Calendar - Remove contacts matching accounts user has no access to so nobody selects it thinking they are selecting the user account

This commit is contained in:
nathangray 2017-03-07 11:08:26 -07:00
parent a14a8681fc
commit 2dbe3e785e

View File

@ -146,6 +146,11 @@ class calendar_owner_etemplate_widget extends Etemplate\Widget\Taglist
array_diff_key($_REQUEST, array_flip(array('menuaction','query')));
$results = array();
// Contacts matching accounts the user does not have permission for cause
// confusion as user selects the contact and there's nothing there, so
// we remove those contacts
$remove_contacts = array();
$resources = array_merge(array('' => $bo->resources['']),$bo->resources);
foreach($resources as $type => $data)
{
@ -159,19 +164,36 @@ class calendar_owner_etemplate_widget extends Etemplate\Widget\Taglist
$_results += Api\Accounts::link_query($query, $account_options);
if (!empty($_REQUEST['checkgrants']))
{
$_results = array_intersect_key($_results, $GLOBALS['egw']->acl->get_grants('calendar'));
$grants = $GLOBALS['egw']->acl->get_grants('calendar');
$remove_contacts = array_diff_key($_results, $grants);
$_results = array_intersect_key($_results, $grants);
}
}
// App provides a custom search function
else if ($data['app'] && $data['search'])
{
$_results = call_user_func_array($data['search'], array($query, $options));
}
// Use standard link registry
else if ($data['app'] && Link::get_registry($data['app'], 'query'))
{
$_results = Link::query($data['app'], $query,$options);
}
if ($type == 'l')
// There are always special cases
switch ($type)
{
case 'c':
// Remove contacts matching excluded accounts
foreach($_results as $key => $title)
{
if(in_array($title, $remove_contacts) || is_array($title) && in_array($title['label'], $remove_contacts))
{
unset($_results[$key]);
}
}
break;
case 'l':
// Include mailing lists
$contacts_obj = new Api\Contacts();
$lists = array_filter(
@ -187,6 +209,7 @@ class calendar_owner_etemplate_widget extends Etemplate\Widget\Taglist
'resources' => $bo->enum_mailing_list($type.$list_id)
);
}
break;
}
if(!$_results)
{