mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-25 16:19:00 +01:00
* CardDAV: fixed wrong privileges for accounts addressbook, causing clients to report it read-only even for admins
This commit is contained in:
parent
1b5dfecc1c
commit
0f76ff5ab5
@ -939,6 +939,18 @@ class addressbook_groupdav extends groupdav_handler
|
||||
return $this->bo->check_perms($acl,$contact);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get grants of current user and app
|
||||
*
|
||||
* Reimplemented to account for static LDAP ACL and accounts (owner=0)
|
||||
*
|
||||
* @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
|
||||
*/
|
||||
public function get_grants()
|
||||
{
|
||||
return $this->bo->get_grants($this->bo->user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return calendars/addressbooks shared from other users with the current one
|
||||
*
|
||||
|
@ -354,11 +354,15 @@ class addressbook_so
|
||||
// therefor the param false!
|
||||
$grants = $GLOBALS['egw']->acl->get_grants($contact_app,false,$user);
|
||||
}
|
||||
// grants for accounts: everyone read, admins edit, no-one add or delete (only via admin app!)
|
||||
$grants[0] = EGW_ACL_READ;
|
||||
if ($this->is_admin()) $grants[0] |= EGW_ACL_EDIT;
|
||||
}
|
||||
else
|
||||
{
|
||||
$grants = array();
|
||||
}
|
||||
//error_log(__METHOD__."($user, '$contact_app') returning ".array2string($grants));
|
||||
return $grants;
|
||||
}
|
||||
|
||||
|
@ -912,7 +912,7 @@ class groupdav extends HTTP_WebDAV_Server
|
||||
$props['sync-token'] = $handler->get_sync_token($path,$user);
|
||||
}
|
||||
}
|
||||
if ($handler && $user)
|
||||
if ($handler && !is_null($user))
|
||||
{
|
||||
return $this->add_collection($path, $props, $handler->current_user_privileges($path, $user));
|
||||
}
|
||||
|
@ -415,6 +415,16 @@ abstract class groupdav_handler
|
||||
return $agent;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get grants of current user and app
|
||||
*
|
||||
* @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
|
||||
*/
|
||||
public function get_grants()
|
||||
{
|
||||
return $this->acl->get_grants($this->app, $this->app != 'addressbook');
|
||||
}
|
||||
|
||||
/**
|
||||
* Return priviledges for current user, default is read and read-current-user-privilege-set
|
||||
*
|
||||
@ -429,30 +439,31 @@ abstract class groupdav_handler
|
||||
static $grants;
|
||||
if (is_null($grants))
|
||||
{
|
||||
$grants = $this->acl->get_grants($this->app, $this->app != 'addressbook');
|
||||
$grants = $this->get_grants();
|
||||
}
|
||||
$priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set');
|
||||
|
||||
if (!$user || $grants[$user] & EGW_ACL_READ)
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_READ)
|
||||
{
|
||||
$priviledes['read'] = 'read';
|
||||
// allows on all calendars/addressbooks to write properties, as we store them on a per-user basis
|
||||
// and only allow to modify explicit named properties in CalDAV, CardDAV or Calendarserver name-space
|
||||
$priviledes['write-properties'] = 'write-properties';
|
||||
}
|
||||
if (!$user || $grants[$user] & EGW_ACL_ADD)
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_ADD)
|
||||
{
|
||||
$priviledes['bind'] = 'bind'; // PUT for new resources
|
||||
}
|
||||
if (!$user || $grants[$user] & EGW_ACL_EDIT)
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_EDIT)
|
||||
{
|
||||
$priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events
|
||||
}
|
||||
if (!$user || $grants[$user] & EGW_ACL_DELETE)
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_DELETE)
|
||||
{
|
||||
$priviledes['unbind'] = 'unbind'; // DELETE
|
||||
}
|
||||
// copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH
|
||||
//error_log(__METHOD__."('$path', ".array2string($user).') returning '.array2string($priviledes).' '.function_backtrace());
|
||||
return $priviledes;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user