extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-07 16:44:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Take contact shares into account for push ACL checks

Browse Source
This commit is contained in:
nathangray 2021-02-24 14:28:17 -07:00
parent 1f41bba904
commit 158e65fc90
5 changed files with 59 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
addressbook/inc/class.addressbook_hooks.inc.php
View File

@ -409,11 +409,33 @@ class addressbook_hooks
'key' => 'egw_addressbook.contact_id', 'key' => 'egw_addressbook.contact_id',
'column' => 'egw_addressbook.contact_owner' 'column' => 'egw_addressbook.contact_owner'
), ),
'push_data' => ['owner','tid','cat_id'] 'push_data' => self::class.'::prepareEntryPush',
); );
return $links; return $links;
} }
/**
* Prepare entry to be pushed via Link::notify_update()
*
* Add in shared users
*
* @param $entry
* @return array
*/
static public function prepareEntryPush($entry)
{
// Add users / groups this contact is shared with
$entry['shared_with'] = [];
foreach($entry['shared'] as $id => $share)
{
$entry['shared_with'][] = $share['shared_with'];
}
$entry['shared_with'] = array_unique($entry['shared_with']);
$entry = array_intersect_key($entry, array_flip(['owner','tid','cat_id','shared_with']));
return $entry;
}
/** /**
* Hook called to retrieve a app specific exportLimit * Hook called to retrieve a app specific exportLimit
* *

2
addressbook/js/app.js
View File

@ -48,7 +48,7 @@ var AddressbookApp = /** @class */ (function (_super) {
// call parent // call parent
_super.call(this, 'addressbook') || this; _super.call(this, 'addressbook') || this;
// These fields help with push // These fields help with push
_this.push_grant_fields = ["owner"]; _this.push_grant_fields = ["owner", "shared_with"];
_this.push_filter_fields = ["tid", "owner", "cat_id"]; _this.push_filter_fields = ["tid", "owner", "cat_id"];
return _this; return _this;
} }

2
addressbook/js/app.ts
View File

@ -28,7 +28,7 @@ import {etemplate2} from "../../api/js/etemplate/etemplate2";
class AddressbookApp extends EgwApp class AddressbookApp extends EgwApp
{ {
// These fields help with push // These fields help with push
protected push_grant_fields = ["owner"]; protected push_grant_fields = ["owner","shared_with"];
protected push_filter_fields = ["tid","owner","cat_id"] protected push_filter_fields = ["tid","owner","cat_id"]
/** /**

30
api/js/jsapi/egw_app.js
View File

@ -202,12 +202,26 @@ var EgwApp = /** @class */ (function () {
*/ */
EgwApp.prototype._push_grant_check = function (pushData, grant_fields) { EgwApp.prototype._push_grant_check = function (pushData, grant_fields) {
var grants = egw.grants(this.appname); var grants = egw.grants(this.appname);
// No grants known
if (!grants)
return true;
var _loop_1 = function (i) {
var grant_field = pushData.acl[grant_fields[i]];
if (["number", "string"].indexOf(typeof grant_field) >= 0 && grants[grant_field] !== 'undefined') {
return { value: true };
}
else if (!Object.keys(grants).filter(function (grant_account) {
return grant_field.indexOf(grant_account) >= 0 ||
grant_field.indexOf(parseInt(grant_account)).length;
})) {
return { value: false };
}
};
// check user has a grant from owner or something // check user has a grant from owner or something
for (var i = 0; i < grant_fields.length; i++) { for (var i = 0; i < grant_fields.length; i++) {
if (grants && typeof grants[pushData.acl[grant_fields[i]]] !== 'undefined') { var state_1 = _loop_1(i);
// ACL access if (typeof state_1 === "object")
return true; return state_1.value;
}
} }
return false; return false;
}; };
@ -240,7 +254,7 @@ var EgwApp = /** @class */ (function () {
} }
} }
} }
var _loop_1 = function (field_filter) { var _loop_2 = function (field_filter) {
// no filter set // no filter set
if (field_filter.filter_values.length == 0) if (field_filter.filter_values.length == 0)
return "continue"; return "continue";
@ -259,9 +273,9 @@ var EgwApp = /** @class */ (function () {
// check filters against pushData.acl data // check filters against pushData.acl data
for (var _b = 0, _c = Object.values(filters); _b < _c.length; _b++) { for (var _b = 0, _c = Object.values(filters); _b < _c.length; _b++) {
var field_filter = _c[_b]; var field_filter = _c[_b];
var state_1 = _loop_1(field_filter); var state_2 = _loop_2(field_filter);
if (typeof state_1 === "object") if (typeof state_2 === "object")
return state_1.value; return state_2.value;
} }
return true; return true;
}; };

13
api/js/jsapi/egw_app.ts
View File

@ -329,14 +329,25 @@ export abstract class EgwApp
{ {
let grants = egw.grants(this.appname); let grants = egw.grants(this.appname);
// No grants known
if(!grants) return true;
// check user has a grant from owner or something // check user has a grant from owner or something
for(let i = 0; i < grant_fields.length; i++) for(let i = 0; i < grant_fields.length; i++)
{ {
if(grants && typeof grants[pushData.acl[grant_fields[i]]] !== 'undefined') let grant_field = pushData.acl[grant_fields[i]];
if(["number","string"].indexOf(typeof grant_field) >=0 && grants[grant_field] !== 'undefined')
{ {
// ACL access // ACL access
return true; return true;
} }
else if(!Object.keys(grants).filter(function(grant_account) {
return grant_field.indexOf(grant_account) >= 0 ||
grant_field.indexOf(parseInt(grant_account)).length
}))
{
return false;
}
} }
return false; return false;
} }