--- docman.php	2002/07/28 13:57:13	1.16
+++ docman.php	2002/07/28 14:16:04	1.17
@@ -1377,7 +1377,8 @@
 
 // helper function
 function unroll_perm($u,$t,$user,$perm) {
-	// check user
+
+	// check user FIX
 	if ($t & trmask_not && ($u==$user)) continue;
 	if (!($t & trmask_not) && ($u!=$user)) continue;
 
@@ -1403,9 +1404,7 @@
 	$path = "/";
 	while (count($path_arr)) {
 		if (substr($path,strlen($path)-1,1) != "/") $path.="/";
-		$path.=array_shift($path_arr);
 		$tr = $trustees[$path];
-
 		if (isset($tr)) {
 			// first apply trustee for all
 			if (isset($tr['*'])) {
@@ -1413,21 +1412,20 @@
 				unset($tr['*']);
 			}
 			// then apply group policies
-			foreach ($tr as $u=>$t) {
-				if ($t & trmask_group && in_group($user,$u)) {
+			foreach ($tr as $g=>$t) {
+				if ($t & trmask_group && in_group($user,$g)) {
 					// resolv user
 					$t = $t & ~trmask_group;
-					$u = $user;
-					$perm = unroll_perm($u,$t,$user, $perm);
-					unset($tr[$u]);
+					$perm = unroll_perm($user,$t,$user, $perm);
+					unset($tr[$g]);
 				}
 			}
-			// then apply use policy
+			// then apply user policy
 			if (isset($tr[$user])) {
 				$perm = unroll_perm($user,$tr[$user],$user, $perm);
 				unset($tr[$user]);
 			}
-
+		$path.=array_shift($path_arr);
 		}
 
 	}