extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-07 16:44:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix ACL error allowing regular users to delete global categories

Browse Source
This commit is contained in:
Nathan Gray 2015-09-29 15:15:45 +00:00
parent afa106cbf3
commit f1837813a4
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
admin/inc/class.admin_categories.inc.php
View File

@ -369,6 +369,17 @@ class admin_categories
{
$row['class'] .= ' rowNoEdit rowNoDelete ';
}
else if (!$GLOBALS['egw_info']['user']['apps']['admin'])
{
if(!$cats->check_perms(EGW_ACL_EDIT, $row['id']))
{
$row['class'] .= ' rowNoEdit';
}
if(!$cats->check_perms(EGW_ACL_DELETE, $row['id']))
{
$row['class'] .= ' rowNoDelete';
}
}
// Can only edit (via context menu) categories for the selected app (backend restriction)
if($row['appname'] != $query['appname'] || (array_sum($row['owner']) > 0))
{
@ -661,11 +672,18 @@ class admin_categories
switch($action)
{
case 'delete':
$action_msg = lang('deleted');
foreach($checked as $id)
{
$cats->delete($id,$settings == 'sub',$settings != 'sub');
$action_msg = lang('deleted');
$success++;
if($cats->check_perms(EGW_ACL_DELETE, $id, (boolean)$GLOBALS['egw_info']['user']['apps']['admin']))
{
$cats->delete($id,$settings == 'sub',$settings != 'sub');
$success++;
}
else
{
$failed++;
}
}
break;
case 'owner':