From e901a5abd3434ae90f2cd2164b663381f1448fd1 Mon Sep 17 00:00:00 2001
From: hickert <hickert@594d385d-05f5-0310-b6e9-bd551577e9d8>
Date: Thu, 6 Nov 2008 14:57:52 +0000
Subject: [PATCH] Updated this->ACL structure. -respect self ACLs again..

git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@12941 594d385d-05f5-0310-b6e9-bd551577e9d8
---
 gosa-core/include/class_userinfo.inc | 43 ++++++++++++++++++++++++----
 1 file changed, 38 insertions(+), 5 deletions(-)

diff --git a/gosa-core/include/class_userinfo.inc b/gosa-core/include/class_userinfo.inc
index 9f1ab2b8e..bec139e58 100644
--- a/gosa-core/include/class_userinfo.inc
+++ b/gosa-core/include/class_userinfo.inc
@@ -181,23 +181,56 @@ class userinfo
 
     /* Create an array which represenet all relevant permissions settings 
         per dn.
+
+      The array will look like this:
+      
+      .     ['ou=base']        ['ou=base']          = array(ACLs);
+      .     
+      .     ['ou=dep1,ou=base']['ou=dep1,ou=base']  = array(ACLs);
+      .                        ['ou=base']          = array(ACLs);
+
+
+      For object located in 'ou=dep1,ou=base' we have to both ACLs,
+       for objects in 'ou=base' we only have to apply on ACL.
      */
-    $tmp = array();
+    $without_self_acl = $all_acl = array();
     foreach($this->ACL as $dn => $acl){
       $sdn =$dn;
       while(strpos($dn,",") !== FALSE){
+
         if(isset($this->ACL[$dn])){
-          $tmp[$sdn][$dn] = $this->ACL[$dn];
-          foreach($this->ACL[$dn] as $aclset){
-            if(isset($aclset['filter']{1})){
+          $all_acl[$sdn][$dn] = $this->ACL[$dn];
+          $without_self_acl[$sdn][$dn] = $this->ACL[$dn]; 
+          foreach($without_self_acl[$sdn][$dn] as $acl_id => $acl_set){
+  
+            /* Remember which ACL set has speicial user filter 
+             */
+            if(isset($acl_set['filter']{1})){
               $this->ACLperPath_usesFilter[$sdn] = TRUE;
             }
+          
+            /* Remove all acl entries which are especially for the current user (self acl)
+             */
+            foreach($acl_set['acl'] as $object => $object_acls){
+              if(strpos($object_acls[0],"s")){
+                unset($without_self_acl[$sdn][$dn][$acl_id]['acl'][$object]);
+              }
+            }
           }
         }
         $dn = preg_replace("/^[^,]*+,/","",$dn);
       }
     } 
-    $this->ACLperPath =$tmp;
+    $this->ACLperPath =$without_self_acl;
+
+    /* Append Self entry */
+    $dn = $this->dn;
+    while(strpos($dn,",") && !isset($all_acl[$dn])){
+      $dn = preg_replace("/^[^,]*+,/","",$dn);
+    }
+    if(isset($all_acl[$dn])){
+      $this->ACLperPath[$this->dn] = $all_acl[$dn];
+    }
   }
 
 
-- 
2.30.2