletions(-)

diff --git a/plugins/personal/generic/class_user.inc b/plugins/personal/generic/class_user.inc
index d45ab8c7c..94444d1f2 100644
--- a/plugins/personal/generic/class_user.inc
+++ b/plugins/personal/generic/class_user.inc
@@ -437,11 +437,12 @@ class user extends plugin
     }
 
     /* Show us the edit screen */
-    $smarty->assign("bases", $this->config->idepartments);
+    $smarty->assign("bases", $this->allowedBasesToMoveTo());
+//  $smarty->assign("bases", $this->config->idepartments);
     $smarty->assign("base_select", $this->base);
-    $smarty->assign("selectmode", chkacl($this->acl, "create"));
-    $smarty->assign("certificatesACL", chkacl($this->acl, "certificates"));
-    $smarty->assign("jpegPhotoACL", chkacl($this->acl, "jpegPhoto"));
+    $smarty->assign("selectmode",       chkacl($this->acl, "create"));
+    $smarty->assign("certificatesACL",  chkacl($this->acl, "certificates"));
+    $smarty->assign("jpegPhotoACL",     chkacl($this->acl, "jpegPhoto"));
 
     /* Prepare password hashes */
     if ($this->pw_storage == ""){
@@ -499,9 +500,8 @@ class user extends plugin
         $smarty->assign("has_phoneaccount", "false");
       }
     } else {
-        $smarty->assign("has_phoneaccount", "false");
+      $smarty->assign("has_phoneaccount", "false");
     }
-
     return($smarty->fetch (get_template_path('generic.tpl', TRUE, dirname(__FILE__))));
   }
 
@@ -1145,6 +1145,42 @@ class user extends plugin
     }
   }
 
+ 
+  /* This avoids that users move themselves out of their rights. 
+   */
+  function allowedBasesToMoveTo()
+  {
+    $allowed = array();
+    $ret_all = false;
+    if($this->uid == $_SESSION['ui']->username){
+      $ldap= $this->config->get_ldap_link(); 
+      $ldap->cd($this->config->current['BASE']); 
+      $ldap->search("(&(objectClass=posixGroup)(memberUid=".$_SESSION['ui']->username."))",array("gosaSubtreeACL"));
+       
+      while($attrs = $ldap->fetch()){
+        foreach($attrs['gosaSubtreeACL'] as $attr){
+          if((preg_match("/:user#/",$attr))||(preg_match("/:all/",$attr))){
+            $s =  preg_replace("/^.*ou=groups,/","",$attrs['dn']);
+
+            foreach($this->config->idepartments as $key => $dep) {
+              if(preg_match("/".$s."/i",$key)){
+                $allowed[$key] = $dep;
+              }
+            }
+          }
+        }
+      }
+      return($allowed);
+    }else{
+      return($this->config->idepartments);
+    }
+  } 
+
+
+
+
+
+
 }
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
-- 
2.30.2