extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-08 17:14:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

reverted Matthew's commit and fix for bug [ 1015533 ] Private entries prohibit response

Browse Source 
If you are invited to a private event, you get full access to it, as you would if it were not private. Only restriction is: other people you gave access to your private events, still cant read the event, as long as they have no direct private grant from the owner of the event.
This commit is contained in:
Ralf Becker 2004-09-08 12:19:22 +00:00
parent 7479c7f40a
commit e72a231b42
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
calendar/inc/class.bocalendar.inc.php
View File

@ -1459,13 +1459,12 @@
@param $needed necessary ACL right: PHPGW_ACL_{READ|EDIT|DELETE} @param $needed necessary ACL right: PHPGW_ACL_{READ|EDIT|DELETE}
@param $event event as array or the event-id or 0 for general check @param $event event as array or the event-id or 0 for general check
@param $other uid to check (if event==0) or 0 to check against $this->owner @param $other uid to check (if event==0) or 0 to check against $this->owner
@note Participating in an event is considered as haveing read-access on that event, \ @note Participating in an event is considered as haveing read-access AND private-access on that event, \
even if you have no general read-grant from that user. even if you have no general read- or private-grant from that user.
*/ */
function check_perms($needed,$event=0,$other=0) function check_perms($needed,$event=0,$other=0)
{ {
$event_in = $event; $event_in = $event;
if (is_int($event) && $event == 0) if (is_int($event) && $event == 0)
{ {
$owner = $other > 0 ? $other : $this->owner; $owner = $other > 0 ? $other : $this->owner;
@ -1487,36 +1486,42 @@
$owner = $event['owner']; $owner = $event['owner'];
$private = $event['public'] == False || $event['public'] == 0; $private = $event['public'] == False || $event['public'] == 0;
} }
$user = $GLOBALS['phpgw_info']['user']['account_id']; $user = $GLOBALS['phpgw_info']['user']['account_id'];
$grants = $this->grants[$owner]; $grants = $this->grants[$owner];
if (is_array($event) && $needed == PHPGW_ACL_READ) if (is_array($event) && $needed == PHPGW_ACL_READ)
{ {
/* grant read access if the $user is one of the participants. */ // Check if the $user is one of the participants or has a read-grant from one of them
// in that case he has an implicite READ grant for that event
//
if (isset($event['participants']) && is_array($event['participants'])) if (isset($event['participants']) && is_array($event['participants']))
{ {
foreach($event['participants'] as $uid => $accept) foreach($event['participants'] as $uid => $accept)
{ {
if ($uid == $user) if ($uid == $user)
{ {
$grants |= PHPGW_ACL_READ; // if we are a participant, we have an implicite READ and PRIVAT grant
$grants |= PHPGW_ACL_READ | PHPGW_ACL_PRIVATE;
break; break;
} }
elseif ($this->grants[$uid] & PHPGW_ACL_READ)
{
// if we have a READ grant from a participant, we dont give an implicit privat grant too
$grants |= PHPGW_ACL_READ;
// we cant break here, as we might be a participant too, and would miss the privat grant
}
} }
} }
} }
if ($GLOBALS['phpgw']->accounts->get_type($owner) == 'g' && $needed == PHPGW_ACL_ADD) if ($GLOBALS['phpgw']->accounts->get_type($owner) == 'g' && $needed == PHPGW_ACL_ADD)
{ {
$access = False; /* a group can't be the owner of an event. why not?! */ $access = False; // a group can't be the owner of an event
} }
else else
{ {
$access = $user == $owner || $grants & $needed && (!$private || $grants & PHPGW_ACL_PRIVATE); $access = $user == $owner || $grants & $needed && (!$private || $grants & PHPGW_ACL_PRIVATE);
} }
//echo "<p>".function_backtrace()." check_perms($needed,$event_id,$other) for user $user and needed_acl $needed: event='$event[title]': owner=$owner, private=$private, grants=$grants ==> access=$access</p>\n"; //echo "<p>".function_backtrace()." check_perms($needed,$event_id,$other) for user $user and needed_acl $needed: event='$event[title]': owner=$owner, private=$private, grants=$grants ==> access=$access</p>\n";
return $access; return $access;
@ -1595,7 +1600,7 @@
{ {
if($is_private) if($is_private)
{ {
return 'private'; return lang('private');
} }
// cut off too long titles // cut off too long titles