Applying a patch from ralfbecker. This gives the admin the ability to grant ACL rights at the group level.

2024-11-22 16:03:47 +01:00 · 2001-06-18 03:03:48 +00:00 · 2001-06-18 03:03:48 +00:00 · 4546f7aaa1
commit 4546f7aaa1
parent 8895d619f5
4 changed files with 156 additions and 58 deletions
--- a/admin/editgroup.php
+++ b/admin/editgroup.php
@ -14,10 +14,32 @@
 	$phpgw_info = array();
 	if ($submit)
 	{
-		$phpgw_info["flags"] = array("noheader" => True, "nonavbar" => True);
+		$phpgw_flags = Array(
+			'currentapp'	=> 'admin',
+			'enable_nextmatchs_class'	=> True,
+			'noheader'	=> True,
+			'nonavbar'	=> True
+		);
 	}
-	$phpgw_info["flags"]["currentapp"] = "admin";
-	include("../header.inc.php");
+	else
+	{
+		$phpgw_flags = Array(
+			'currentapp'	=> 'admin',
+			'enable_nextmatchs_class'	=> True
+		);
+	}
+	$phpgw_info['flags'] = $phpgw_flags;
+	include('../header.inc.php');
+
+	$apps_with_acl = Array(
+		'addressbook'	=> True,
+		'todo'		=> True,
+		'calendar'	=> True,
+		'notes'		=> True,
+		'projects'	=> True,
+		'phonelog'	=> True,
+		'infolog'	=> True
+	);

 	function is_odd($n)
 	{
@ -34,7 +56,7 @@

 	if (! $group_id)
 	{
-		Header("Location: " . $phpgw->link("/admin/groups.php"));
+		Header('Location: ' . $phpgw->link('/admin/groups.php'));
 	}

 	if ($submit)
@ -47,7 +69,7 @@
 		{
 			if ($group->exists($n_group))
 			{
-				$error = lang("Sorry, that group name has already been taken.");
+				$error = lang('Sorry, that group name has already been taken.');
 			}
 		}

@ -229,11 +251,11 @@
 			. '</option>'."\n";
 	}
 	$p->set_var('user_list',$user_list);
-	$p->set_var("lang_permissions",lang("Permissions this group has"));
+	$p->set_var('lang_permissions',lang('Permissions this group has'));

 	$i = 0;
-	reset($phpgw_info["apps"]);
-	$sorted_apps = $phpgw_info["apps"];
+	reset($phpgw_info['apps']);
+	$sorted_apps = $phpgw_info['apps'];
 	@asort($sorted_apps);
 	@reset($sorted_apps);
 	while ($permission = each($sorted_apps))
@ -246,35 +268,41 @@
 		}
 	}

-	$perm_html = "";
-	for ($i=0;$i<200;)
-	{     // The $i<200 is only used for a brake
-		if (! $perm_display[$i][1]) break;
-		$perm_html .= '<tr bgcolor="'.$phpgw_info["theme"]["row_on"].'"><td>' . lang($perm_display[$i][1]) . '</td>'
-			. '<td><input type="checkbox" name="n_group_permissions['
+	$perm_html = '';
+	$tr_color = $phpgw_info['theme']['row_off'];
+	for ($i=0;$perm_display[$i][1];$i++)
+	{
+		$app = $perm_display[$i][0];
+		if(!($i & 1))
+		{
+			$tr_color = $phpgw->nextmatchs->alternate_row_color();
+			$perm_html .= '<tr bgcolor="'.$tr_color.'">';
+		}
+		$perm_html .= '<td width="40%">' . lang($perm_display[$i][1]) . '</td>'
+			. '<td width="5%"><input type="checkbox" name="n_group_permissions['
 			. $perm_display[$i][0] . ']" value="True"';
-		if ($n_group_permissions[$perm_display[$i][0]] || $db_perms[$perm_display[$i][0]])
+		if ($n_group_permissions[$app] || $db_perms[$app])
 		{
-			$perm_html .= " checked";
+			$perm_html .= ' checked';
 		}
-		$perm_html .= "></td>";
-		$i++;
-
-		if ($i == count($perm_display) && is_odd(count($perm_display)))
+		$perm_html .= '></td><td width="5%">';
+		if($apps_with_acl[$app])
 		{
-			$perm_html .= '<td colspan="2">&nbsp;</td></tr>';
+			$perm_html .= '<a href="'.$phpgw->link('/preferences/acl_preferences.php','acl_app='.$app.'&owner='.$group_id).'" target="_blank"><img src="'.$phpgw->common->image('admin','dot.gif').'" border="0" hspace="3" align="absmiddle" alt="'.lang('Grant Access').'"></a>';
 		}
-
-		if (! $perm_display[$i][1]) break;
-		$perm_html .= '<td>' . lang($perm_display[$i][1]) . '</td>'
-			. '<td><input type="checkbox" name="n_group_permissions['
-			. $perm_display[$i][0] . ']" value="True"';
-		if ($n_group_permissions[$perm_display[$i][0]] || $db_perms[$perm_display[$i][0]])
+		else
 		{
-			$perm_html .= " checked";
+			$perm_html .= '&nbsp;';
 		}
-		$perm_html .= "></td></tr>\n";
-		$i++;
+		$perm_html .= '</td>';
+		if($i & 1)
+		{
+			$perm_html .= '</tr>';
+		}
+	}
+	if($i & 1)
+	{
+		$perm_html .= '<td colspan="4">&nbsp;</td></tr>';
 	}

 	$p->set_var("permissions_list",$perm_html);	
--- a/admin/templates/default/images/dot.gif
+++ b/admin/templates/default/images/dot.gif
--- a/phpgwapi/inc/class.acl.inc.php
+++ b/phpgwapi/inc/class.acl.inc.php
@ -81,12 +81,12 @@
 		{
 			global $phpgw, $phpgw_info;
 			$sql = 'select * from phpgw_acl where (acl_account in ('.$this->account_id.', 0'; 
-//			$equalto = $phpgw->accounts->security_equals($this->account_id);
-//			if (is_array($equalto) && count($equalto) > 0){
-//				for ($idx = 0; $idx < count($equalto); ++$idx){
-//					$sql .= ",".$equalto[$idx][0];
-//				}
-//			}
+
+			$groups = $this->get_location_list_for_id('phpgw_group', 1, $this->account_id);
+			while($groups && list($key,$value) = each($groups))
+			{
+				$sql .= ','.$value;
+			}
 			$sql .= '))';
 			$this->db->query($sql ,__LINE__,__FILE__);
 			$count = $this->db->num_rows();
@ -565,9 +565,10 @@

 			$sql = "select acl_account, acl_rights from phpgw_acl where acl_appname = '$app' and "
 				. "acl_location in ";
-			$security = "('". $phpgw_info['user']['account_id'] ."'";
+//			$security = "('". $phpgw_info['user']['account_id'] ."'";
+			$security = "('". $this->account_id ."'";
 			$myaccounts = CreateObject('phpgwapi.accounts');
-			$my_memberships = $myaccounts->memberships();
+			$my_memberships = $myaccounts->memberships($this->account_id);
 			@reset($my_memberships);
 			while($my_memberships && list($key,$group) = each($my_memberships))
 			{
@ -589,12 +590,36 @@
 //				}

 				if(!isset($accounts[$grantor]))
+				// cache the group-members for performance
 				{
-					$accounts[$grantor] = 0;
+					// if $grantor is a group, get its members
+					$members = $this->get_ids_for_location($grantor,1,'phpgw_group');
+					if(!$members)
+					{
+						$accounts[$grantor] = Array($grantor);
+						$is_group[$grantor] = False;
+					}
+					else
+					{
+						$accounts[$grantor] = $members;
+						$is_group[$grantor] = True;
+					}
+				}
+				if(@$is_group[$grantor])
+				{
+					// Don't allow to override private!
+					$rights &= (~ PHPGW_ACL_PRIVATE);
+				}
+				while(list($nul,$grantors) = each($accounts[$grantor]))
+				{
+					if(!isset($grants[$grantors]))
+					{
+						$grants[$grantors] = 0;
+					}
+					$grants[$grantors] |= $rights;
 				}
-				$accounts[$grantor] |= $rights;
 			}
-			return $accounts;
+			return $grants;
 		}
 	} //end of acl class
 ?>
--- a/preferences/acl_preferences.php
+++ b/preferences/acl_preferences.php
@ -18,38 +18,66 @@
 		'noappfooter'              => True
  	);

+	// header from calendar-app resets $owner
+	if(isset($owner))
+	{
+		$save_my_owner = $owner;
+	}
+
 	$phpgw_info['flags'] = $phpgw_flags;
 	include('../header.inc.php');

-	function check_acl($label,$id,$acl,$rights,$right)
+	if(isset($save_my_owner) && $phpgw_info['user']['apps']['admin'])
+	{
+		$owner = $save_my_owner;
+		unset($save_my_owner);
+	}
+	else
+	{
+		echo '<center>'.lang('You do not have permission to set ACL\'s in this mode!').'</center>';
+		$phpgw->common->phpgw_footer();
+	}
+
+	function check_acl($label,$id,$acl,$rights,$right,$is_group=False)
 	{
 		global $phpgw_info, $p;

 		$p->set_var($acl,$label.$phpgw_info['flags']['currentapp'].'['.$id.']['.$right.']');
-		if ($rights & $right)
+		if ($is_group)
 		{
-			$p->set_var($acl.'_selected',' checked');
+			// This is so you can't select it in the GUI
+			$p->set_var($acl.'_selected',' disabled');
 		}
 		else
 		{
-			$p->set_var($acl.'_selected','');
+			$p->set_var($acl.'_selected',(($rights & $right)?' checked':''));
 		}
 	}
-  

-	function display_row($bg_color,$label,$id,$name)
+	function display_row($bg_color,$label,$id,$name,$is_group)
 	{
-		global $phpgw_info, $acl, $p;
+		global $phpgw, $phpgw_info, $acl, $p;

 		$p->set_var('row_color',$bg_color);
 		$p->set_var('user',$name);
 		$rights = $acl->get_rights($id,$phpgw_info['flags']['currentapp']);
+// vv This is new
+		$grantors = $acl->get_ids_for_location($id,$rights,$phpgw_info['flags']['currentapp']);
+		$is_group_set = False;
+		while(list($key,$grantor) = each($grantors))
+		{
+			if($phpgw->accounts->get_type($grantor) == 'g')
+			{
+				$is_group_set = True;
+			}
+		}
+// ^^ This is new

-		check_acl($label,$id,'read',$rights,PHPGW_ACL_READ);
-		check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD);
-		check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT);
-		check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE);
-		check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE);
+		check_acl($label,$id,'read',$rights,PHPGW_ACL_READ,($is_group_set && ($rights & PHPGW_ACL_READ) && !$is_group?$is_group_set:False));
+		check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD,($is_group_set && ($rights & PHPGW_ACL_ADD && !$is_group)?$is_group_set:False));
+		check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT,($is_group_set && ($rights & PHPGW_ACL_EDIT && !$is_group)?$is_group_set:False));
+		check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE,($is_group_set && ($rights & PHPGW_ACL_DELETE && !$is_group)?$is_group_set:False));
+		check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE,$is_group);

 		$p->parse('row','acl_row',True);
 	}
@ -62,6 +90,11 @@
 	$acct = CreateObject('phpgwapi.accounts',$owner);
 	$groups = $acct->get_list('groups');
 	$users = $acct->get_list('accounts');
+	$owner_name = $acct->id2name($owner);		// get owner name for title
+	if($is_group = $acct->get_type($owner) == 'g')
+	{
+		$owner_name = lang('Group').' ('.$owner_name.')';
+	}
 	unset($acct);
 	$acl = CreateObject('phpgwapi.acl',intval($owner));
 	$acl->read_repository();
@ -90,6 +123,12 @@
 			{
 				$totalacl += $right;
 			}
+
+			if($is_group)
+			{
+				$totalacl &= ~PHPGW_ACL_PRIVATE;			// Don't allow group-grants to grant private
+			}
+
 			$acl->add($phpgw_info['flags']['currentapp'],$group_id,$totalacl);
 		}

@ -108,6 +147,12 @@
 			{
 				$totalacl += $right;
 			}
+
+			if($is_group)
+			{
+				$totalacl &= ~ PHPGW_ACL_PRIVATE;			// Don't allow group-grants to grant private
+			}
+
 			$acl->add($phpgw_info['flags']['currentapp'],$user_id,$totalacl);
 		}
 		$acl->save_repository();
@ -176,7 +221,7 @@

 	$var = Array(
 		'errors'			=> '',
-		'title'				=> '<p><b>'.lang($phpgw_info['flags']['currentapp'].' preferences').' - '.lang('acl').':</b><hr><p>',
+		'title'				=> '<p><b>'.lang($phpgw_info['flags']['currentapp'].' preferences').' - '.lang('acl').': '.$owner_name.'</b><hr><p>',
 		'action_url'			=> $phpgw->link('/preferences/acl_preferences.php','acl_app=' . $acl_app),
 		'bg_color'			=> $phpgw_info['theme']['th_bg'],
 		'submit_lang'			=> lang('submit'),
@ -224,7 +269,7 @@
 			if($go)
 			{
 				$tr_color = $phpgw->nextmatchs->alternate_row_color($tr_color);
-				display_row($tr_color,'g_',$group['account_id'],$group['account_lid']);
+				display_row($tr_color,'g_',$group['account_id'],$group['account_lid'],$is_group);
 				$s_groups++;
 				$processed[] = $group['account_id'];
 				$total++;
@ -264,10 +309,10 @@
 					}
 				}

-				if($go && $user['account_id'] != $phpgw_info['user']['account_id'])
-				{
+				if($go && $user['account_id'] != $owner)			// Need to be $owner not $phpgw_info['user']['account_id']
+				{				// or the admin can't get special grants from a group
 					$tr_color = $phpgw->nextmatchs->alternate_row_color($tr_color);
-					display_row($tr_color,'u_',$user['account_id'],$phpgw->common->display_fullname($user['account_lid'],$user['account_firstname'],$user['account_lastname']));
+					display_row($tr_color,'u_',$user['account_id'],$phpgw->common->display_fullname($user['account_lid'],$user['account_firstname'],$user['account_lastname']),$is_group);
 					$s_users++;
 					$processed[] = $user['account_id'];
 					$total++;