extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-03 13:25:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix/allow searching, reading and updating own account for account-selection preference "none" or "groupmembers"

Browse Source
This commit is contained in:
ralf 2024-03-30 09:10:06 +02:00
parent b82e573ad0
commit 3631b3e3c9
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/src/Contacts.php
View File

@ -1247,12 +1247,12 @@ class Contacts extends Contacts\Storage
}
$owner = $contact['owner'];
// allow the user to edit his own account
if (!$owner && $needed == Acl::EDIT && $contact['account_id'] == $user && $this->own_account_acl)
// allow the user to read and edit his own account
if (!$owner && in_array($needed, [Acl::READ, Acl::EDIT]) && $contact['account_id'] == $user && $this->own_account_acl)
{
$access = true;
}
// dont allow to delete own account (as admin handels it too)
// don't allow to delete own account (as admin handles it too)
elseif (!$owner && $needed == Acl::DELETE && ($deny_account_delete || $contact['account_id'] == $user))
{
$access = false;

9
api/src/Contacts/Sql.php
View File

@ -521,12 +521,13 @@ class Sql extends Api\Storage
// add filter for read ACL in sql, if user is NOT the owner of the addressbook
if (isset($this->grants) && !$ignore_acl)
{
// add read ACL for groupmembers (they have no
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
// add read ACL for account_selection "none" or "groupmembers", they have no grant for accounts
if (in_array($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'], ['none', 'groupmembers']) &&
(!isset($filter['owner']) || in_array('0',(array)$filter['owner'])))
{
$groupmembers = array();
foreach($GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true) as $group_id)
$groupmembers = array($GLOBALS['egw_info']['user']['account_id']);
foreach($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] === 'none' ? [] :
$GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true) as $group_id)
{
if (($members = $GLOBALS['egw']->accounts->members($group_id,true)))
{