extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 16:48:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

respect category permissions in calendar gui, unified var name of categories object

Browse Source
This commit is contained in:
Christian Binder 2009-11-25 12:58:09 +00:00
parent a7c2b81b85
commit 8e63887331
4 changed files with 42 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
calendar/inc/class.calendar_ui.inc.php
View File

@ -47,11 +47,11 @@ class calendar_ui
*/
var $datetime;
/**
* Reference to global categories class
* Instance of categories class
*
* @var categories
*/
var $cats;
var $categories;
/**
* Reference to global uiaccountsel class
*
@ -145,14 +145,8 @@ class calendar_ui
$this->datetime = $GLOBALS['egw']->datetime;
$this->accountsel = $GLOBALS['egw']->uiaccountsel;
if ($GLOBALS['egw']->categories->app_name != 'calendar')
{
$this->cats = new categories('','calendar'); // we need an own instance to get the calendar cats
}
else
{
$this->cats = $GLOBALS['egw']->categories;
}
$this->categories = new categories($this->user,'calendar');
$this->common_prefs = &$GLOBALS['egw_info']['user']['preferences']['common'];
$this->cal_prefs = &$GLOBALS['egw_info']['user']['preferences']['calendar'];
$this->bo->check_set_default_prefs();
@ -170,6 +164,35 @@ class calendar_ui
// calendar does not work with hidden sidebox atm.
unset($GLOBALS['egw_info']['user']['preferences']['common']['auto_hide_sidebox']);
}
/**
* Checks category permissions
* Takes a commaseparated list of category ids
* and truncates it by the ones the user does not have the requested permission on
*
* @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
* @param string $categories commaseparated list of category ids
* @return string truncated commaseparated list of category ids
*/
function check_category_perms($needed, $categories)
{
if (empty($categories)) return $categories;
$cat_arr = explode(',',$categories);
if (!empty($cat_arr) && is_array($cat_arr) && count($cat_arr) > 0)
{
foreach($cat_arr as $id=>$cat_id)
{
if (!$this->categories->check_perms($needed, $cat_id))
{
unset($cat_arr[$id]);
}
}
$categories = implode(',',$cat_arr);
}
return $categories;
}
/**
* Checks and terminates (or returns for home) with a message if $this->owner include a user/resource we have no read-access to
@ -699,7 +722,7 @@ class calendar_ui
// Category Selection
$file[++$n] = $this->_select_box('Category','cat_id',
'<option value="0">'.lang('All categories').'</option>'.
$this->cats->formatted_list('select','all',$this->cat_id,'True'),$baseurl ? $baseurl.'&cat_id=' : '');
$this->categories->formatted_list('select','all',$this->cat_id,'True'),$baseurl ? $baseurl.'&cat_id=' : '');
// Filter all or hideprivate
$options = '';

3
calendar/inc/class.calendar_uiforms.inc.php
View File

@ -1046,6 +1046,9 @@ class calendar_uiforms extends calendar_ui
$onclick = str_replace('Delete this event','Delete this series of recuring events',$onclick);
}
$content['participants']['no_add'] = true;
// respect category ACLs
$content['category'] = $this->check_category_perms(EGW_ACL_READ, $event['category']);
}
else
{

1
calendar/inc/class.calendar_uilist.inc.php
View File

@ -312,6 +312,7 @@ class calendar_uilist extends calendar_ui
}
if (empty($event['description'])) $event['description'] = ' '; // no description screws the titles horz. alignment
if (empty($event['location'])) $event['location'] = ' '; // no location screws the owner horz. alignment
$event['category'] = $this->check_category_perms(EGW_ACL_READ, $event['category']);
$rows[] = $event;
}

11
calendar/inc/class.calendar_uiviews.inc.php
View File

@ -1160,8 +1160,7 @@ class calendar_uiviews extends calendar_ui
$is_private = !$this->bo->check_perms(EGW_ACL_READ,$event);
$icons = !$is_private ? $this->event_icons($event) : array(html::image('calendar','private',lang('private')));
$cats = $this->bo->categories($event['category'],$color);
$cats = $this->bo->categories($this->check_category_perms(EGW_ACL_READ, $event['category']),$color);
// these values control varius aspects of the geometry of the eventWidget
$small_trigger_width = 120 + 20*count($icons);
$corner_radius=$width > $small_trigger_width ? 10 : 5;
@ -1175,7 +1174,7 @@ class calendar_uiviews extends calendar_ui
$bodybgcolor1 = $this->brighter($headerbgcolor,$headerbgcolor == '#808080' ? 100 : 170);
$bodybgcolor2 = $this->brighter($headerbgcolor,220);
// mark event as invitation, by NOT using category based backgrond color, but plain white
// mark event as invitation, by NOT using category based background color, but plain white
if ($event['participants'][$this->user][0] == 'U')
{
$bodybgcolor1 = $bodybgcolor2 = 'white';
@ -1586,7 +1585,7 @@ class calendar_uiviews extends calendar_ui
if (!is_array($cat2sort))
{
$cat2sort = array();
foreach((array)$this->cats->return_array('all',0,false,'','','',true) as $data)
foreach((array)$this->categories->return_array('all',0,false,'','','',true) as $data)
{
if ($data['parent'] == $this->cat_id || $data['id'] == $this->cat_id) // cat is a direct sub of $this->cat_id
{
@ -1612,7 +1611,7 @@ class calendar_uiviews extends calendar_ui
$sort2label[0] = lang('none');
$ret[] = 0;
}
//echo "<p>uiviews::_get_planner_cats($cats=".$this->cats->id2name($cats).") (this->cat_id=$this->cat_id) = ".print_r($ret,true).'='.$this->cats->id2name($ret[0])."</p>\n";
//echo "<p>uiviews::_get_planner_cats($cats=".$this->categories->id2name($cats).") (this->cat_id=$this->cat_id) = ".print_r($ret,true).'='.$this->categories->id2name($ret[0])."</p>\n";
return $ret;
}
@ -2033,6 +2032,4 @@ class calendar_uiviews extends calendar_ui
return $dayEvents;
}
}