extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-10-06 02:02:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add some acl checks into index, view, and edit

Browse Source
This commit is contained in:
Miles Lott 2001-02-12 13:57:59 +00:00
parent 16856ebc2b
commit d6274ffd3a
3 changed files with 197 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
addressbook/edit.php
View File

@ -20,7 +20,6 @@
$phpgw_info["flags"]["enable_addressbook_class"] = True;
include("../header.inc.php");
#$t = new Template($phpgw_info["server"]["app_tpl"]);
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
$t->set_file(array( "edit" => "edit.tpl"));
@ -30,8 +29,9 @@
}
$this = CreateObject("phpgwapi.contacts");
if (!$submit) {
// not checking acl here, only on submit - that ok?
// merge in extra fields
$extrafields = array(
"pager" => "pager",
@ -46,50 +46,57 @@
$fields = $this->read_single_entry($ab_id,$qfields);
form("","edit.php","Edit",$fields[0]);
} else {
if ($url == "http://") {
$url = "";
}
if (! $bday_month && ! $bday_day && ! $bday_year) {
$bday = "";
//verify edit capabilities
$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
if ( ($rights & PHPGW_ACL_EDIT) || ($owner == $account_id) ) {
if ($url == "http://") {
$url = "";
}
if (! $bday_month && ! $bday_day && ! $bday_year) {
$bday = "";
} else {
$bday = "$bday_month/$bday_day/$bday_year";
}
$fields["org_name"] = $company;
$fields["org_unit"] = $department;
$fields["n_given"] = $firstname;
$fields["n_family"] = $lastname;
$fields["n_middle"] = $middle;
$fields["n_prefix"] = $prefix;
$fields["n_suffix"] = $suffix;
if ($prefix) { $pspc = " "; }
if ($middle) { $mspc = " "; }
if ($suffix) { $sspc = " "; }
$fields["fn"] = $prefix.$pspc.$firstname.$mspc.$middle.$mspc.$lastname.$sspc.$suffix;
$fields["d_email"] = $email;
$fields["d_emailtype"] = $email_type;
$fields["title"] = $title;
$fields["a_tel"] = $wphone;
$fields["b_tel"] = $hphone;
$fields["c_tel"] = $fax;
$fields["pager"] = $pager;
$fields["mphone"] = $mphone;
$fields["ophone"] = $ophone;
$fields["adr_street"] = $street;
$fields["address2"] = $address2;
$fields["adr_locality"] = $city;
$fields["adr_region"] = $state;
$fields["adr_postalcode"] = $zip;
$fields["adr_countryname"] = $country;
$fields["tz"] = $timezone;
$fields["bday"] = $bday;
$fields["url"] = $url;
$fields["notes"] = $notes;
$this->update($ab_id,$phpgw_info["user"]["account_id"],$fields);
Header("Location: " . $phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start"));
$phpgw->common->phpgw_exit();
} else {
$bday = "$bday_month/$bday_day/$bday_year";
$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
$phpgw->common->phpgw_exit();
}
$fields["org_name"] = $company;
$fields["org_unit"] = $department;
$fields["n_given"] = $firstname;
$fields["n_family"] = $lastname;
$fields["n_middle"] = $middle;
$fields["n_prefix"] = $prefix;
$fields["n_suffix"] = $suffix;
if ($prefix) { $pspc = " "; }
if ($middle) { $mspc = " "; }
if ($suffix) { $sspc = " "; }
$fields["fn"] = $prefix.$pspc.$firstname.$mspc.$middle.$mspc.$lastname.$sspc.$suffix;
$fields["d_email"] = $email;
$fields["d_emailtype"] = $email_type;
$fields["title"] = $title;
$fields["a_tel"] = $wphone;
$fields["b_tel"] = $hphone;
$fields["c_tel"] = $fax;
$fields["pager"] = $pager;
$fields["mphone"] = $mphone;
$fields["ophone"] = $ophone;
$fields["adr_street"] = $street;
$fields["address2"] = $address2;
$fields["adr_locality"] = $city;
$fields["adr_region"] = $state;
$fields["adr_postalcode"] = $zip;
$fields["adr_countryname"] = $country;
$fields["tz"] = $timezone;
$fields["bday"] = $bday;
$fields["url"] = $url;
$fields["notes"] = $notes;
$this->update($ab_id,$phpgw_info["user"]["account_id"],$fields);
Header("Location: " . $phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start"));
$phpgw->common->phpgw_exit();
}
$t->set_var("ab_id",$ab_id);

168
addressbook/vcardout.php
View File

@ -34,93 +34,99 @@
$fields = $this->read_single_entry($ab_id,$this->stock_contact_fields);
$email = $fields[0]["d_email"];
$fullname = $fields[0]["fn"];
$prefix = $fields[0]["n_prefix"];
$firstname = $fields[0]["n_given"];
$middle = $fields[0]["n_middle"];
$lastname = $fields[0]["n_family"];
$suffix = $fields[0]["n_suffix"];
$title = $fields[0]["title"];
$hphone = $fields[0]["a_tel"];
$wphone = $fields[0]["b_tel"];
$fax = $fields[0]["c_tel"];
$pager = $fields[0]["pager"];
$mphone = $fields[0]["mphone"];
$ophone = $fields[0]["ophone"];
$street = $fields[0]["adr_street"];
$address2 = $fields[0]["address2"];
$city = $fields[0]["adr_locality"];
$state = $fields[0]["adr_region"];
$zip = $fields[0]["adr_postalcode"];
$country = $fields[0]["adr_countryname"];
$company = $fields[0]["org_name"];
$dept = $fields[0]["org_unit"];
$bday = $fields[0]["bday"];
$notes = $fields[0]["notes"];
$access = $fields[0]["access"];
$url = $fields[0]["url"];
$rights = $phpgw->acl->get_rights('u_'.$$fields[0]["owner"],$phpgw_info["flags"]["currentapp"]);
if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
if(!$nolname && !$nofname) {
/* First name and last must be in the vcard. */
if($lastname == "") {
/* Run away here. */
Header("Location: " . $phpgw->link("vcardout.php","nolname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
}
if($firstname == "" ) {
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
}
$email = $fields[0]["d_email"];
$fullname = $fields[0]["fn"];
$prefix = $fields[0]["n_prefix"];
$firstname = $fields[0]["n_given"];
$middle = $fields[0]["n_middle"];
$lastname = $fields[0]["n_family"];
$suffix = $fields[0]["n_suffix"];
$title = $fields[0]["title"];
$hphone = $fields[0]["a_tel"];
$wphone = $fields[0]["b_tel"];
$fax = $fields[0]["c_tel"];
$pager = $fields[0]["pager"];
$mphone = $fields[0]["mphone"];
$ophone = $fields[0]["ophone"];
$street = $fields[0]["adr_street"];
$address2 = $fields[0]["address2"];
$city = $fields[0]["adr_locality"];
$state = $fields[0]["adr_region"];
$zip = $fields[0]["adr_postalcode"];
$country = $fields[0]["adr_countryname"];
$company = $fields[0]["org_name"];
$dept = $fields[0]["org_unit"];
$bday = $fields[0]["bday"];
$notes = $fields[0]["notes"];
$access = $fields[0]["access"];
$url = $fields[0]["url"];
header("Content-type: text/X-VCARD");
$fn = explode("@",$email);
$filename = sprintf("%s.vcf", $fn[0]);
if(!$nolname && !$nofname) {
/* First name and last must be in the vcard. */
if($lastname == "") {
/* Run away here. */
Header("Location: " . $phpgw->link("vcardout.php","nolname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
}
if($firstname == "" ) {
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
}
header("Content-Disposition: attachment; filename=$filename");
printf("BEGIN:VCARD\r\n");
printf("N:%s;%s\r\n", $lastname, $firstname);
if (!$fullname) { printf("FN:%s %s\r\n", $firstname, $lastname); }
else { printf("FN:%s\r\n", $fullname); }
header("Content-type: text/X-VCARD");
$fn = explode("@",$email);
$filename = sprintf("%s.vcf", $fn[0]);
/* This stuff is optional. */
if($title != "") /* Title */
printf("TITLE:%s\r\n",$title);
if($email != "") /* E-mail */
printf("EMAIL;INTERNET:%s\r\n", $email);
if($hphone != "") /* Home Phone */
printf("TEL;HOME:%s\r\n", $hphone);
if($wphone != "") /* Work Phone */
printf("TEL;WORK:%s\r\n", $wphone);
if($mphone != "") /* Mobile Phone */
printf("TEL;CELL:%s\r\n", $mphone);
if($fax != "") /* Fax Number */
printf("TEL;FAX:%s\r\n", $fax);
if($pager != "") /* Pager Number */
printf("TEL;PAGER:%s\r\n", $pager);
//if($ophone != "") /* Other Phone */
//$NOTES .= "Other Phone: " . $ophone;
/* The address one is pretty icky. Send it if ANY of the fields are present. */
if($address2 != "" || /* Street Line 1 */
$street != "" || /* Street Line 2 */
$city != "" || /* City */
$state != "" || /* State */
$zip != "") /* Zip */
printf("ADR:;%s;%s;%s;%s;%s;%s\r\n", $address2,
$street,$city,$state,$zip,$country);
header("Content-Disposition: attachment; filename=$filename");
if($bday != "" && $bday != "//") /* Birthday */
printf("BDAY:%s\r\n", $bday); /* This is not the right format. */
if($company != "") /* Company Name (Really isn't company_name?) */
printf("ORG:%s %s\r\n", $company, $dept);
if($notes != "") /* Notes */
$NOTES .= $notes;
printf("BEGIN:VCARD\r\n");
printf("N:%s;%s\r\n", $lastname, $firstname);
if (!$fullname) { printf("FN:%s %s\r\n", $firstname, $lastname); }
else { printf("FN:%s\r\n", $fullname); }
if($NOTES != "") /* All of the notes. */
printf("NOTE:%s\r\n", $NOTES);
/* End of Stuff. */
printf("VERSION:2.1\r\n");
printf("END:VCARD\r\n");
} /* !nolname && !nofname */
/* This stuff is optional. */
if($title != "") /* Title */
printf("TITLE:%s\r\n",$title);
if($email != "") /* E-mail */
printf("EMAIL;INTERNET:%s\r\n", $email);
if($hphone != "") /* Home Phone */
printf("TEL;HOME:%s\r\n", $hphone);
if($wphone != "") /* Work Phone */
printf("TEL;WORK:%s\r\n", $wphone);
if($mphone != "") /* Mobile Phone */
printf("TEL;CELL:%s\r\n", $mphone);
if($fax != "") /* Fax Number */
printf("TEL;FAX:%s\r\n", $fax);
if($pager != "") /* Pager Number */
printf("TEL;PAGER:%s\r\n", $pager);
//if($ophone != "") /* Other Phone */
//$NOTES .= "Other Phone: " . $ophone;
/* The address one is pretty icky. Send it if ANY of the fields are present. */
if($address2 != "" || /* Street Line 1 */
$street != "" || /* Street Line 2 */
$city != "" || /* City */
$state != "" || /* State */
$zip != "") /* Zip */
printf("ADR:;%s;%s;%s;%s;%s;%s\r\n", $address2,
$street,$city,$state,$zip,$country);
if($bday != "" && $bday != "//") /* Birthday */
printf("BDAY:%s\r\n", $bday); /* This is not the right format. */
if($company != "") /* Company Name (Really isn't company_name?) */
printf("ORG:%s %s\r\n", $company, $dept);
if($notes != "") /* Notes */
$NOTES .= $notes;
if($NOTES != "") /* All of the notes. */
printf("NOTE:%s\r\n", $NOTES);
/* End of Stuff. */
printf("VERSION:2.1\r\n");
printf("END:VCARD\r\n");
} /* !nolname && !nofname */
} else { /* acl check failed */
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
}
if($nofname) {
echo "<BR><BR><CENTER>";

111
addressbook/view.php
View File

@ -24,9 +24,9 @@
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
$t->set_file(array( "view" => "view.tpl"));
$this = CreateObject("phpgwapi.contacts");
if (! $ab_id) {
Header("Location: " . $phpgw->link("index.php"));
}
@ -52,31 +52,34 @@
$fields = $this->read_single_entry($ab_id,$qfields);
$owner = $fields[0]["owner"];
$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
$view_header = "<p>&nbsp;<b>" . lang("Address book - view") . "</b><hr><p>";
$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';
$view_header = "<p>&nbsp;<b>" . lang("Address book - view") . "</b><hr><p>";
$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';
while ($column = each($columns_to_display)) { // each entry column
$columns_html .= "<tr><td><b>" . lang(display_name($colname[$column[0]])) . "</b>:</td>";
$ref=$data="";
$coldata = $fields[0][$column[0]];
// Some fields require special formatting.
if ($column[0] == "url") {
$ref='<a href="'.$coldata.'" target="_new">';
$data=$coldata.'</a>';
} elseif ($column[0] == "email") {
if ($phpgw_info["user"]["apps"]["email"]) {
$ref='<a href="'.$phpgw->link($phpgw_info["server"]["webserver_url"]
. "/email/compose.php","to=" . urlencode($coldata)).'" target="_new">';
} else {
$ref='<a href="mailto:'.$coldata.'">';
while ($column = each($columns_to_display)) { // each entry column
$columns_html .= "<tr><td><b>" . lang(display_name($colname[$column[0]])) . "</b>:</td>";
$ref=$data="";
$coldata = $fields[0][$column[0]];
// Some fields require special formatting.
if ($column[0] == "url") {
$ref='<a href="'.$coldata.'" target="_new">';
$data=$coldata.'</a>';
} elseif ($column[0] == "email") {
if ($phpgw_info["user"]["apps"]["email"]) {
$ref='<a href="'.$phpgw->link($phpgw_info["server"]["webserver_url"]
. "/email/compose.php","to=" . urlencode($coldata)).'" target="_new">';
} else {
$ref='<a href="mailto:'.$coldata.'">';
}
$data=$coldata."</a>";
} else { // But these do not
$ref=""; $data=$coldata;
}
$data=$coldata."</a>";
} else { // But these do not
$ref=""; $data=$coldata;
$columns_html .= "<td>" . $ref . $data . "</td>";
}
$columns_html .= "<td>" . $ref . $data . "</td>";
}
/*
if ($access == "private") {
@ -87,34 +90,38 @@
$access_link ="";
}
*/
$columns_html .= '<tr><td colspan="4">&nbsp;</td></tr>'
. '<tr><td><b>' . lang("Record owner") . '</b></td><td>'
. $phpgw->common->grab_owner_name($owner) . '</td><td><b>'
. $access_link . '</b></td><td></table>';
$columns_html .= '<tr><td colspan="4">&nbsp;</td></tr>'
. '<tr><td><b>' . lang("Record owner") . '</b></td><td>'
. $phpgw->common->grab_owner_name($owner) . '</td><td><b>'
. $access_link . '</b></td><td></table>';
$editlink = $phpgw->common->check_owner($owner,"edit.php",lang("edit"),"ab_id=" . $ab_id . "&start=".$start."&sort=".$sort."&order=".$order);
$vcardlink = '<form action="'.$phpgw->link("vcardout.php","ab_id=$ab_id&order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
$donelink = '<form action="'.$phpgw->link("index.php","order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
$t->set_var("access_link",$access_link);
$t->set_var("ab_id",$ab_id);
$t->set_var("sort",$sort);
$t->set_var("order",$order);
$t->set_var("filter",$filter);
$t->set_var("start",$start);
$t->set_var("view_header",$view_header);
$t->set_var("cols",$columns_html);
$t->set_var("lang_ok",lang("ok"));
$t->set_var("lang_done",lang("done"));
$t->set_var("lang_edit",lang("edit"));
$t->set_var("lang_submit",lang("submit"));
$t->set_var("lang_vcard",lang("vcard"));
$t->set_var("done_link",$donelink);
$t->set_var("edit_link",$editlink);
$t->set_var("vcard_link",$vcardlink);
$editlink = $phpgw->common->check_owner($owner,"edit.php",lang("edit"),"ab_id=" . $ab_id . "&start=".$start."&sort=".$sort."&order=".$order);
$vcardlink = '<form action="'.$phpgw->link("vcardout.php","ab_id=$ab_id&order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
$donelink = '<form action="'.$phpgw->link("index.php","order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
$t->parse("out","view");
$t->pparse("out","view");
$t->set_var("access_link",$access_link);
$t->set_var("ab_id",$ab_id);
$t->set_var("sort",$sort);
$t->set_var("order",$order);
$t->set_var("filter",$filter);
$t->set_var("start",$start);
$t->set_var("view_header",$view_header);
$t->set_var("cols",$columns_html);
$t->set_var("lang_ok",lang("ok"));
$t->set_var("lang_done",lang("done"));
$t->set_var("lang_edit",lang("edit"));
$t->set_var("lang_submit",lang("submit"));
$t->set_var("lang_vcard",lang("vcard"));
$t->set_var("done_link",$donelink);
$t->set_var("edit_link",$editlink);
$t->set_var("vcard_link",$vcardlink);
$t->parse("out","view");
$t->pparse("out","view");
$phpgw->common->phpgw_footer();
$phpgw->common->phpgw_footer();
} else {
$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
$phpgw->common->phpgw_exit();
}
?>