* CardDAV: fixed wrong privileges for accounts addressbook, causing clients to report it read-only even for admins

addressbook/inc/class.addressbook_groupdav.inc.php

@@ -939,6 +939,18 @@ class addressbook_groupdav extends groupdav_handler
 		return $this->bo->check_perms($acl,$contact);
 	}
 
+	/**
+	 * Get grants of current user and app
+	 *
+	 * Reimplemented to account for static LDAP ACL and accounts (owner=0)
+	 *
+	 * @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
+	 */
+	public function get_grants()
+	{
+		return $this->bo->get_grants($this->bo->user);
+	}
+
 	/**
 	 * Return calendars/addressbooks shared from other users with the current one
 	 *

addressbook/inc/class.addressbook_so.inc.php

@@ -354,11 +354,15 @@ class addressbook_so
 				// therefor the param false!
 				$grants = $GLOBALS['egw']->acl->get_grants($contact_app,false,$user);
 			}
+			// grants for accounts: everyone read, admins edit, no-one add or delete (only via admin app!)
+			$grants[0] = EGW_ACL_READ;
+			if ($this->is_admin()) $grants[0] |= EGW_ACL_EDIT;
 		}
 		else
 		{
 			$grants = array();
 		}
+		//error_log(__METHOD__."($user, '$contact_app') returning ".array2string($grants));
 		return $grants;
 	}
 

phpgwapi/inc/class.groupdav.inc.php

@@ -912,7 +912,7 @@ class groupdav extends HTTP_WebDAV_Server
 				$props['sync-token'] = $handler->get_sync_token($path,$user);
 			}
 		}
-		if ($handler && $user)
+		if ($handler && !is_null($user))
 		{
 			return $this->add_collection($path, $props, $handler->current_user_privileges($path, $user));
 		}

phpgwapi/inc/class.groupdav_handler.inc.php

@@ -415,6 +415,16 @@ abstract class groupdav_handler
 		return $agent;
 	}
 
+	/**
+	 * Get grants of current user and app
+	 *
+	 * @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
+	 */
+	public function get_grants()
+	{
+		return $this->acl->get_grants($this->app, $this->app != 'addressbook');
+	}
+
 	/**
 	 * Return priviledges for current user, default is read and read-current-user-privilege-set
 	 *
@@ -429,30 +439,31 @@ abstract class groupdav_handler
 		static $grants;
 		if (is_null($grants))
 		{
-			$grants = $this->acl->get_grants($this->app, $this->app != 'addressbook');
+			$grants = $this->get_grants();
 		}
 		$priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set');
 
-		if (!$user || $grants[$user] & EGW_ACL_READ)
+		if (is_null($user) || $grants[$user] & EGW_ACL_READ)
 		{
 			$priviledes['read'] = 'read';
 			// allows on all calendars/addressbooks to write properties, as we store them on a per-user basis
 			// and only allow to modify explicit named properties in CalDAV, CardDAV or Calendarserver name-space
 			$priviledes['write-properties'] = 'write-properties';
 		}
-		if (!$user || $grants[$user] & EGW_ACL_ADD)
+		if (is_null($user) || $grants[$user] & EGW_ACL_ADD)
 		{
 			$priviledes['bind'] = 'bind';	// PUT for new resources
 		}
-		if (!$user || $grants[$user] & EGW_ACL_EDIT)
+		if (is_null($user) || $grants[$user] & EGW_ACL_EDIT)
 		{
 			$priviledes['write-content'] = 'write-content';	// otherwise iOS calendar does not allow to add events
 		}
-		if (!$user || $grants[$user] & EGW_ACL_DELETE)
+		if (is_null($user) || $grants[$user] & EGW_ACL_DELETE)
 		{
 			$priviledes['unbind'] = 'unbind';	// DELETE
 		}
 		// copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH
+		//error_log(__METHOD__."('$path', ".array2string($user).') returning '.array2string($priviledes).' '.function_backtrace());
 		return $priviledes;
 	}