mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-03 20:49:04 +01:00
allow to import without acl-check and setting modifier
This commit is contained in:
parent
47a1a05227
commit
c10654e1da
@ -848,9 +848,10 @@ class Contacts extends Contacts\Storage
|
||||
*
|
||||
* @param array &$contact contact array from etemplate::exec
|
||||
* @param boolean $ignore_acl =false should the acl be checked or not
|
||||
* @param boolean $touch_modified =true should modified/r be updated
|
||||
* @return int/string/boolean id on success, false on failure, the error-message is in $this->error
|
||||
*/
|
||||
function save(&$contact,$ignore_acl=false)
|
||||
function save(&$contact, $ignore_acl=false, $touch_modified=true)
|
||||
{
|
||||
// remember if we add or update a entry
|
||||
if (($isUpdate = $contact['id']))
|
||||
@ -885,8 +886,8 @@ class Contacts extends Contacts\Storage
|
||||
$contact['owner'] = $this->default_addressbook ? $this->default_addressbook : $this->user;
|
||||
}
|
||||
// allow admins to import contacts with creator / created date set
|
||||
if (!$contact['creator'] || !$this->is_admin($contact)) $contact['creator'] = $this->user;
|
||||
if (!$contact['created'] || !$this->is_admin($contact)) $contact['created'] = $this->now_su;
|
||||
if (!$contact['creator'] || !$ignore_acl && !$this->is_admin($contact)) $contact['creator'] = $this->user;
|
||||
if (!$contact['created'] || !$ignore_acl && !$this->is_admin($contact)) $contact['created'] = $this->now_su;
|
||||
|
||||
if (!$contact['tid']) $contact['tid'] = 'n';
|
||||
}
|
||||
@ -932,8 +933,11 @@ class Contacts extends Contacts\Storage
|
||||
}
|
||||
|
||||
// last modified
|
||||
$contact['modifier'] = $this->user;
|
||||
$contact['modified'] = $this->now_su;
|
||||
if ($touch_modified)
|
||||
{
|
||||
$contact['modifier'] = $this->user;
|
||||
$contact['modified'] = $this->now_su;
|
||||
}
|
||||
// set full name and fileas from the content
|
||||
if (!isset($contact['n_fn']))
|
||||
{
|
||||
|
@ -344,7 +344,8 @@ class Sql extends Api\Storage
|
||||
}
|
||||
if (isset($filter['list']))
|
||||
{
|
||||
$join .= " JOIN $this->ab2list_table ON $this->table_name.contact_id=$this->ab2list_table.contact_id AND list_id=".(int)$filter['list'];
|
||||
$join .= " JOIN $this->ab2list_table ON $this->table_name.contact_id=$this->ab2list_table.contact_id AND ".
|
||||
$this->db->expression($this->ab2list_table, array('list_id' => $filter['list']));
|
||||
unset($filter['list']);
|
||||
}
|
||||
// add join to show only active accounts (only if accounts are shown and in sql and we not already join the accounts table, eg. used by admin)
|
||||
|
@ -712,16 +712,17 @@ class infolog_bo
|
||||
* @param boolean $skip_notification = false true = do NOT send notification, false (default) = send notifications
|
||||
* @param boolean $throw_exception = false Throw an exception (if required fields are not set)
|
||||
* @param string $purge_cfs = null null=dont, 'ical'=only iCal X-properties (cfs name starting with "#"), 'all'=all cfs
|
||||
* @param boolean $ignore_acl =true
|
||||
*
|
||||
* @return int|boolean info_id on a successfull write or false
|
||||
*/
|
||||
function write(&$values_in, $check_defaults=true, $touch_modified=true, $user2server=true,
|
||||
$skip_notification=false, $throw_exception=false, $purge_cfs=null)
|
||||
$skip_notification=false, $throw_exception=false, $purge_cfs=null, $ignore_acl=false)
|
||||
{
|
||||
$values = $values_in;
|
||||
//echo "boinfolog::write()values="; _debug_array($values);
|
||||
if (!$values['info_id'] && !$this->check_access(0,Acl::EDIT,$values['info_owner']) &&
|
||||
!$this->check_access(0,Acl::ADD,$values['info_owner']))
|
||||
if (!$ignore_acl && (!$values['info_id'] && !$this->check_access(0,Acl::EDIT,$values['info_owner']) &&
|
||||
!$this->check_access(0,Acl::ADD,$values['info_owner'])))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -750,8 +751,8 @@ class infolog_bo
|
||||
$status_only = $undelete = $this->check_access($values['info_id'],self::ACL_UNDELETE);
|
||||
}
|
||||
}
|
||||
if ($values['info_id'] && !$this->check_access($values['info_id'],Acl::EDIT) && !$status_only ||
|
||||
!$values['info_id'] && $values['info_id_parent'] && !$this->check_access($values['info_id_parent'],Acl::ADD))
|
||||
if (!$ignore_acl && ($values['info_id'] && !$this->check_access($values['info_id'],Acl::EDIT) && !$status_only ||
|
||||
!$values['info_id'] && $values['info_id_parent'] && !$this->check_access($values['info_id_parent'],Acl::ADD)))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -1031,9 +1032,10 @@ class infolog_bo
|
||||
* @param $query[action] / $query[action_id] if only entries linked to a specified app/entry show be used
|
||||
* @param &$query[start], &$query[total] nextmatch-parameters will be used and set if query returns less entries
|
||||
* @param $query[col_filter] array with column-name - data pairs, data == '' means no filter (!)
|
||||
* @param boolean $no_acl =false true: ignore all acl
|
||||
* @return array with id's as key of the matching log-entries
|
||||
*/
|
||||
function &search(&$query)
|
||||
function &search(&$query, $no_acl=false)
|
||||
{
|
||||
//error_log(__METHOD__.'('.array2string($query).')');
|
||||
|
||||
@ -1065,14 +1067,14 @@ class infolog_bo
|
||||
}
|
||||
}
|
||||
|
||||
$ret = $this->so->search($query);
|
||||
$ret = $this->so->search($query, $no_acl);
|
||||
$this->total = $query['total'];
|
||||
|
||||
if (is_array($ret))
|
||||
{
|
||||
foreach ($ret as $id => &$data)
|
||||
{
|
||||
if (!$this->check_access($data,Acl::READ))
|
||||
if (!$no_acl && !$this->check_access($data,Acl::READ))
|
||||
{
|
||||
unset($ret[$id]);
|
||||
continue;
|
||||
|
@ -672,9 +672,10 @@ class infolog_so
|
||||
* @param string|array $query[cols]=null what to query, if set the recordset / iterator get's returned
|
||||
* @param string $query[append]=null get's appended to sql query, eg. for GROUP BY
|
||||
* @param boolean $query['custom_fields']=false query custom-fields too, default not
|
||||
* @param boolean $no_acl =false true: ignore all acl
|
||||
* @return array|iterator with id's as key of the matching log-entries or recordset/iterator if cols is set
|
||||
*/
|
||||
function search(&$query)
|
||||
function search(&$query, $no_acl=false)
|
||||
{
|
||||
//error_log(__METHOD__.'('.array2string($query).')');
|
||||
$action2app = array(
|
||||
@ -731,7 +732,7 @@ class infolog_so
|
||||
{
|
||||
$ordermethod = 'ORDER BY info_datemodified DESC'; // newest first
|
||||
}
|
||||
$filtermethod = $this->aclFilter($query['filter']);
|
||||
$filtermethod = $no_acl ? '1=1' : $this->aclFilter($query['filter']);
|
||||
if (!$query['col_filter']['info_status']) $filtermethod .= $this->statusFilter($query['filter']);
|
||||
$filtermethod .= $this->dateFilter($query['filter']);
|
||||
$cfcolfilter=0;
|
||||
|
@ -396,6 +396,7 @@ class timesheet_bo extends Api\Storage
|
||||
* search the timesheet
|
||||
*
|
||||
* reimplemented to limit result to users we have grants from
|
||||
* Use $filter['ts_owner'] === false for no ACL check.
|
||||
*
|
||||
* @param array|string $criteria array of key and data cols, OR a SQL query (content for WHERE), fully quoted (!)
|
||||
* @param boolean|string $only_keys =true True returns only keys, False returns all cols. comma seperated list of keys to return
|
||||
@ -431,6 +432,11 @@ class timesheet_bo extends Api\Storage
|
||||
{
|
||||
$filter['ts_owner'] = array_keys($this->grants);
|
||||
}
|
||||
// $filter['ts_owner'] === false --> no ACL checks
|
||||
elseif ($filter['ts_owner'] === false)
|
||||
{
|
||||
$filter['ts_owner'] = '';
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!is_array($filter['ts_owner'])) $filter['ts_owner'] = array($filter['ts_owner']);
|
||||
|
Loading…
Reference in New Issue
Block a user