extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-26 16:48:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow to use Api\Contacts::search() without Acl check

Browse Source
This commit is contained in:
Ralf Becker 2016-11-07 09:26:14 +01:00
parent cb6121c41f
commit c20ee5575d
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/Contacts/Sql.php
View File

@ -262,9 +262,10 @@ class Sql extends Api\Storage
* @param string $join ='' sql to do a join, added as is after the table-name, eg. ", table2 WHERE x=y" or * @param string $join ='' sql to do a join, added as is after the table-name, eg. ", table2 WHERE x=y" or
* "LEFT JOIN table2 ON (x=y)", Note: there's no quoting done on $join! * "LEFT JOIN table2 ON (x=y)", Note: there's no quoting done on $join!
* @param boolean $need_full_no_count =false If true an unlimited query is run to determine the total number of rows, default false * @param boolean $need_full_no_count =false If true an unlimited query is run to determine the total number of rows, default false
* @param boolean $ignore_acl =false true: no acl check
* @return boolean/array of matching rows (the row is an array of the cols) or False * @return boolean/array of matching rows (the row is an array of the cols) or False
*/ */
function &search($criteria,$only_keys=True,$order_by='',$extra_cols='',$wildcard='',$empty=False,$op='AND',$start=false,$filter=null,$join='',$need_full_no_count=false) function &search($criteria,$only_keys=True,$order_by='',$extra_cols='',$wildcard='',$empty=False,$op='AND',$start=false,$filter=null,$join='',$need_full_no_count=false, $ignore_acl=false)
{ {
if ((int) $this->debug >= 4) echo '<p>'.__METHOD__.'('.array2string($criteria).','.array2string($only_keys).",'$order_by','$extra_cols','$wildcard','$empty','$op',$start,".array2string($filter).",'$join')</p>\n"; if ((int) $this->debug >= 4) echo '<p>'.__METHOD__.'('.array2string($criteria).','.array2string($only_keys).",'$order_by','$extra_cols','$wildcard','$empty','$op',$start,".array2string($filter).",'$join')</p>\n";
//error_log(__METHOD__.'('.array2string($criteria,true).','.array2string($only_keys).",'$order_by', ".array2string($extra_cols).",'$wildcard','$empty','$op',$start,".array2string($filter).",'$join')"); //error_log(__METHOD__.'('.array2string($criteria,true).','.array2string($only_keys).",'$order_by', ".array2string($extra_cols).",'$wildcard','$empty','$op',$start,".array2string($filter).",'$join')");
@ -290,7 +291,8 @@ class Sql extends Api\Storage
} }
// add filter for read ACL in sql, if user is NOT the owner of the addressbook // add filter for read ACL in sql, if user is NOT the owner of the addressbook
if (isset($this->grants) && !(isset($filter['owner']) && $filter['owner'] == $GLOBALS['egw_info']['user']['account_id'])) if (isset($this->grants) && !$ignore_acl &&
!(isset($filter['owner']) && $filter['owner'] == $GLOBALS['egw_info']['user']['account_id']))
{ {
// add read ACL for groupmembers (they have no // add read ACL for groupmembers (they have no
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' && if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&

5
api/src/Contacts/Storage.php
View File

@ -600,9 +600,10 @@ class Storage
* @param array $filter =null if set (!=null) col-data pairs, to be and-ed (!) into the query without wildcards * @param array $filter =null if set (!=null) col-data pairs, to be and-ed (!) into the query without wildcards
* $filter['cols_to_search'] limit search columns to given columns, otherwise $this->columns_to_search is used * $filter['cols_to_search'] limit search columns to given columns, otherwise $this->columns_to_search is used
* @param string $join ='' sql to do a join (only used by sql backend!), eg. " RIGHT JOIN egw_accounts USING(account_id)" * @param string $join ='' sql to do a join (only used by sql backend!), eg. " RIGHT JOIN egw_accounts USING(account_id)"
* @param boolean $ignore_acl =false true: no acl check
* @return array of matching rows (the row is an array of the cols) or False * @return array of matching rows (the row is an array of the cols) or False
*/ */
function &search($criteria,$only_keys=True,$order_by='',$extra_cols='',$wildcard='',$empty=False,$op='AND',$start=false,$filter=null,$join='') function &search($criteria,$only_keys=True,$order_by='',$extra_cols='',$wildcard='',$empty=False,$op='AND',$start=false,$filter=null,$join='', $ignore_acl=false)
{ {
//error_log(__METHOD__.'('.array2string($criteria,true).','.array2string($only_keys).",'$order_by','$extra_cols','$wildcard','$empty','$op',".array2string($start).','.array2string($filter,true).",'$join')"); //error_log(__METHOD__.'('.array2string($criteria,true).','.array2string($only_keys).",'$order_by','$extra_cols','$wildcard','$empty','$op',".array2string($start).','.array2string($filter,true).",'$join')");
@ -703,7 +704,7 @@ class Storage
} }
// get the used backend for the search and call it's search method // get the used backend for the search and call it's search method
$rows = $backend->search($criteria, $only_keys, $order_by, $extra_cols, $rows = $backend->search($criteria, $only_keys, $order_by, $extra_cols,
$wildcard, $empty, $op, $start, $filter, $join); $wildcard, $empty, $op, $start, $filter, $join, false, $ignore_acl);
$this->total = $backend->total; $this->total = $backend->total;