From 2a46126b1b923918810178305c1ba6c86347b027 Mon Sep 17 00:00:00 2001
From: jengo <jengo@alumni.egroupware.org>
Date: Thu, 29 Mar 2001 08:09:50 +0000
Subject: [PATCH] Finished adding ACL to the addressbook, I belive it should
 now work.  Needs testing

---
 addressbook/delete.php                     | 36 +++++++++++++---------
 addressbook/edit.php                       | 13 +++++---
 addressbook/inc/class.contacts_sql.inc.php |  6 ++--
 addressbook/templates/default/edit.tpl     | 17 +++++-----
 4 files changed, 41 insertions(+), 31 deletions(-)

diff --git a/addressbook/delete.php b/addressbook/delete.php
index 9679b5750e..b9738ba2ff 100755
--- a/addressbook/delete.php
+++ b/addressbook/delete.php
@@ -12,29 +12,37 @@
 
 /* $Id$ */
 
-	if ($confirm) {
-		$phpgw_info["flags"] = array(
-			"noheader" => True,
-			"nonavbar" => True
-		);
+	$phpgw_info['flags'] = array(
+		'noheader'   => True,
+		'nonavbar'   => True,
+		'currentapp' => 'addressbook'
+	);
+
+	include('../header.inc.php');
+
+	if (! $ab_id)
+	{
+		Header('Location: ' . $phpgw->link('/addressbook/index.php'));
 	}
 
-	$phpgw_info["flags"]["currentapp"] = "addressbook";
-	$phpgw_info["flags"]["enable_contacts_class"] = True;
-	include("../header.inc.php");
-  
-	if (! $ab_id) {
-		@Header("Location: " . $phpgw->link("/addressbook/index.php"));
-	}
-
-	$this = CreateObject("phpgwapi.contacts");
+	$this = CreateObject('phpgwapi.contacts');
 	$fields = $this->read_single_entry($ab_id,array("owner" => "owner"));
 	//$record_owner = $fields[0]["owner"];
 
+	if (! $this->check_perms($this->grants[$fields[0]['owner']],PHPGW_ACL_DELETE) && $fields[0]['owner'] != $phpgw_info['user']['account_id'])
+	{
+		Header('Location: '
+			. $phpgw->link('/addressbook/index.php',"cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query&cat_id=$cat_id"));
+		$phpgw->common->phpgw_exit();
+	}
+
 	$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
 	$t->set_file(array("delete" => "delete.tpl"));
 
 	if ($confirm != "true") {
+		$phpgw->common->phpgw_header();
+		echo parse_navbar();
+
 		$t->set_var(lang_sure,lang("Are you sure you want to delete this entry ?"));
 		$t->set_var(no_link,$phpgw->link("/addressbook/index.php",
 			"ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start&query=$query&cat_id=$cat_id"));
diff --git a/addressbook/edit.php b/addressbook/edit.php
index 9c8d49cab9..db42706756 100755
--- a/addressbook/edit.php
+++ b/addressbook/edit.php
@@ -179,14 +179,17 @@
 	$t->set_var("lang_ok",lang("ok"));
 	$t->set_var("lang_clear",lang("clear"));
 	$t->set_var("lang_cancel",lang("cancel"));
-	$t->set_var("lang_delete",lang("delete"));
 	$t->set_var("lang_submit",lang("submit"));
 	$t->set_var("cancel_link",'<form method="POST" action="'
 		. $phpgw->link("/addressbook/index.php","sort=$sort&order=$order&filter=$filter&start=$start&query=$query&cat_id=$cat_id") . '">');
-	$t->set_var("delete_link",'<form method="POST" action="'.$phpgw->link("/addressbook/delete.php","ab_id=$ab_id") . '">');
-	
-	$t->parse("out","edit");
-	$t->pparse("out","edit");
+
+	if ($this->grants[$check[0]['owner']] & PHPGW_ACL_DELETE || $check[0]['owner'] == $phpgw_info['user']['account_id'])
+	{
+		$t->set_var('delete_link','<form method="POST" action="'.$phpgw->link("/addressbook/delete.php","ab_id=$ab_id") . '">');
+		$t->set_var('delete_button','<input type="submit" name="delete" value="' . lang('Delete') . '">');
+	}
+
+	$t->pfp("out","edit");
 	
 	$phpgw->common->phpgw_footer();
 ?>
diff --git a/addressbook/inc/class.contacts_sql.inc.php b/addressbook/inc/class.contacts_sql.inc.php
index 8d1516a0ef..bbda2f2763 100644
--- a/addressbook/inc/class.contacts_sql.inc.php
+++ b/addressbook/inc/class.contacts_sql.inc.php
@@ -580,10 +580,8 @@
 		// This is where the real work of delete() is done, shared class file contains calling function
 		function delete_($id)
 		{
-			$this->db->query("delete from $this->std_table where owner='" . $this->account_id . "' and "
-			. "id='$id'",__LINE__,__FILE__);
-			$this->db->query("delete from $this->ext_table where contact_id='$id' and contact_owner='"
-			. $this->account_id . "'",__LINE__,__FILE__);
+			$this->db->query("delete from $this->std_table where id='$id'",__LINE__,__FILE__);
+			$this->db->query("delete from $this->ext_table where contact_id='$id'",__LINE__,__FILE__);
 		}
 
 		// This is for the admin script deleteaccount.php
diff --git a/addressbook/templates/default/edit.tpl b/addressbook/templates/default/edit.tpl
index 1d87ddd7fe..16857dc300 100644
--- a/addressbook/templates/default/edit.tpl
+++ b/addressbook/templates/default/edit.tpl
@@ -25,14 +25,15 @@
               </TD>
           <TD align="right">
             {delete_link}
-        <input type="hidden" name="ab_id" value="{ab_id}">
-        <input type="hidden" name="sort" value="{sort}">
-        <input type="hidden" name="order" value="{order}">
-        <input type="hidden" name="filter" value="{filter}">
-        <input type="hidden" name="query" value="{query}">
-        <input type="hidden" name="start" value="{start}">
-        <input type="hidden" name="cat_id" value="{cat_id}">
-        <input type="submit" name="delete" value="{lang_delete}"></form>
+            <input type="hidden" name="ab_id" value="{ab_id}">
+            <input type="hidden" name="sort" value="{sort}">
+            <input type="hidden" name="order" value="{order}">
+            <input type="hidden" name="filter" value="{filter}">
+            <input type="hidden" name="query" value="{query}">
+            <input type="hidden" name="start" value="{start}">
+            <input type="hidden" name="cat_id" value="{cat_id}">
+            {delete_button}
+           </form>
 	      </TD>
             </TR>
             </TBODY>