diff --git a/addressbook/inc/class.addressbook_bo.inc.php b/addressbook/inc/class.addressbook_bo.inc.php index b91b4466e7..1f02bbfab4 100755 --- a/addressbook/inc/class.addressbook_bo.inc.php +++ b/addressbook/inc/class.addressbook_bo.inc.php @@ -932,7 +932,7 @@ class addressbook_bo extends addressbook_so } $to_write = $contact; // (non-admin) user editing his own account, make sure he does not change fields he is not allowed to (eg. via SyncML or xmlrpc) - if (!$ignore_acl && !$contact['owner'] && !$this->is_admin($contact)) + if (!$ignore_acl && !$contact['owner'] && !($this->is_admin($contact) || $this->allow_account_edit())) { foreach($contact as $field => $value) { @@ -941,7 +941,7 @@ class addressbook_bo extends addressbook_so // user is not allowed to change that if ($old) { - $to_write[$field] = $old[$field]; + $to_write[$field] = $contact[$field] = $old[$field]; } else { diff --git a/addressbook/inc/class.addressbook_so.inc.php b/addressbook/inc/class.addressbook_so.inc.php index 7d24286934..2dc7ee7895 100755 --- a/addressbook/inc/class.addressbook_so.inc.php +++ b/addressbook/inc/class.addressbook_so.inc.php @@ -351,9 +351,7 @@ class addressbook_so if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= EGW_ACL_DELETE; } // allow certain groups to edit contact-data of accounts - if ($GLOBALS['egw_info']['server']['allow_account_edit'] && - array_intersect($GLOBALS['egw_info']['server']['allow_account_edit'], - $GLOBALS['egw']->accounts->memberships($user, true))) + if (self::allow_account_edit($user)) { $grants[0] |= EGW_ACL_READ|EGW_ACL_EDIT; } @@ -379,6 +377,19 @@ class addressbook_so return isset($GLOBALS['egw_info']['user']['apps']['admin']) && !$GLOBALS['egw']->acl->check('account_access',16,'admin'); } + /** + * Check if current user is in a group, which is allowed to edit accounts + * + * @param int $user =null default $this->user + * @return boolean + */ + function allow_account_edit($user=null) + { + return $GLOBALS['egw_info']['server']['allow_account_edit'] && + array_intersect($GLOBALS['egw_info']['server']['allow_account_edit'], + $GLOBALS['egw']->accounts->memberships($user ? $user : $this->user, true)); + } + /** * Read all customfields of the given id's *