mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-11 17:20:53 +01:00
fix/allow searching, reading and updating own account for account-selection preference "none" or "groupmembers"
This commit is contained in:
parent
b82e573ad0
commit
3631b3e3c9
@ -1247,12 +1247,12 @@ class Contacts extends Contacts\Storage
|
||||
}
|
||||
$owner = $contact['owner'];
|
||||
|
||||
// allow the user to edit his own account
|
||||
if (!$owner && $needed == Acl::EDIT && $contact['account_id'] == $user && $this->own_account_acl)
|
||||
// allow the user to read and edit his own account
|
||||
if (!$owner && in_array($needed, [Acl::READ, Acl::EDIT]) && $contact['account_id'] == $user && $this->own_account_acl)
|
||||
{
|
||||
$access = true;
|
||||
}
|
||||
// dont allow to delete own account (as admin handels it too)
|
||||
// don't allow to delete own account (as admin handles it too)
|
||||
elseif (!$owner && $needed == Acl::DELETE && ($deny_account_delete || $contact['account_id'] == $user))
|
||||
{
|
||||
$access = false;
|
||||
|
@ -521,12 +521,13 @@ class Sql extends Api\Storage
|
||||
// add filter for read ACL in sql, if user is NOT the owner of the addressbook
|
||||
if (isset($this->grants) && !$ignore_acl)
|
||||
{
|
||||
// add read ACL for groupmembers (they have no
|
||||
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||
// add read ACL for account_selection "none" or "groupmembers", they have no grant for accounts
|
||||
if (in_array($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'], ['none', 'groupmembers']) &&
|
||||
(!isset($filter['owner']) || in_array('0',(array)$filter['owner'])))
|
||||
{
|
||||
$groupmembers = array();
|
||||
foreach($GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true) as $group_id)
|
||||
$groupmembers = array($GLOBALS['egw_info']['user']['account_id']);
|
||||
foreach($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] === 'none' ? [] :
|
||||
$GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true) as $group_id)
|
||||
{
|
||||
if (($members = $GLOBALS['egw']->accounts->members($group_id,true)))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user