From dafbe6f9b5b59bcbc72fe11147eb4aac7715439d Mon Sep 17 00:00:00 2001
From: Klaus Leithoff <kl@stylite.de>
Date: Tue, 17 Nov 2015 12:14:23 +0000
Subject: [PATCH] fix for not working as intended deny access on group feature

---
 mail/inc/class.mail_hooks.inc.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/mail/inc/class.mail_hooks.inc.php b/mail/inc/class.mail_hooks.inc.php
index cf0d514df4..2e9aa10d7a 100644
--- a/mail/inc/class.mail_hooks.inc.php
+++ b/mail/inc/class.mail_hooks.inc.php
@@ -716,8 +716,12 @@ class mail_hooks
 		//error_log(__METHOD__.__LINE__.' '.$feature.':'.array2string($config['deny_'.$feature]));
 		if (!empty($config['deny_'.$feature]))
 		{
-			$denied_groups = explode(',', $config['deny_'.$feature]);
-			return array_intersect($denied_groups, $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true));
+			//error_log(__METHOD__.__LINE__.' feature:'.$feature.':'.array2string($config['deny_'.$feature]));
+			$denied_groups = (is_array($config['deny_'.$feature])?$config['deny_'.$feature]:explode(',', $config['deny_'.$feature]));
+			//error_log(__METHOD__.__LINE__.array2string($GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true)));
+			//error_log(__METHOD__.__LINE__.array2string(array_intersect($denied_groups, $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true))));
+			// since access asks positively, the stored deny_$feature must return false if we find the denied group in the users membership-list
+			return (array_intersect($denied_groups, $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true))?false:true);
 		}
 		return true;
 	}