From b2bea332b1de43f2ce5009034d828d715c763f8f Mon Sep 17 00:00:00 2001 From: Nathan Gray Date: Mon, 28 Feb 2011 23:43:34 +0000 Subject: [PATCH] Do private filtering on DB level --- calendar/inc/class.calendar_bo.inc.php | 7 ++----- calendar/inc/class.calendar_so.inc.php | 7 +++++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/calendar/inc/class.calendar_bo.inc.php b/calendar/inc/class.calendar_bo.inc.php index 7db00bd41d..3e4118e859 100644 --- a/calendar/inc/class.calendar_bo.inc.php +++ b/calendar/inc/class.calendar_bo.inc.php @@ -474,16 +474,13 @@ class calendar_bo } if ($is_private || (!$event['public'] && $filter == 'hideprivate')) { - if($params['query']) + if($filter == 'hideprivate') { unset($events[$id]); $this->total--; continue; } - elseif($this->check_perms(EGW_ACL_FREEBUSY,$event)) - { - $this->clear_private_infos($events[$id],$users); - } + $this->clear_private_infos($events[$id],$users); } } diff --git a/calendar/inc/class.calendar_so.inc.php b/calendar/inc/class.calendar_so.inc.php index 8ecc33c06d..c9757fcaf7 100644 --- a/calendar/inc/class.calendar_so.inc.php +++ b/calendar/inc/class.calendar_so.inc.php @@ -342,6 +342,13 @@ class calendar_so $to_or[] = $col.' '.$this->db->capabilities[egw_db::CAPABILITY_CASE_INSENSITIV_LIKE].' '.$this->db->quote('%'.$params['query'].'%'); } $where[] = '('.implode(' OR ',$to_or).')'; + + // Searching - restrict private to own or private grant + $private_grants = $GLOBALS['egw']->acl->get_ids_for_location($GLOBALS['egw_info']['user']['account_id'], EGW_ACL_PRIVATE, 'calendar'); + $private_filter = '(cal_public OR cal_owner = ' . $GLOBALS['egw_info']['user']['account_id']; + if($private_grants) $private_filter .= ' OR !cal_public AND cal_owner IN (' . implode(',',$private_grants) . ')'; + $private_filter .= ')'; + $where[] = $private_filter; } if (!empty($params['sql_filter']) && is_string($params['sql_filter'])) {