allow to import without acl-check and setting modifier

This commit is contained in:
Ralf Becker 2016-09-26 11:40:02 +02:00
parent 47a1a05227
commit c10654e1da
5 changed files with 30 additions and 16 deletions

View File

@ -848,9 +848,10 @@ class Contacts extends Contacts\Storage
* *
* @param array &$contact contact array from etemplate::exec * @param array &$contact contact array from etemplate::exec
* @param boolean $ignore_acl =false should the acl be checked or not * @param boolean $ignore_acl =false should the acl be checked or not
* @param boolean $touch_modified =true should modified/r be updated
* @return int/string/boolean id on success, false on failure, the error-message is in $this->error * @return int/string/boolean id on success, false on failure, the error-message is in $this->error
*/ */
function save(&$contact,$ignore_acl=false) function save(&$contact, $ignore_acl=false, $touch_modified=true)
{ {
// remember if we add or update a entry // remember if we add or update a entry
if (($isUpdate = $contact['id'])) if (($isUpdate = $contact['id']))
@ -885,8 +886,8 @@ class Contacts extends Contacts\Storage
$contact['owner'] = $this->default_addressbook ? $this->default_addressbook : $this->user; $contact['owner'] = $this->default_addressbook ? $this->default_addressbook : $this->user;
} }
// allow admins to import contacts with creator / created date set // allow admins to import contacts with creator / created date set
if (!$contact['creator'] || !$this->is_admin($contact)) $contact['creator'] = $this->user; if (!$contact['creator'] || !$ignore_acl && !$this->is_admin($contact)) $contact['creator'] = $this->user;
if (!$contact['created'] || !$this->is_admin($contact)) $contact['created'] = $this->now_su; if (!$contact['created'] || !$ignore_acl && !$this->is_admin($contact)) $contact['created'] = $this->now_su;
if (!$contact['tid']) $contact['tid'] = 'n'; if (!$contact['tid']) $contact['tid'] = 'n';
} }
@ -932,8 +933,11 @@ class Contacts extends Contacts\Storage
} }
// last modified // last modified
$contact['modifier'] = $this->user; if ($touch_modified)
$contact['modified'] = $this->now_su; {
$contact['modifier'] = $this->user;
$contact['modified'] = $this->now_su;
}
// set full name and fileas from the content // set full name and fileas from the content
if (!isset($contact['n_fn'])) if (!isset($contact['n_fn']))
{ {

View File

@ -344,7 +344,8 @@ class Sql extends Api\Storage
} }
if (isset($filter['list'])) if (isset($filter['list']))
{ {
$join .= " JOIN $this->ab2list_table ON $this->table_name.contact_id=$this->ab2list_table.contact_id AND list_id=".(int)$filter['list']; $join .= " JOIN $this->ab2list_table ON $this->table_name.contact_id=$this->ab2list_table.contact_id AND ".
$this->db->expression($this->ab2list_table, array('list_id' => $filter['list']));
unset($filter['list']); unset($filter['list']);
} }
// add join to show only active accounts (only if accounts are shown and in sql and we not already join the accounts table, eg. used by admin) // add join to show only active accounts (only if accounts are shown and in sql and we not already join the accounts table, eg. used by admin)

View File

@ -712,16 +712,17 @@ class infolog_bo
* @param boolean $skip_notification = false true = do NOT send notification, false (default) = send notifications * @param boolean $skip_notification = false true = do NOT send notification, false (default) = send notifications
* @param boolean $throw_exception = false Throw an exception (if required fields are not set) * @param boolean $throw_exception = false Throw an exception (if required fields are not set)
* @param string $purge_cfs = null null=dont, 'ical'=only iCal X-properties (cfs name starting with "#"), 'all'=all cfs * @param string $purge_cfs = null null=dont, 'ical'=only iCal X-properties (cfs name starting with "#"), 'all'=all cfs
* @param boolean $ignore_acl =true
* *
* @return int|boolean info_id on a successfull write or false * @return int|boolean info_id on a successfull write or false
*/ */
function write(&$values_in, $check_defaults=true, $touch_modified=true, $user2server=true, function write(&$values_in, $check_defaults=true, $touch_modified=true, $user2server=true,
$skip_notification=false, $throw_exception=false, $purge_cfs=null) $skip_notification=false, $throw_exception=false, $purge_cfs=null, $ignore_acl=false)
{ {
$values = $values_in; $values = $values_in;
//echo "boinfolog::write()values="; _debug_array($values); //echo "boinfolog::write()values="; _debug_array($values);
if (!$values['info_id'] && !$this->check_access(0,Acl::EDIT,$values['info_owner']) && if (!$ignore_acl && (!$values['info_id'] && !$this->check_access(0,Acl::EDIT,$values['info_owner']) &&
!$this->check_access(0,Acl::ADD,$values['info_owner'])) !$this->check_access(0,Acl::ADD,$values['info_owner'])))
{ {
return false; return false;
} }
@ -750,8 +751,8 @@ class infolog_bo
$status_only = $undelete = $this->check_access($values['info_id'],self::ACL_UNDELETE); $status_only = $undelete = $this->check_access($values['info_id'],self::ACL_UNDELETE);
} }
} }
if ($values['info_id'] && !$this->check_access($values['info_id'],Acl::EDIT) && !$status_only || if (!$ignore_acl && ($values['info_id'] && !$this->check_access($values['info_id'],Acl::EDIT) && !$status_only ||
!$values['info_id'] && $values['info_id_parent'] && !$this->check_access($values['info_id_parent'],Acl::ADD)) !$values['info_id'] && $values['info_id_parent'] && !$this->check_access($values['info_id_parent'],Acl::ADD)))
{ {
return false; return false;
} }
@ -1031,9 +1032,10 @@ class infolog_bo
* @param $query[action] / $query[action_id] if only entries linked to a specified app/entry show be used * @param $query[action] / $query[action_id] if only entries linked to a specified app/entry show be used
* @param &$query[start], &$query[total] nextmatch-parameters will be used and set if query returns less entries * @param &$query[start], &$query[total] nextmatch-parameters will be used and set if query returns less entries
* @param $query[col_filter] array with column-name - data pairs, data == '' means no filter (!) * @param $query[col_filter] array with column-name - data pairs, data == '' means no filter (!)
* @param boolean $no_acl =false true: ignore all acl
* @return array with id's as key of the matching log-entries * @return array with id's as key of the matching log-entries
*/ */
function &search(&$query) function &search(&$query, $no_acl=false)
{ {
//error_log(__METHOD__.'('.array2string($query).')'); //error_log(__METHOD__.'('.array2string($query).')');
@ -1065,14 +1067,14 @@ class infolog_bo
} }
} }
$ret = $this->so->search($query); $ret = $this->so->search($query, $no_acl);
$this->total = $query['total']; $this->total = $query['total'];
if (is_array($ret)) if (is_array($ret))
{ {
foreach ($ret as $id => &$data) foreach ($ret as $id => &$data)
{ {
if (!$this->check_access($data,Acl::READ)) if (!$no_acl && !$this->check_access($data,Acl::READ))
{ {
unset($ret[$id]); unset($ret[$id]);
continue; continue;

View File

@ -672,9 +672,10 @@ class infolog_so
* @param string|array $query[cols]=null what to query, if set the recordset / iterator get's returned * @param string|array $query[cols]=null what to query, if set the recordset / iterator get's returned
* @param string $query[append]=null get's appended to sql query, eg. for GROUP BY * @param string $query[append]=null get's appended to sql query, eg. for GROUP BY
* @param boolean $query['custom_fields']=false query custom-fields too, default not * @param boolean $query['custom_fields']=false query custom-fields too, default not
* @param boolean $no_acl =false true: ignore all acl
* @return array|iterator with id's as key of the matching log-entries or recordset/iterator if cols is set * @return array|iterator with id's as key of the matching log-entries or recordset/iterator if cols is set
*/ */
function search(&$query) function search(&$query, $no_acl=false)
{ {
//error_log(__METHOD__.'('.array2string($query).')'); //error_log(__METHOD__.'('.array2string($query).')');
$action2app = array( $action2app = array(
@ -731,7 +732,7 @@ class infolog_so
{ {
$ordermethod = 'ORDER BY info_datemodified DESC'; // newest first $ordermethod = 'ORDER BY info_datemodified DESC'; // newest first
} }
$filtermethod = $this->aclFilter($query['filter']); $filtermethod = $no_acl ? '1=1' : $this->aclFilter($query['filter']);
if (!$query['col_filter']['info_status']) $filtermethod .= $this->statusFilter($query['filter']); if (!$query['col_filter']['info_status']) $filtermethod .= $this->statusFilter($query['filter']);
$filtermethod .= $this->dateFilter($query['filter']); $filtermethod .= $this->dateFilter($query['filter']);
$cfcolfilter=0; $cfcolfilter=0;

View File

@ -396,6 +396,7 @@ class timesheet_bo extends Api\Storage
* search the timesheet * search the timesheet
* *
* reimplemented to limit result to users we have grants from * reimplemented to limit result to users we have grants from
* Use $filter['ts_owner'] === false for no ACL check.
* *
* @param array|string $criteria array of key and data cols, OR a SQL query (content for WHERE), fully quoted (!) * @param array|string $criteria array of key and data cols, OR a SQL query (content for WHERE), fully quoted (!)
* @param boolean|string $only_keys =true True returns only keys, False returns all cols. comma seperated list of keys to return * @param boolean|string $only_keys =true True returns only keys, False returns all cols. comma seperated list of keys to return
@ -431,6 +432,11 @@ class timesheet_bo extends Api\Storage
{ {
$filter['ts_owner'] = array_keys($this->grants); $filter['ts_owner'] = array_keys($this->grants);
} }
// $filter['ts_owner'] === false --> no ACL checks
elseif ($filter['ts_owner'] === false)
{
$filter['ts_owner'] = '';
}
else else
{ {
if (!is_array($filter['ts_owner'])) $filter['ts_owner'] = array($filter['ts_owner']); if (!is_array($filter['ts_owner'])) $filter['ts_owner'] = array($filter['ts_owner']);