extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 00:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

file_access_user implementation for calendar

Browse Source
This commit is contained in:
Ralf Becker 2011-06-26 15:41:21 +00:00
parent 18f6a20df4
commit be76b42634
2 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
calendar/inc/class.calendar_bo.inc.php
View File

@ -1071,10 +1071,21 @@ class calendar_bo
* @param int $other uid to check (if event==0) or 0 to check against $this->user * @param int $other uid to check (if event==0) or 0 to check against $this->user
* @param string $date_format='ts' date-format used for reading: 'ts'=timestamp, 'array'=array, 'string'=iso8601 string for xmlrpc * @param string $date_format='ts' date-format used for reading: 'ts'=timestamp, 'array'=array, 'string'=iso8601 string for xmlrpc
* @param mixed $date_to_read=null date used for reading, internal param for the caching * @param mixed $date_to_read=null date used for reading, internal param for the caching
* @param int $user=null for which user to check, default current user
* @return boolean true permission granted, false for permission denied or null if event not found * @return boolean true permission granted, false for permission denied or null if event not found
*/ */
function check_perms($needed,$event=0,$other=0,$date_format='ts',$date_to_read=null) function check_perms($needed,$event=0,$other=0,$date_format='ts',$date_to_read=null,$user=null)
{ {
if (!$user) $user = $this->user;
if ($user == $this->user)
{
$grants = $this->grants;
}
else
{
$grants = $GLOBALS['egw']->acl->get_grants('calendar',true,$user);
}
$event_in = $event; $event_in = $event;
if ($other && !is_numeric($other)) if ($other && !is_numeric($other))
{ {
@ -1083,7 +1094,7 @@ class calendar_bo
} }
if (is_int($event) && $event == 0) if (is_int($event) && $event == 0)
{ {
$owner = $other ? $other : $this->user; $owner = $other ? $other : $user;
} }
else else
{ {
@ -1102,10 +1113,10 @@ class calendar_bo
$owner = $event['owner']; $owner = $event['owner'];
$private = !$event['public']; $private = !$event['public'];
} }
$grants = $this->grants[$owner]; $grant = $grants[$owner];
// now any ACL rights (but invite rights!) implicate FREEBUSY rights (at least READ has to include FREEBUSY) // now any ACL rights (but invite rights!) implicate FREEBUSY rights (at least READ has to include FREEBUSY)
if ($grants & ~EGW_ACL_INVITE) $grants |= EGW_ACL_FREEBUSY; if ($grant & ~EGW_ACL_INVITE) $grant |= EGW_ACL_FREEBUSY;
if (is_array($event) && ($needed == EGW_ACL_READ || $needed == EGW_ACL_FREEBUSY)) if (is_array($event) && ($needed == EGW_ACL_READ || $needed == EGW_ACL_FREEBUSY))
{ {
@ -1116,29 +1127,29 @@ class calendar_bo
{ {
foreach($event['participants'] as $uid => $accept) foreach($event['participants'] as $uid => $accept)
{ {
if ($uid == $this->user || $uid < 0 && in_array($this->user,$GLOBALS['egw']->accounts->members($uid,true))) if ($uid == $user || $uid < 0 && in_array($user,$GLOBALS['egw']->accounts->members($uid,true)))
{ {
$grants |= EGW_ACL_FREEBUSY; $grant |= EGW_ACL_FREEBUSY;
// if we are a participant, we have an implicite READ and PRIVAT grant // if we are a participant, we have an implicite READ and PRIVAT grant
// exept the group gives its members only EGW_ACL_FREEBUSY and the participant is not the current user // exept the group gives its members only EGW_ACL_FREEBUSY and the participant is not the current user
if ($this->grants[$uid] == EGW_ACL_FREEBUSY && $uid != $this->user) continue; if ($grants[$uid] == EGW_ACL_FREEBUSY && $uid != $user) continue;
$grants |= EGW_ACL_READ | EGW_ACL_PRIVATE; $grant |= EGW_ACL_READ | EGW_ACL_PRIVATE;
break; break;
} }
elseif ($this->grants[$uid] & EGW_ACL_READ) elseif ($grants[$uid] & EGW_ACL_READ)
{ {
// if we have a READ grant from a participant, we dont give an implicit privat grant too // if we have a READ grant from a participant, we dont give an implicit privat grant too
$grants |= EGW_ACL_READ; $grant |= EGW_ACL_READ;
// we cant break here, as we might be a participant too, and would miss the privat grant // we cant break here, as we might be a participant too, and would miss the privat grant
} }
elseif (!is_numeric($uid)) elseif (!is_numeric($uid))
{ {
// if the owner only grants EGW_ACL_BUSY we are not interested in the recources explicit rights // if the owner only grants EGW_ACL_FREEBUSY we are not interested in the recources explicit rights
if ($grants == EGW_ACL_FREEBUSY) break; if ($grant == EGW_ACL_FREEBUSY) break;
// if we have a resource as participant // if we have a resource as participant
$resource = $this->resource_info($uid); $resource = $this->resource_info($uid);
$grants |= $resource['rights']; $grant |= $resource['rights'];
} }
} }
} }
@ -1149,21 +1160,21 @@ class calendar_bo
} }
else else
{ {
$access = $this->user == $owner || $grants & $needed $access = $user == $owner || $grant & $needed
&& ($needed == EGW_ACL_FREEBUSY || !$private || $grants & EGW_ACL_PRIVATE); && ($needed == EGW_ACL_FREEBUSY || !$private || $grant & EGW_ACL_PRIVATE);
} }
// do NOT allow users to purge deleted events, if we dont have 'user_purge' enabled // do NOT allow users to purge deleted events, if we dont have 'user_purge' enabled
if ($access && $needed == EGW_ACL_DELETE && $event['deleted'] && if ($access && $needed == EGW_ACL_DELETE && $event['deleted'] &&
!$GLOBALS['egw_info']['user']['apps']['admin'] && !$GLOBALS['egw_info']['user']['apps']['admin'] && $user != $this->user &&
$GLOBALS['egw_info']['server']['calendar_delete_history'] != 'user_purge') $GLOBALS['egw_info']['server']['calendar_delete_history'] != 'user_purge')
{ {
$access = false; $access = false;
} }
if ($this->debug && ($this->debug > 2 || $this->debug == 'check_perms')) if ($this->debug && ($this->debug > 2 || $this->debug == 'check_perms'))
{ {
$this->debug_message('calendar_bo::check_perms(%1,%2,%3)=%4',True,ACL_TYPE_IDENTIFER.$needed,$event,$other,$access); $this->debug_message('calendar_bo::check_perms(%1,%2,other=%3,%4,%5,user=%6)=%7',True,ACL_TYPE_IDENTIFER.$needed,$event,$other,$date_format,$date_to_read,$user,$access);
} }
//error_log(__METHOD__."($needed,".array2string($event).",$other) returning ".array2string($access)); //error_log(__METHOD__."($needed,".array2string($event).",$other,...,$user) returning ".array2string($access));
return $access; return $access;
} }
@ -1780,15 +1791,17 @@ class calendar_bo
} }
/** /**
* Check access to the projects file store * Check access to the file store
* *
* @param int $id id of entry * @param int $id id of entry
* @param int $check EGW_ACL_READ for read and EGW_ACL_EDIT for write or delete access * @param int $check EGW_ACL_READ for read and EGW_ACL_EDIT for write or delete access
* @param string $rel_path=null currently not used in calendar
* @param int $user=null for which user to check, default current user
* @return boolean true if access is granted or false otherwise * @return boolean true if access is granted or false otherwise
*/ */
function file_access($id,$check,$rel_path) function file_access($id,$check,$rel_path,$user=null)
{ {
return $this->check_perms($check,$id); return $this->check_perms($check,$id,0,'ts',null,$user);
} }
/** /**

3
calendar/inc/class.calendar_hooks.inc.php
View File

@ -5,7 +5,7 @@
* @link http://www.egroupware.org * @link http://www.egroupware.org
* @package calendar * @package calendar
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de> * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
* @copyright (c) 2004-9 by RalfBecker-At-outdoor-training.de * @copyright (c) 2004-11 by RalfBecker-At-outdoor-training.de
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$ * @version $Id$
*/ */
@ -39,6 +39,7 @@ class calendar_hooks
'add_id' => 'link_id', 'add_id' => 'link_id',
'add_popup' => '750x400', 'add_popup' => '750x400',
'file_access' => 'calendar.calendar_bo.file_access', 'file_access' => 'calendar.calendar_bo.file_access',
'file_access_user' => true, // file_access supports 4th parameter $user
); );
} }