From 435a794d5e6e569cd1e828ef5339d71e3f121b49 Mon Sep 17 00:00:00 2001 From: seek3r Date: Thu, 25 Jan 2001 01:30:39 +0000 Subject: [PATCH] fixed some various issues with acl --- phpgwapi/inc/class.acl.inc.php | 72 ++++++++++++++++--------- phpgwapi/inc/class.applications.inc.php | 23 +++++++- 2 files changed, 67 insertions(+), 28 deletions(-) diff --git a/phpgwapi/inc/class.acl.inc.php b/phpgwapi/inc/class.acl.inc.php index 004840d514..1eb243e15d 100644 --- a/phpgwapi/inc/class.acl.inc.php +++ b/phpgwapi/inc/class.acl.inc.php @@ -98,36 +98,56 @@ function view($app, $location, $id, $id_type){ } - function view_app_list($location, $required, $id_type = "both", $id = ""){ + function get_app_list($location, $required){ global $phpgw, $phpgw_info; - if ($id == ""){ $id = $phpgw_info["user"]["account_id"]; } - $sql = "select acl_appname, acl_rights from phpgw_acl where (acl_location in ('$location','everywhere')) and "; - if ($id_type == "both" || $id_type == "u"){ - // User piece - $sql .= "((acl_account_type = 'u' and acl_account = ".$id.")"; - } - if ($id_type == "g"){ - $sql .= "(acl_account_type='g' and acl_account in (0"; // group 0 covers all users - }elseif ($id_type == "both"){ - $sql .= " or (acl_account_type='g' and acl_account in (0"; // group 0 covers all users - } - if ($id_type == "both" || $id_type == "g"){ - // Group piece - if (is_array($id) && count($id) > 0){ - for ($idx = 0; $idx < count($id); ++$idx){ - $sql .= ",".$id[$idx]; - } - } else { - $sql .= ",".$id; + // User piece + $sql = "select acl_appname, acl_rights from phpgw_acl where (acl_location in ('$location','everywhere')) "; + $sql .= " and ((acl_account_type = 'u' and acl_account = '".$phpgw_info["user"]["account_id"]."')"; + + // Group piece + $sql .= " or (acl_account_type='g' and acl_account in (0"; // group 0 covers all users + $memberships = $phpgw->accounts->read_group_names(); + if (is_array($memberships) && count($memberships) > 0){ + for ($idx = 0; $idx < count($memberships); ++$idx){ + $sql .= ",".$memberships[$idx][0]; } } - if ($id_type == "both"){ - $sql .= ")))"; - }elseif ($id_type == "u"){ - $sql .= ")"; - }elseif ($id_type == "g"){ - $sql .= "))"; + $sql .= ")))"; + + $this->db->query($sql ,__LINE__,__FILE__); + $rights = 0; + if ($this->db->num_rows() == 0 ){ return False; } + while ($this->db->next_record()) { + if ($this->db->f("acl_rights") == 0){ return False; } + $rights |= $this->db->f("acl_rights"); + if (!!($rights & $required) == True){ + $apps[] = $this->db->f("acl_appname"); + }else{ + return False; + } } + return $apps; + } + + + function get_app_list_for_id($location, $required, $id_type = "", $id = ""){ + global $phpgw, $phpgw_info; + if ($id == ""){ $id = $phpgw_info["user"]["account_id"]; } + if ($id_type == ""){ $id_type = "u"; } + $sql = "select acl_appname, acl_rights from phpgw_acl where acl_location = '$location' and "; + if ($id_type == "u"){ + $sql .= "acl_account_type = 'u' and acl_account = ".$id; + }elseif($id_type == "g"){ + $sql .= "acl_account_type='g' and acl_account in (0"; // group 0 covers all users + // Group piece + if (is_array($memberships) && count($memberships) > 0){ + for ($idx = 0; $idx < count($memberships); ++$idx){ + $sql .= ",".$memberships[$idx][0]; + } + } + $sql .= ")"; + } + $this->db->query($sql ,__LINE__,__FILE__); $rights = 0; if ($this->db->num_rows() == 0 ){ return False; } diff --git a/phpgwapi/inc/class.applications.inc.php b/phpgwapi/inc/class.applications.inc.php index fec7a16a1d..22f920720e 100755 --- a/phpgwapi/inc/class.applications.inc.php +++ b/phpgwapi/inc/class.applications.inc.php @@ -76,6 +76,25 @@ } if($owner_found) { $this->account_id = $owner_id; + + $acl_apps = $phpgw->acl->get_app_list('run', 1); + if ($acl_apps != False){ + reset ($acl_apps); + while (list(,$value) = each($acl_apps)){ + $apps[] = $value; + } + } + if(count($apps)) { + for ($i=0;$ienabled[$apps[$i]] == 1) { + $this->enabled[$apps[$i]] = 2; + $this->app_perms[] = $apps[$i]; + } + } + } + +// should be able to delete these two lines soon. +// This will breaks backward compatibility, so we need the setup upgrade script ready $this->read_user_group_apps($this->account_id); $this->read_user_apps($this->account_id); if($load_info) { @@ -141,7 +160,7 @@ return False; } - $acl_apps = $phpgw->acl->view_app_list('run', 1, 'u'); + $acl_apps = $phpgw->acl->get_app_list_for_id('run', 1, 'u'); if ($acl_apps != False){ reset ($acl_apps); while (list(,$value) = each($acl_apps)){ @@ -203,7 +222,7 @@ $db2 = $phpgw->db; - $acl_apps = $phpgw->acl->view_app_list('run', 1, 'g', $group_id); + $acl_apps = $phpgw->acl->get_app_list_for_id('run', 1, 'g', $group_id); if ($acl_apps != False){ reset ($acl_apps); while (list(,$value) = each($acl_apps)){