extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 14:41:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed not working acl in so&bo (ui acl is working, that why noone noticed it so far), moved acl-check and default-values for add from so to bo)

Browse Source
This commit is contained in:
Ralf Becker 2003-10-24 19:05:05 +00:00
parent 02aae78730
commit 3b69781d89
2 changed files with 107 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
addressbook/inc/class.boaddressbook.inc.php
View File

@ -21,7 +21,8 @@
'add_entry' => True, 'add_entry' => True,
'add_vcard' => True, 'add_vcard' => True,
'add_email' => True, 'add_email' => True,
'update_entry' => True 'update_entry' => True,
'delete_entry' => True,
); );
var $xml_functions = array(); var $xml_functions = array();
@ -60,29 +61,29 @@
var $filter; var $filter;
var $cat_id; var $cat_id;
var $total; var $total;
var $contact_cache = array();
var $use_session = False; var $use_session = False;
function boaddressbook($session=False) function boaddressbook($session=False)
{ {
$this->so = CreateObject('addressbook.soaddressbook'); $this->so = CreateObject('addressbook.soaddressbook');
$this->rights = $this->so->rights; $this->grants = &$this->so->grants;
$this->grants = $this->so->grants;
if($session) if($session)
{ {
$this->read_sessiondata(); $this->read_sessiondata();
$this->use_session = True; $this->use_session = True;
} }
/* _debug_array($GLOBALS['HTTP_POST_VARS']); */ /* _debug_array($_POST); */
/* Might change this to '' at the end---> */ /* Might change this to '' at the end---> */
$_start = $GLOBALS['HTTP_POST_VARS']['start'] ? $GLOBALS['HTTP_POST_VARS']['start'] : $GLOBALS['HTTP_GET_VARS']['start']; $_start = get_var('start',array('POST','GET'));
$_query = $GLOBALS['HTTP_POST_VARS']['query'] ? $GLOBALS['HTTP_POST_VARS']['query'] : $GLOBALS['HTTP_GET_VARS']['query']; $_query = get_var('query',array('POST','GET'));
$_sort = $GLOBALS['HTTP_POST_VARS']['sort'] ? $GLOBALS['HTTP_POST_VARS']['sort'] : $GLOBALS['HTTP_GET_VARS']['sort']; $_sort = get_var('sort',array('POST','GET'));
$_order = $GLOBALS['HTTP_POST_VARS']['order'] ? $GLOBALS['HTTP_POST_VARS']['order'] : $GLOBALS['HTTP_GET_VARS']['order']; $_order = get_var('order',array('POST','GET'));
$_filter = $GLOBALS['HTTP_POST_VARS']['filter'] ? $GLOBALS['HTTP_POST_VARS']['filter'] : $GLOBALS['HTTP_GET_VARS']['filter']; $_filter = get_var('filter',array('POST','GET'));
$_cat_id = $GLOBALS['HTTP_POST_VARS']['cat_id'] ? $GLOBALS['HTTP_POST_VARS']['cat_id'] : $GLOBALS['HTTP_GET_VARS']['cat_id']; $_cat_id = get_var('cat_id',array('POST','GET'));
$_fcat_id = $GLOBALS['HTTP_POST_VARS']['fcat_id'] ? $GLOBALS['HTTP_POST_VARS']['fcat_id'] : $GLOBALS['HTTP_GET_VARS']['fcat_id']; $_fcat_id = get_var('fcat_id',array('POST','GET'));
if(!empty($_start) || ($_start == '0') || ($_start == 0)) if(!empty($_start) || ($_start == '0') || ($_start == 0))
{ {
@ -98,7 +99,7 @@
$this->query = $_query; $this->query = $_query;
} }
if(isset($GLOBALS['HTTP_POST_VARS']['fcat_id']) || isset($GLOBALS['HTTP_POST_VARS']['fcat_id'])) if(isset($_POST['fcat_id']) || isset($_POST['fcat_id']))
{ {
$this->cat_id = $_fcat_id; $this->cat_id = $_fcat_id;
} }
@ -262,14 +263,22 @@
function read_entry($data) function read_entry($data)
{ {
$entry = $this->so->read_entry($data['id'],$data['fields']); if ($this->check_perms($data,PHPGW_ACL_DELETE))
return $this->strip_html($entry); {
$entry = $this->so->read_entry($data['id'],$data['fields']);
return $this->strip_html($entry);
}
return array(0 => array('No access' => 'No access'));
} }
function read_last_entry($fields) function read_last_entry($fields)
{ {
$entry = $this->so->read_last_entry($fields); if ($this->check_perms($fields,PHPGW_ACL_DELETE))
return $this->strip_html($entry); {
$entry = $this->so->read_last_entry($fields);
return $this->strip_html($entry);
}
return array(0 => array('No access' => 'No access'));
} }
function add_vcard() function add_vcard()
@ -342,6 +351,20 @@
function add_entry($fields) function add_entry($fields)
{ {
// setting some defaults, if not set eg. via xmlrpc
$fields['tid'] = trim($fields['tid']);
if(empty($fields['tid']))
{
$fields['tid'] = 'n';
}
if(!@$fields['owner'])
{
$fields['owner'] = $GLOBALS['phpgw_info']['user']['account_id'];
}
if(empty($fields['access']))
{
$fields['access'] = 'public';
}
return $this->so->add_entry($fields); return $this->so->add_entry($fields);
} }
@ -352,12 +375,47 @@
function update_entry($fields) function update_entry($fields)
{ {
return $this->so->update_entry($fields); if ($this->check_perms($fields,PHPGW_ACL_EDIT))
{
return $this->so->update_entry($fields);
}
return False;
} }
function delete_entry($ab_id) function delete_entry($addr)
{ {
return $this->so->delete_entry($ab_id); $id = !is_array($addr) ? $addr : (isset($addr['id']) ? $addr['id'] : $addr['ab_id']);
if ($this->check_perms($id,PHPGW_ACL_DELETE))
{
return $this->so->delete_entry($id);
}
return False;
}
/*!
@function check_perms
@abstract checks if user has the necessary rights on the given address or address-id
@syntax check_perms($addr,$rights)
@param $addr mixed address-record with id and owner or addr-id
@param $rights integer PHPGW_ACL_{READ|EDIT|ADD|DELETE}
@return True if the user has the requested rights, else False
*/
function check_perms($addr,$rights)
{
$id = !is_array($addr) ? $addr : (isset($addr['id']) ? $addr['id'] : $addr['ab_id']);
if (!is_array($addr) || !isset($addr['owner']))
{
$a = $this->so->read_entry($id,array('owner'));
$owner = $a[0]['owner'];
}
else
{
$owner = $addr['owner'];
}
//echo "<p>boaddressbook::check_perms(id='$id',rights=$rights): grant[owner='$owner']='".$this->grants[$owner]."' => ".(($this->grants[$owner] & 4) ? 'True':'False')."</p>\n";
return !!($this->grants[$owner] & $rights);
} }
function save_preferences($prefs,$other,$qfields,$fcat_id) function save_preferences($prefs,$other,$qfields,$fcat_id)

119
addressbook/inc/class.soaddressbook.inc.php
View File

@ -21,39 +21,15 @@
function soaddressbook() function soaddressbook()
{ {
if(!isset($GLOBALS['owner'])) if (!is_object($GLOBALS['phpgw']->contacts))
{ {
$GLOBALS['owner'] = 0; $GLOBALS['phpgw']->contacts = CreateObject('phpgwapi.contacts');
} }
$owner = $GLOBALS['owner']; $this->contacts = &$GLOBALS['phpgw']->contacts;
$this->grants = &$this->contacts->grants;
$this->contacts = CreateObject('phpgwapi.contacts');
$grants = $this->contacts->grants;
/* _debug_array($GLOBALS['phpgw_info']); */ /* _debug_array($GLOBALS['phpgw_info']); */
/* _debug_array($grants); */ /* _debug_array($grants); */
if(!isset($owner) || !$owner)
{
$owner = $GLOBALS['phpgw_info']['user']['account_id'];
/* echo $owner; */
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
/* echo $rights; */
}
else
{
if($grants[$owner])
{
$rights = $grants[$owner];
if (!($rights & PHPGW_ACL_READ))
{
$owner = $GLOBALS['phpgw_info']['user']['account_id'];
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
}
}
}
$this->rights = $rights;
$this->grants = $grants;
$this->owner = $owner;
} }
function read_entries($data) function read_entries($data)
@ -71,89 +47,54 @@
function read_entry($id,$fields) function read_entry($id,$fields)
{ {
if ($this->rights & PHPGW_ACL_READ) return $this->contacts->read_single_entry($id,$fields);
{
return $this->contacts->read_single_entry($id,$fields);
}
else
{
$rtrn = array(0 => array('No access' => 'No access'));
return $rtrn;
}
} }
function read_last_entry($fields) function read_last_entry($fields)
{ {
if ($this->rights & PHPGW_ACL_READ) return $this->contacts->read_last_entry($fields);
{
return $this->contacts->read_last_entry($fields);
}
else
{
$rtrn = array(0 => array('No access' => 'No access'));
return $rtrn;
}
} }
function add_entry($fields) function add_entry($fields)
{ {
$fields['tid'] = trim($fields['tid']); $owner = $fields['owner'];
if(empty($fields['tid'])) $access = $fields['access'];
{ $cat_id = $fields['cat_id'];
$fields['tid'] = 'n'; $tid = $fields['tid'];
} unset($fields['owner']);
if ($this->rights & PHPGW_ACL_ADD) unset($fields['access']);
{ unset($fields['cat_id']);
$ab_id = $fields['ab_id']; unset($fields['ab_id']);
$owner = $fields['owner']; unset($fields['tid']);
$access = $fields['access'];
$cat_id = $fields['cat_id'];
$tid = $fields['tid'];
unset($fields['owner']);
unset($fields['access']);
unset($fields['cat_id']);
unset($fields['ab_id']);
unset($fields['tid']);
$id = $this->contacts->add($owner,$fields,$access,$cat_id,$tid); return $this->contacts->add($owner,$fields,$access,$cat_id,$tid);
}
return $id;
} }
function get_lastid() function get_lastid()
{ {
$entry = $this->contacts->read_last_entry(); $entry = $this->contacts->read_last_entry();
$id = $entry[0]['id']; return $entry[0]['id'];
return $id;
} }
function update_entry($fields) function update_entry($fields)
{ {
if ($this->rights & PHPGW_ACL_EDIT) $ab_id = $fields['ab_id'];
{ $owner = $fields['owner'];
$ab_id = $fields['ab_id']; $access = $fields['access'];
$owner = $fields['owner']; $cat_id = $fields['cat_id'];
$access = $fields['access']; $tid = $fields['tid'];
$cat_id = $fields['cat_id']; unset($fields['owner']);
$tid = $fields['tid']; unset($fields['access']);
unset($fields['owner']); unset($fields['cat_id']);
unset($fields['access']); unset($fields['ab_id']);
unset($fields['cat_id']); unset($fields['tid']);
unset($fields['ab_id']);
unset($fields['tid']);
$this->contacts->update($ab_id,$owner,$fields,$access,$cat_id,$tid); return $this->contacts->update($ab_id,$owner,$fields,$access,$cat_id,$tid);
}
return;
} }
function delete_entry($data) function delete_entry($id)
{ {
if ($this->rights & PHPGW_ACL_DELETE) return $this->contacts->delete($id);
{
$this->contacts->delete($data['id']);
}
return;
} }
} }
?> ?>