Finished adding ACL to the addressbook, I belive it should now work. Needs testing

This commit is contained in:
jengo 2001-03-29 08:09:50 +00:00
parent 76495e058f
commit 2a46126b1b
4 changed files with 41 additions and 31 deletions

View File

@ -12,29 +12,37 @@
/* $Id$ */ /* $Id$ */
if ($confirm) { $phpgw_info['flags'] = array(
$phpgw_info["flags"] = array( 'noheader' => True,
"noheader" => True, 'nonavbar' => True,
"nonavbar" => True 'currentapp' => 'addressbook'
); );
include('../header.inc.php');
if (! $ab_id)
{
Header('Location: ' . $phpgw->link('/addressbook/index.php'));
} }
$phpgw_info["flags"]["currentapp"] = "addressbook"; $this = CreateObject('phpgwapi.contacts');
$phpgw_info["flags"]["enable_contacts_class"] = True;
include("../header.inc.php");
if (! $ab_id) {
@Header("Location: " . $phpgw->link("/addressbook/index.php"));
}
$this = CreateObject("phpgwapi.contacts");
$fields = $this->read_single_entry($ab_id,array("owner" => "owner")); $fields = $this->read_single_entry($ab_id,array("owner" => "owner"));
//$record_owner = $fields[0]["owner"]; //$record_owner = $fields[0]["owner"];
if (! $this->check_perms($this->grants[$fields[0]['owner']],PHPGW_ACL_DELETE) && $fields[0]['owner'] != $phpgw_info['user']['account_id'])
{
Header('Location: '
. $phpgw->link('/addressbook/index.php',"cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query&cat_id=$cat_id"));
$phpgw->common->phpgw_exit();
}
$t = new Template($phpgw->common->get_tpl_dir("addressbook")); $t = new Template($phpgw->common->get_tpl_dir("addressbook"));
$t->set_file(array("delete" => "delete.tpl")); $t->set_file(array("delete" => "delete.tpl"));
if ($confirm != "true") { if ($confirm != "true") {
$phpgw->common->phpgw_header();
echo parse_navbar();
$t->set_var(lang_sure,lang("Are you sure you want to delete this entry ?")); $t->set_var(lang_sure,lang("Are you sure you want to delete this entry ?"));
$t->set_var(no_link,$phpgw->link("/addressbook/index.php", $t->set_var(no_link,$phpgw->link("/addressbook/index.php",
"ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start&query=$query&cat_id=$cat_id")); "ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start&query=$query&cat_id=$cat_id"));

View File

@ -179,14 +179,17 @@
$t->set_var("lang_ok",lang("ok")); $t->set_var("lang_ok",lang("ok"));
$t->set_var("lang_clear",lang("clear")); $t->set_var("lang_clear",lang("clear"));
$t->set_var("lang_cancel",lang("cancel")); $t->set_var("lang_cancel",lang("cancel"));
$t->set_var("lang_delete",lang("delete"));
$t->set_var("lang_submit",lang("submit")); $t->set_var("lang_submit",lang("submit"));
$t->set_var("cancel_link",'<form method="POST" action="' $t->set_var("cancel_link",'<form method="POST" action="'
. $phpgw->link("/addressbook/index.php","sort=$sort&order=$order&filter=$filter&start=$start&query=$query&cat_id=$cat_id") . '">'); . $phpgw->link("/addressbook/index.php","sort=$sort&order=$order&filter=$filter&start=$start&query=$query&cat_id=$cat_id") . '">');
$t->set_var("delete_link",'<form method="POST" action="'.$phpgw->link("/addressbook/delete.php","ab_id=$ab_id") . '">');
$t->parse("out","edit"); if ($this->grants[$check[0]['owner']] & PHPGW_ACL_DELETE || $check[0]['owner'] == $phpgw_info['user']['account_id'])
$t->pparse("out","edit"); {
$t->set_var('delete_link','<form method="POST" action="'.$phpgw->link("/addressbook/delete.php","ab_id=$ab_id") . '">');
$t->set_var('delete_button','<input type="submit" name="delete" value="' . lang('Delete') . '">');
}
$t->pfp("out","edit");
$phpgw->common->phpgw_footer(); $phpgw->common->phpgw_footer();
?> ?>

View File

@ -580,10 +580,8 @@
// This is where the real work of delete() is done, shared class file contains calling function // This is where the real work of delete() is done, shared class file contains calling function
function delete_($id) function delete_($id)
{ {
$this->db->query("delete from $this->std_table where owner='" . $this->account_id . "' and " $this->db->query("delete from $this->std_table where id='$id'",__LINE__,__FILE__);
. "id='$id'",__LINE__,__FILE__); $this->db->query("delete from $this->ext_table where contact_id='$id'",__LINE__,__FILE__);
$this->db->query("delete from $this->ext_table where contact_id='$id' and contact_owner='"
. $this->account_id . "'",__LINE__,__FILE__);
} }
// This is for the admin script deleteaccount.php // This is for the admin script deleteaccount.php

View File

@ -32,7 +32,8 @@
<input type="hidden" name="query" value="{query}"> <input type="hidden" name="query" value="{query}">
<input type="hidden" name="start" value="{start}"> <input type="hidden" name="start" value="{start}">
<input type="hidden" name="cat_id" value="{cat_id}"> <input type="hidden" name="cat_id" value="{cat_id}">
<input type="submit" name="delete" value="{lang_delete}"></form> {delete_button}
</form>
</TD> </TD>
</TR> </TR>
</TBODY> </TBODY>