extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-20 18:08:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix resource invite permission was checked for every resource type

Browse Source
This commit is contained in:
nathangray 2018-10-01 10:25:55 -06:00
parent b7f72bf7c4
commit eb7ea6bfab
3 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
calendar/inc/class.calendar_boupdate.inc.php
View File

@ -80,12 +80,6 @@ class calendar_boupdate extends calendar_bo
*/ */
protected static $tz_cache = array(); protected static $tz_cache = array();
/**
* The resources storage object
* @var resources_so $resources_so
*/
protected $resources_so;
/** /**
* Constructor * Constructor
*/ */
@ -95,8 +89,6 @@ class calendar_boupdate extends calendar_bo
parent::__construct(); // calling the parent constructor parent::__construct(); // calling the parent constructor
$this->resources_so = new resources_so();
if ($this->debug > 0) $this->debug_message('calendar_boupdate::__construct() finished',True); if ($this->debug > 0) $this->debug_message('calendar_boupdate::__construct() finished',True);
} }
@ -515,17 +507,12 @@ class calendar_boupdate extends calendar_bo
*/ */
public function check_acl_invite($uid) public function check_acl_invite($uid)
{ {
if (!is_numeric($uid)) if (!is_numeric($uid) && $this->resources[$uid[0]]['check_invite'])
{ {
$resources_config = Api\Config::read('resources'); // Resource specific ACL check
if ($resources_config['bookingrequests'] === 'disabled') { return call_user_func($this->resources[$uid[0]]['check_invite'], $uid);
$cat_id = $this->resources_so->get_value('cat_id', intval(substr($uid, 1)));
return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING);
}
else
{
$ret = true;
}
} }
elseif (!$this->require_acl_invite) elseif (!$this->require_acl_invite)
{ {

14
resources/inc/class.resources_acl_bo.inc.php
View File

@ -204,6 +204,20 @@ class resources_acl_bo
return $GLOBALS['egw']->acl->get_all_rights('L'.$cat_id,'resources'); return $GLOBALS['egw']->acl->get_all_rights('L'.$cat_id,'resources');
} }
static public function check_calendar_invite($uid)
{
$resources_config = Api\Config::read('resources');
$resources_so = new resources_so();
if ($resources_config['bookingrequests'] === 'disabled') {
$resources_so = new resources_so();
$cat_id = $resources_so->get_value('cat_id', intval(substr($uid, 1)));
return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING);
}
else
{
return true;
}
}
// privat functions from here on ------------------------------------------------------------------------- // privat functions from here on -------------------------------------------------------------------------
function save_sessiondata() function save_sessiondata()

1
resources/inc/class.resources_hooks.inc.php
View File

@ -108,6 +108,7 @@ class resources_hooks
'type' => 'r',// one char type-identifiy for this resources 'type' => 'r',// one char type-identifiy for this resources
'icon' => 'calicon',//icon 'icon' => 'calicon',//icon
'participants_header' => lang('resources'), // header of participants from this type 'participants_header' => lang('resources'), // header of participants from this type
'check_invite' => 'resources_acl_bo::check_calendar_invite' // Check that the current user is allowed to invite the givent resource
); );
} }