extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 14:41:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed not working acl in so&bo (ui acl is working, that why noone noticed it so far), moved acl-check and default-values for add from so to bo)

Browse Source
This commit is contained in:
Ralf Becker 2003-10-24 19:05:05 +00:00
parent 02aae78730
commit 3b69781d89
2 changed files with 107 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
addressbook/inc/class.boaddressbook.inc.php
View File

@ -21,7 +21,8 @@
'add_entry' => True,
'add_vcard' => True,
'add_email' => True,
'update_entry' => True
'update_entry' => True,
'delete_entry' => True,
);
var $xml_functions = array();
@ -60,29 +61,29 @@
var $filter;
var $cat_id;
var $total;
var $contact_cache = array();
var $use_session = False;
function boaddressbook($session=False)
{
$this->so = CreateObject('addressbook.soaddressbook');
$this->rights = $this->so->rights;
$this->grants = $this->so->grants;
$this->grants = &$this->so->grants;
if($session)
{
$this->read_sessiondata();
$this->use_session = True;
}
/* _debug_array($GLOBALS['HTTP_POST_VARS']); */
/* _debug_array($_POST); */
/* Might change this to '' at the end---> */
$_start = $GLOBALS['HTTP_POST_VARS']['start'] ? $GLOBALS['HTTP_POST_VARS']['start'] : $GLOBALS['HTTP_GET_VARS']['start'];
$_query = $GLOBALS['HTTP_POST_VARS']['query'] ? $GLOBALS['HTTP_POST_VARS']['query'] : $GLOBALS['HTTP_GET_VARS']['query'];
$_sort = $GLOBALS['HTTP_POST_VARS']['sort'] ? $GLOBALS['HTTP_POST_VARS']['sort'] : $GLOBALS['HTTP_GET_VARS']['sort'];
$_order = $GLOBALS['HTTP_POST_VARS']['order'] ? $GLOBALS['HTTP_POST_VARS']['order'] : $GLOBALS['HTTP_GET_VARS']['order'];
$_filter = $GLOBALS['HTTP_POST_VARS']['filter'] ? $GLOBALS['HTTP_POST_VARS']['filter'] : $GLOBALS['HTTP_GET_VARS']['filter'];
$_cat_id = $GLOBALS['HTTP_POST_VARS']['cat_id'] ? $GLOBALS['HTTP_POST_VARS']['cat_id'] : $GLOBALS['HTTP_GET_VARS']['cat_id'];
$_fcat_id = $GLOBALS['HTTP_POST_VARS']['fcat_id'] ? $GLOBALS['HTTP_POST_VARS']['fcat_id'] : $GLOBALS['HTTP_GET_VARS']['fcat_id'];
$_start = get_var('start',array('POST','GET'));
$_query = get_var('query',array('POST','GET'));
$_sort = get_var('sort',array('POST','GET'));
$_order = get_var('order',array('POST','GET'));
$_filter = get_var('filter',array('POST','GET'));
$_cat_id = get_var('cat_id',array('POST','GET'));
$_fcat_id = get_var('fcat_id',array('POST','GET'));
if(!empty($_start) || ($_start == '0') || ($_start == 0))
{
@ -98,7 +99,7 @@
$this->query = $_query;
}
if(isset($GLOBALS['HTTP_POST_VARS']['fcat_id']) || isset($GLOBALS['HTTP_POST_VARS']['fcat_id']))
if(isset($_POST['fcat_id']) || isset($_POST['fcat_id']))
{
$this->cat_id = $_fcat_id;
}
@ -262,14 +263,22 @@
function read_entry($data)
{
$entry = $this->so->read_entry($data['id'],$data['fields']);
return $this->strip_html($entry);
if ($this->check_perms($data,PHPGW_ACL_DELETE))
{
$entry = $this->so->read_entry($data['id'],$data['fields']);
return $this->strip_html($entry);
}
return array(0 => array('No access' => 'No access'));
}
function read_last_entry($fields)
{
$entry = $this->so->read_last_entry($fields);
return $this->strip_html($entry);
if ($this->check_perms($fields,PHPGW_ACL_DELETE))
{
$entry = $this->so->read_last_entry($fields);
return $this->strip_html($entry);
}
return array(0 => array('No access' => 'No access'));
}
function add_vcard()
@ -342,6 +351,20 @@
function add_entry($fields)
{
// setting some defaults, if not set eg. via xmlrpc
$fields['tid'] = trim($fields['tid']);
if(empty($fields['tid']))
{
$fields['tid'] = 'n';
}
if(!@$fields['owner'])
{
$fields['owner'] = $GLOBALS['phpgw_info']['user']['account_id'];
}
if(empty($fields['access']))
{
$fields['access'] = 'public';
}
return $this->so->add_entry($fields);
}
@ -352,12 +375,47 @@
function update_entry($fields)
{
return $this->so->update_entry($fields);
if ($this->check_perms($fields,PHPGW_ACL_EDIT))
{
return $this->so->update_entry($fields);
}
return False;
}
function delete_entry($ab_id)
function delete_entry($addr)
{
return $this->so->delete_entry($ab_id);
$id = !is_array($addr) ? $addr : (isset($addr['id']) ? $addr['id'] : $addr['ab_id']);
if ($this->check_perms($id,PHPGW_ACL_DELETE))
{
return $this->so->delete_entry($id);
}
return False;
}
/*!
@function check_perms
@abstract checks if user has the necessary rights on the given address or address-id
@syntax check_perms($addr,$rights)
@param $addr mixed address-record with id and owner or addr-id
@param $rights integer PHPGW_ACL_{READ|EDIT|ADD|DELETE}
@return True if the user has the requested rights, else False
*/
function check_perms($addr,$rights)
{
$id = !is_array($addr) ? $addr : (isset($addr['id']) ? $addr['id'] : $addr['ab_id']);
if (!is_array($addr) || !isset($addr['owner']))
{
$a = $this->so->read_entry($id,array('owner'));
$owner = $a[0]['owner'];
}
else
{
$owner = $addr['owner'];
}
//echo "<p>boaddressbook::check_perms(id='$id',rights=$rights): grant[owner='$owner']='".$this->grants[$owner]."' => ".(($this->grants[$owner] & 4) ? 'True':'False')."</p>\n";
return !!($this->grants[$owner] & $rights);
}
function save_preferences($prefs,$other,$qfields,$fcat_id)

119
addressbook/inc/class.soaddressbook.inc.php
View File

@ -21,39 +21,15 @@
function soaddressbook()
{
if(!isset($GLOBALS['owner']))
if (!is_object($GLOBALS['phpgw']->contacts))
{
$GLOBALS['owner'] = 0;
$GLOBALS['phpgw']->contacts = CreateObject('phpgwapi.contacts');
}
$owner = $GLOBALS['owner'];
$this->contacts = &$GLOBALS['phpgw']->contacts;
$this->grants = &$this->contacts->grants;
$this->contacts = CreateObject('phpgwapi.contacts');
$grants = $this->contacts->grants;
/* _debug_array($GLOBALS['phpgw_info']); */
/* _debug_array($grants); */
if(!isset($owner) || !$owner)
{
$owner = $GLOBALS['phpgw_info']['user']['account_id'];
/* echo $owner; */
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
/* echo $rights; */
}
else
{
if($grants[$owner])
{
$rights = $grants[$owner];
if (!($rights & PHPGW_ACL_READ))
{
$owner = $GLOBALS['phpgw_info']['user']['account_id'];
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
}
}
}
$this->rights = $rights;
$this->grants = $grants;
$this->owner = $owner;
}
function read_entries($data)
@ -71,89 +47,54 @@
function read_entry($id,$fields)
{
if ($this->rights & PHPGW_ACL_READ)
{
return $this->contacts->read_single_entry($id,$fields);
}
else
{
$rtrn = array(0 => array('No access' => 'No access'));
return $rtrn;
}
return $this->contacts->read_single_entry($id,$fields);
}
function read_last_entry($fields)
{
if ($this->rights & PHPGW_ACL_READ)
{
return $this->contacts->read_last_entry($fields);
}
else
{
$rtrn = array(0 => array('No access' => 'No access'));
return $rtrn;
}
return $this->contacts->read_last_entry($fields);
}
function add_entry($fields)
{
$fields['tid'] = trim($fields['tid']);
if(empty($fields['tid']))
{
$fields['tid'] = 'n';
}
if ($this->rights & PHPGW_ACL_ADD)
{
$ab_id = $fields['ab_id'];
$owner = $fields['owner'];
$access = $fields['access'];
$cat_id = $fields['cat_id'];
$tid = $fields['tid'];
unset($fields['owner']);
unset($fields['access']);
unset($fields['cat_id']);
unset($fields['ab_id']);
unset($fields['tid']);
$owner = $fields['owner'];
$access = $fields['access'];
$cat_id = $fields['cat_id'];
$tid = $fields['tid'];
unset($fields['owner']);
unset($fields['access']);
unset($fields['cat_id']);
unset($fields['ab_id']);
unset($fields['tid']);
$id = $this->contacts->add($owner,$fields,$access,$cat_id,$tid);
}
return $id;
return $this->contacts->add($owner,$fields,$access,$cat_id,$tid);
}
function get_lastid()
{
$entry = $this->contacts->read_last_entry();
$id = $entry[0]['id'];
return $id;
return $entry[0]['id'];
}
function update_entry($fields)
{
if ($this->rights & PHPGW_ACL_EDIT)
{
$ab_id = $fields['ab_id'];
$owner = $fields['owner'];
$access = $fields['access'];
$cat_id = $fields['cat_id'];
$tid = $fields['tid'];
unset($fields['owner']);
unset($fields['access']);
unset($fields['cat_id']);
unset($fields['ab_id']);
unset($fields['tid']);
$ab_id = $fields['ab_id'];
$owner = $fields['owner'];
$access = $fields['access'];
$cat_id = $fields['cat_id'];
$tid = $fields['tid'];
unset($fields['owner']);
unset($fields['access']);
unset($fields['cat_id']);
unset($fields['ab_id']);
unset($fields['tid']);
$this->contacts->update($ab_id,$owner,$fields,$access,$cat_id,$tid);
}
return;
return $this->contacts->update($ab_id,$owner,$fields,$access,$cat_id,$tid);
}
function delete_entry($data)
function delete_entry($id)
{
if ($this->rights & PHPGW_ACL_DELETE)
{
$this->contacts->delete($data['id']);
}
return;
return $this->contacts->delete($id);
}
}
?>