disable adding from month view if insufficient rights

2024-11-07 16:44:20 +01:00 · 2001-02-13 04:12:53 +00:00 · 2001-02-13 04:12:53 +00:00 · cdcde444b7
commit cdcde444b7
parent db2739bbb3
3 changed files with 48 additions and 21 deletions
--- a/calendar/inc/class.calendar_sql.inc.php
+++ b/calendar/inc/class.calendar_sql.inc.php
@ -104,7 +104,7 @@
        $this->cal_event = CreateObject('calendar.calendar_item');
        $this->stream->next_record();
        // Load the calendar event data from the db into the cal_event structure
-        // Use http://www.php.net/manual/en/function.mcal-fetch-event.phpas the reference
+        // Use http://www.php.net/manual/en/function.mcal-fetch-event.php as the reference
      }
      else
      {
@ -794,7 +794,8 @@
    function display_week($startdate,$weekly,$cellcolor,$display_name = False,$owner=0,$monthstart=0,$monthend=0) {
      global $phpgw;
      global $phpgw_info;
-
+      global $rights;
+      
      $str = '';
      $gr_events = CreateObject('calendar.calendar_item');
      $lr_events = CreateObject('calendar.calendar_item');
@ -830,8 +831,23 @@
          }

          if (!$this->printer_friendly) {
-            $str = '<a href="'.$phpgw->link($phpgw_info['server']['webserver_url'].'/calendar/edit_entry.php','year='.$date_year.'&month='.$date['month'].'&day='.$date['day']).'">'
-                 . '<img src="'.$phpgw->common->get_image_path('calendar').'/new.gif" width="10" height="10" alt="'.lang('New Entry').'" border="0" align="right"></a>';
+            $str = '';
+            if($rights & PHPGW_ACL_ADD) {
+              $str .= '<a href="'.$phpgw->link($phpgw_info['server']['webserver_url'].'/calendar/edit_entry.php','year='.$date_year.'&month='.$date['month'].'&day='.$date['day']).'">';
+            }
+            
+            $str .= '<img src="'.$phpgw->common->get_image_path('calendar').'/new.gif" width="10" height="10" ';
+            
+            if($rights & PHPGW_ACL_ADD) {
+              $str .= 'alt="'.lang('New Entry').'" ';
+            }
+            
+            $str .= 'border="0" align="right">';
+            
+            if($rights & PHPGW_ACL_ADD) {
+              $str .= '</a>';
+            }
+            
            $p->set_var('new_event_link',$str);
            $str = '<a href="'.$phpgw->link($phpgw_info['server']['webserver_url'].'/calendar/day.php','month='.$date['month'].'&day='.$date['day'].'&year='.$date['year']).'">'.$date['day'].'</a>';
            $p->set_var('day_number',$str);
--- a/calendar/inc/header.inc.php
+++ b/calendar/inc/header.inc.php
@ -16,7 +16,7 @@

  if (floor($PHP_VERSION ) == 4) {
    global $date, $year, $month, $day, $thisyear, $thismonth, $thisday, $filter, $keywords;
-    global $matrixtype, $participants, $owner, $phpgw;
+    global $matrixtype, $participants, $owner, $phpgw, $grants, $rights;
  }

  if(!isset($phpgw_info["user"]["preferences"]["calendar"]["weekdaystarts"]))
@ -24,9 +24,21 @@

  if(!isset($owner)) { $owner = 0; } 

+  $grants = $phpgw->acl->get_grants('calendar');
+  
  if(!isset($owner) || !$owner) {
    $owner = $phpgw_info['user']['account_id'];
-    $rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE;
+    $rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
+  } else {
+    if($grants[$owner])
+    {
+      $rights = $grants[$owner];
+      if (!($rights & PHPGW_ACL_READ))
+      {
+        $owner = $phpgw_info['user']['account_id'];
+        $rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
+      }
+    }
  }

  if(!isset($filter) || !$filter) 
@ -119,7 +131,6 @@
   </td>
  </form>
 <?php
-    $grants = $phpgw->acl->get_grants('calendar');
    if(count($grants) > 0)
    {
 ?>
@ -138,7 +149,7 @@
 <?php } ?>
    <select name="owner" onchange="document.setowner.submit()">
 <?php
-      while(list($grantor,$rights) = each($grants))
+      while(list($grantor,$temp_rights) = each($grants))
      {
 ?>
      <option value="<?php echo $grantor; ?>"<?php if($grantor==$owner) echo " selected"; ?>><?php echo $phpgw->common->grab_owner_name($grantor); ?></option>
--- a/calendar/month.php
+++ b/calendar/month.php
@ -50,21 +50,21 @@
       else
          $thisyear = $year;
    }
-  }
+    
+    if(!isset($owner)) { $owner = 0; } 

-  if(!isset($owner)) { $owner = 0; } 
-
-  if(!isset($owner) || !$owner) {
-    $owner = $phpgw_info['user']['account_id'];
-    $rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE;
-  } else {
-    $grants = $phpgw->acl->get_grants('calendar');
-    if($grants[$owner])
-    {
-      $rights = $grants[$owner];
-      if (!($rights & PHPGW_ACL_READ))
+    if(!isset($owner) || !$owner) {
+      $owner = $phpgw_info['user']['account_id'];
+      $rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
+    } else {
+      $grants = $phpgw->acl->get_grants('calendar');
+      if($grants[$owner])
      {
-        $owner = $phpgw_info['user']['account_id'];
+        $rights = $grants[$owner];
+        if (!($rights & PHPGW_ACL_READ))
+        {
+          $owner = $phpgw_info['user']['account_id'];
+        }
      }
    }
  }