mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-08 23:19:04 +01:00
using new categories check_perms() method on vcard export (prevent exposing private categories) and merge given categories with existing ones on vcard import
This commit is contained in:
parent
cdd50f6b55
commit
0b4313adba
addressbook/inc
@ -1505,12 +1505,39 @@ class addressbook_bo extends addressbook_so
|
||||
|
||||
var $categories;
|
||||
|
||||
function find_or_add_categories($catname_list)
|
||||
/**
|
||||
* Find existing categories in database by name or add categories that do not exist yet
|
||||
* currently used for vcard import
|
||||
*
|
||||
* @param array $catname_list names of the categories which should be found or added
|
||||
* @param int $contact_id=null match against existing contact and expand the returned category ids
|
||||
* by the ones the user normally does not see due to category permissions - used to preserve categories
|
||||
* @return array category ids (found, added and preserved categories)
|
||||
*/
|
||||
function find_or_add_categories($catname_list, $contact_id=null)
|
||||
{
|
||||
if (!is_object($this->categories))
|
||||
{
|
||||
$this->categories = new categories($this->owner,'addressbook');
|
||||
}
|
||||
|
||||
if($contact_id)
|
||||
{
|
||||
// preserve categories without users read access
|
||||
$old_contact = $this->read($contact_id);
|
||||
$old_categories = explode(',',$old_contact['cat_id']);
|
||||
$old_cats_preserve = array();
|
||||
if(is_array($old_categories) && count($old_categories) > 0)
|
||||
{
|
||||
foreach($old_categories as $cat_id)
|
||||
{
|
||||
if(!$this->categories->check_perms(EGW_ACL_READ, $cat_id))
|
||||
{
|
||||
$old_cats_preserve[] = $cat_id;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$cat_id_list = array();
|
||||
foreach($catname_list as $cat_name)
|
||||
@ -1533,12 +1560,18 @@ class addressbook_bo extends addressbook_so
|
||||
$cat_id_list[] = $cat_id;
|
||||
}
|
||||
}
|
||||
|
||||
if(is_array($old_cats_preserve) && count($old_cats_preserve) > 0)
|
||||
{
|
||||
$cat_id_list = array_merge($cat_id_list, $old_cats_preserve);
|
||||
}
|
||||
|
||||
if (count($cat_id_list) > 1)
|
||||
{
|
||||
$cat_id_list = array_unique($cat_id_list);
|
||||
sort($cat_id_list, SORT_NUMERIC);
|
||||
}
|
||||
|
||||
return $cat_id_list;
|
||||
}
|
||||
|
||||
@ -1556,7 +1589,8 @@ class addressbook_bo extends addressbook_so
|
||||
$cat_list = array();
|
||||
foreach($cat_id_list as $cat_id)
|
||||
{
|
||||
if ($cat_id && ($cat_name = $this->categories->id2name($cat_id)) && $cat_name != '--')
|
||||
if ($cat_id && $this->categories->check_perms(EGW_ACL_READ, $cat_id) &&
|
||||
($cat_name = $this->categories->id2name($cat_id)) && $cat_name != '--')
|
||||
{
|
||||
$cat_list[] = $cat_name;
|
||||
}
|
||||
|
@ -119,7 +119,7 @@ class addressbook_vcal extends addressbook_bo
|
||||
*/
|
||||
function addVCard($_vcard, $_abID=null, $merge=false)
|
||||
{
|
||||
if(!$contact = $this->vcardtoegw($_vcard))
|
||||
if(!$contact = $this->vcardtoegw($_vcard, $_abID))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
@ -415,7 +415,7 @@ class addressbook_vcal extends addressbook_bo
|
||||
if (is_array($_supportedFields)) $this->supportedFields = $_supportedFields;
|
||||
}
|
||||
|
||||
function vcardtoegw($_vcard)
|
||||
function vcardtoegw($_vcard, $_abID)
|
||||
{
|
||||
// the horde class does the charset conversion. DO NOT CONVERT HERE.
|
||||
// be as flexible as possible
|
||||
@ -825,7 +825,7 @@ class addressbook_vcal extends addressbook_bo
|
||||
break;
|
||||
|
||||
case 'cat_id':
|
||||
$contact[$fieldName] = implode(',',$this->find_or_add_categories($vcardValues[$vcardKey]['values']));
|
||||
$contact[$fieldName] = implode(',',$this->find_or_add_categories($vcardValues[$vcardKey]['values'], $_abID));
|
||||
break;
|
||||
|
||||
case 'jpegphoto':
|
||||
|
Loading…
Reference in New Issue
Block a user