Take contact shares into account for push ACL checks

2024-11-07 08:34:29 +01:00 · 2021-02-24 14:28:17 -07:00 · 2021-02-24 14:28:17 -07:00 · 158e65fc90
commit 158e65fc90
parent 1f41bba904
5 changed files with 59 additions and 12 deletions
--- a/addressbook/inc/class.addressbook_hooks.inc.php
+++ b/addressbook/inc/class.addressbook_hooks.inc.php
@ -409,11 +409,33 @@ class addressbook_hooks
 				'key'    => 'egw_addressbook.contact_id',
 				'column' => 'egw_addressbook.contact_owner'
 			),
-			'push_data' => ['owner','tid','cat_id']
+			'push_data'  => self::class.'::prepareEntryPush',
 		);
 		return $links;
 	}

+	/**
+	 * Prepare entry to be pushed via Link::notify_update()
+	 *
+	 * Add in shared users
+	 *
+	 * @param $entry
+	 * @return array
+	 */
+	static public function prepareEntryPush($entry)
+	{
+		// Add users / groups this contact is shared with
+		$entry['shared_with'] = [];
+		foreach($entry['shared'] as $id => $share)
+		{
+			$entry['shared_with'][] = $share['shared_with'];
+		}
+		$entry['shared_with'] = array_unique($entry['shared_with']);
+
+		$entry = array_intersect_key($entry, array_flip(['owner','tid','cat_id','shared_with']));
+		return $entry;
+	}
+
 	/**
 	 * Hook called to retrieve a app specific exportLimit
 	 *
--- a/addressbook/js/app.js
+++ b/addressbook/js/app.js
@ -48,7 +48,7 @@ var AddressbookApp = /** @class */ (function (_super) {
        // call parent
        _super.call(this, 'addressbook') || this;
        // These fields help with push
-        _this.push_grant_fields = ["owner"];
+        _this.push_grant_fields = ["owner", "shared_with"];
        _this.push_filter_fields = ["tid", "owner", "cat_id"];
        return _this;
    }
--- a/addressbook/js/app.ts
+++ b/addressbook/js/app.ts
@ -28,7 +28,7 @@ import {etemplate2} from "../../api/js/etemplate/etemplate2";
 class AddressbookApp extends EgwApp
 {
 	// These fields help with push
-	protected push_grant_fields = ["owner"];
+	protected push_grant_fields = ["owner","shared_with"];
 	protected push_filter_fields = ["tid","owner","cat_id"]

 	/**
--- a/api/js/jsapi/egw_app.js
+++ b/api/js/jsapi/egw_app.js
@ -202,12 +202,26 @@ var EgwApp = /** @class */ (function () {
     */
    EgwApp.prototype._push_grant_check = function (pushData, grant_fields) {
        var grants = egw.grants(this.appname);
+        // No grants known
+        if (!grants)
+            return true;
+        var _loop_1 = function (i) {
+            var grant_field = pushData.acl[grant_fields[i]];
+            if (["number", "string"].indexOf(typeof grant_field) >= 0 && grants[grant_field] !== 'undefined') {
+                return { value: true };
+            }
+            else if (!Object.keys(grants).filter(function (grant_account) {
+                return grant_field.indexOf(grant_account) >= 0 ||
+                    grant_field.indexOf(parseInt(grant_account)).length;
+            })) {
+                return { value: false };
+            }
+        };
        // check user has a grant from owner or something
        for (var i = 0; i < grant_fields.length; i++) {
-            if (grants && typeof grants[pushData.acl[grant_fields[i]]] !== 'undefined') {
-                // ACL access
-                return true;
-            }
+            var state_1 = _loop_1(i);
+            if (typeof state_1 === "object")
+                return state_1.value;
        }
        return false;
    };
@ -240,7 +254,7 @@ var EgwApp = /** @class */ (function () {
                }
            }
        }
-        var _loop_1 = function (field_filter) {
+        var _loop_2 = function (field_filter) {
            // no filter set
            if (field_filter.filter_values.length == 0)
                return "continue";
@ -259,9 +273,9 @@ var EgwApp = /** @class */ (function () {
        // check filters against pushData.acl data
        for (var _b = 0, _c = Object.values(filters); _b < _c.length; _b++) {
            var field_filter = _c[_b];
-            var state_1 = _loop_1(field_filter);
-            if (typeof state_1 === "object")
-                return state_1.value;
+            var state_2 = _loop_2(field_filter);
+            if (typeof state_2 === "object")
+                return state_2.value;
        }
        return true;
    };
--- a/api/js/jsapi/egw_app.ts
+++ b/api/js/jsapi/egw_app.ts
@ -329,14 +329,25 @@ export abstract class EgwApp
 	{
 		let grants = egw.grants(this.appname);

+		// No grants known
+		if(!grants) return true;
+
 		// check user has a grant from owner or something
 		for(let i = 0; i < grant_fields.length; i++)
 		{
-			if(grants && typeof grants[pushData.acl[grant_fields[i]]] !== 'undefined')
+			let grant_field = pushData.acl[grant_fields[i]];
+			if(["number","string"].indexOf(typeof grant_field) >=0 && grants[grant_field] !== 'undefined')
 			{
 				// ACL access
 				return true;
 			}
+			else if(!Object.keys(grants).filter(function(grant_account) {
+				return grant_field.indexOf(grant_account) >= 0 ||
+					grant_field.indexOf(parseInt(grant_account)).length
+			}))
+			{
+				return false;
+			}
 		}
 		return false;
 	}