mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-26 09:53:20 +01:00
Applying a patch from ralfbecker. This gives the admin the ability to grant ACL rights at the group level.
This commit is contained in:
parent
8895d619f5
commit
4546f7aaa1
@ -14,10 +14,32 @@
|
||||
$phpgw_info = array();
|
||||
if ($submit)
|
||||
{
|
||||
$phpgw_info["flags"] = array("noheader" => True, "nonavbar" => True);
|
||||
$phpgw_flags = Array(
|
||||
'currentapp' => 'admin',
|
||||
'enable_nextmatchs_class' => True,
|
||||
'noheader' => True,
|
||||
'nonavbar' => True
|
||||
);
|
||||
}
|
||||
$phpgw_info["flags"]["currentapp"] = "admin";
|
||||
include("../header.inc.php");
|
||||
else
|
||||
{
|
||||
$phpgw_flags = Array(
|
||||
'currentapp' => 'admin',
|
||||
'enable_nextmatchs_class' => True
|
||||
);
|
||||
}
|
||||
$phpgw_info['flags'] = $phpgw_flags;
|
||||
include('../header.inc.php');
|
||||
|
||||
$apps_with_acl = Array(
|
||||
'addressbook' => True,
|
||||
'todo' => True,
|
||||
'calendar' => True,
|
||||
'notes' => True,
|
||||
'projects' => True,
|
||||
'phonelog' => True,
|
||||
'infolog' => True
|
||||
);
|
||||
|
||||
function is_odd($n)
|
||||
{
|
||||
@ -34,7 +56,7 @@
|
||||
|
||||
if (! $group_id)
|
||||
{
|
||||
Header("Location: " . $phpgw->link("/admin/groups.php"));
|
||||
Header('Location: ' . $phpgw->link('/admin/groups.php'));
|
||||
}
|
||||
|
||||
if ($submit)
|
||||
@ -47,7 +69,7 @@
|
||||
{
|
||||
if ($group->exists($n_group))
|
||||
{
|
||||
$error = lang("Sorry, that group name has already been taken.");
|
||||
$error = lang('Sorry, that group name has already been taken.');
|
||||
}
|
||||
}
|
||||
|
||||
@ -229,11 +251,11 @@
|
||||
. '</option>'."\n";
|
||||
}
|
||||
$p->set_var('user_list',$user_list);
|
||||
$p->set_var("lang_permissions",lang("Permissions this group has"));
|
||||
$p->set_var('lang_permissions',lang('Permissions this group has'));
|
||||
|
||||
$i = 0;
|
||||
reset($phpgw_info["apps"]);
|
||||
$sorted_apps = $phpgw_info["apps"];
|
||||
reset($phpgw_info['apps']);
|
||||
$sorted_apps = $phpgw_info['apps'];
|
||||
@asort($sorted_apps);
|
||||
@reset($sorted_apps);
|
||||
while ($permission = each($sorted_apps))
|
||||
@ -246,35 +268,41 @@
|
||||
}
|
||||
}
|
||||
|
||||
$perm_html = "";
|
||||
for ($i=0;$i<200;)
|
||||
{ // The $i<200 is only used for a brake
|
||||
if (! $perm_display[$i][1]) break;
|
||||
$perm_html .= '<tr bgcolor="'.$phpgw_info["theme"]["row_on"].'"><td>' . lang($perm_display[$i][1]) . '</td>'
|
||||
. '<td><input type="checkbox" name="n_group_permissions['
|
||||
$perm_html = '';
|
||||
$tr_color = $phpgw_info['theme']['row_off'];
|
||||
for ($i=0;$perm_display[$i][1];$i++)
|
||||
{
|
||||
$app = $perm_display[$i][0];
|
||||
if(!($i & 1))
|
||||
{
|
||||
$tr_color = $phpgw->nextmatchs->alternate_row_color();
|
||||
$perm_html .= '<tr bgcolor="'.$tr_color.'">';
|
||||
}
|
||||
$perm_html .= '<td width="40%">' . lang($perm_display[$i][1]) . '</td>'
|
||||
. '<td width="5%"><input type="checkbox" name="n_group_permissions['
|
||||
. $perm_display[$i][0] . ']" value="True"';
|
||||
if ($n_group_permissions[$perm_display[$i][0]] || $db_perms[$perm_display[$i][0]])
|
||||
if ($n_group_permissions[$app] || $db_perms[$app])
|
||||
{
|
||||
$perm_html .= " checked";
|
||||
$perm_html .= ' checked';
|
||||
}
|
||||
$perm_html .= "></td>";
|
||||
$i++;
|
||||
|
||||
if ($i == count($perm_display) && is_odd(count($perm_display)))
|
||||
$perm_html .= '></td><td width="5%">';
|
||||
if($apps_with_acl[$app])
|
||||
{
|
||||
$perm_html .= '<td colspan="2"> </td></tr>';
|
||||
$perm_html .= '<a href="'.$phpgw->link('/preferences/acl_preferences.php','acl_app='.$app.'&owner='.$group_id).'" target="_blank"><img src="'.$phpgw->common->image('admin','dot.gif').'" border="0" hspace="3" align="absmiddle" alt="'.lang('Grant Access').'"></a>';
|
||||
}
|
||||
|
||||
if (! $perm_display[$i][1]) break;
|
||||
$perm_html .= '<td>' . lang($perm_display[$i][1]) . '</td>'
|
||||
. '<td><input type="checkbox" name="n_group_permissions['
|
||||
. $perm_display[$i][0] . ']" value="True"';
|
||||
if ($n_group_permissions[$perm_display[$i][0]] || $db_perms[$perm_display[$i][0]])
|
||||
else
|
||||
{
|
||||
$perm_html .= " checked";
|
||||
$perm_html .= ' ';
|
||||
}
|
||||
$perm_html .= "></td></tr>\n";
|
||||
$i++;
|
||||
$perm_html .= '</td>';
|
||||
if($i & 1)
|
||||
{
|
||||
$perm_html .= '</tr>';
|
||||
}
|
||||
}
|
||||
if($i & 1)
|
||||
{
|
||||
$perm_html .= '<td colspan="4"> </td></tr>';
|
||||
}
|
||||
|
||||
$p->set_var("permissions_list",$perm_html);
|
||||
|
BIN
admin/templates/default/images/dot.gif
Executable file
BIN
admin/templates/default/images/dot.gif
Executable file
Binary file not shown.
After Width: | Height: | Size: 215 B |
@ -81,12 +81,12 @@
|
||||
{
|
||||
global $phpgw, $phpgw_info;
|
||||
$sql = 'select * from phpgw_acl where (acl_account in ('.$this->account_id.', 0';
|
||||
// $equalto = $phpgw->accounts->security_equals($this->account_id);
|
||||
// if (is_array($equalto) && count($equalto) > 0){
|
||||
// for ($idx = 0; $idx < count($equalto); ++$idx){
|
||||
// $sql .= ",".$equalto[$idx][0];
|
||||
// }
|
||||
// }
|
||||
|
||||
$groups = $this->get_location_list_for_id('phpgw_group', 1, $this->account_id);
|
||||
while($groups && list($key,$value) = each($groups))
|
||||
{
|
||||
$sql .= ','.$value;
|
||||
}
|
||||
$sql .= '))';
|
||||
$this->db->query($sql ,__LINE__,__FILE__);
|
||||
$count = $this->db->num_rows();
|
||||
@ -565,9 +565,10 @@
|
||||
|
||||
$sql = "select acl_account, acl_rights from phpgw_acl where acl_appname = '$app' and "
|
||||
. "acl_location in ";
|
||||
$security = "('". $phpgw_info['user']['account_id'] ."'";
|
||||
// $security = "('". $phpgw_info['user']['account_id'] ."'";
|
||||
$security = "('". $this->account_id ."'";
|
||||
$myaccounts = CreateObject('phpgwapi.accounts');
|
||||
$my_memberships = $myaccounts->memberships();
|
||||
$my_memberships = $myaccounts->memberships($this->account_id);
|
||||
@reset($my_memberships);
|
||||
while($my_memberships && list($key,$group) = each($my_memberships))
|
||||
{
|
||||
@ -589,12 +590,36 @@
|
||||
// }
|
||||
|
||||
if(!isset($accounts[$grantor]))
|
||||
// cache the group-members for performance
|
||||
{
|
||||
$accounts[$grantor] = 0;
|
||||
// if $grantor is a group, get its members
|
||||
$members = $this->get_ids_for_location($grantor,1,'phpgw_group');
|
||||
if(!$members)
|
||||
{
|
||||
$accounts[$grantor] = Array($grantor);
|
||||
$is_group[$grantor] = False;
|
||||
}
|
||||
else
|
||||
{
|
||||
$accounts[$grantor] = $members;
|
||||
$is_group[$grantor] = True;
|
||||
}
|
||||
}
|
||||
if(@$is_group[$grantor])
|
||||
{
|
||||
// Don't allow to override private!
|
||||
$rights &= (~ PHPGW_ACL_PRIVATE);
|
||||
}
|
||||
while(list($nul,$grantors) = each($accounts[$grantor]))
|
||||
{
|
||||
if(!isset($grants[$grantors]))
|
||||
{
|
||||
$grants[$grantors] = 0;
|
||||
}
|
||||
$grants[$grantors] |= $rights;
|
||||
}
|
||||
$accounts[$grantor] |= $rights;
|
||||
}
|
||||
return $accounts;
|
||||
return $grants;
|
||||
}
|
||||
} //end of acl class
|
||||
?>
|
||||
|
@ -18,38 +18,66 @@
|
||||
'noappfooter' => True
|
||||
);
|
||||
|
||||
// header from calendar-app resets $owner
|
||||
if(isset($owner))
|
||||
{
|
||||
$save_my_owner = $owner;
|
||||
}
|
||||
|
||||
$phpgw_info['flags'] = $phpgw_flags;
|
||||
include('../header.inc.php');
|
||||
|
||||
function check_acl($label,$id,$acl,$rights,$right)
|
||||
if(isset($save_my_owner) && $phpgw_info['user']['apps']['admin'])
|
||||
{
|
||||
$owner = $save_my_owner;
|
||||
unset($save_my_owner);
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<center>'.lang('You do not have permission to set ACL\'s in this mode!').'</center>';
|
||||
$phpgw->common->phpgw_footer();
|
||||
}
|
||||
|
||||
function check_acl($label,$id,$acl,$rights,$right,$is_group=False)
|
||||
{
|
||||
global $phpgw_info, $p;
|
||||
|
||||
$p->set_var($acl,$label.$phpgw_info['flags']['currentapp'].'['.$id.']['.$right.']');
|
||||
if ($rights & $right)
|
||||
if ($is_group)
|
||||
{
|
||||
$p->set_var($acl.'_selected',' checked');
|
||||
// This is so you can't select it in the GUI
|
||||
$p->set_var($acl.'_selected',' disabled');
|
||||
}
|
||||
else
|
||||
{
|
||||
$p->set_var($acl.'_selected','');
|
||||
$p->set_var($acl.'_selected',(($rights & $right)?' checked':''));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function display_row($bg_color,$label,$id,$name)
|
||||
function display_row($bg_color,$label,$id,$name,$is_group)
|
||||
{
|
||||
global $phpgw_info, $acl, $p;
|
||||
global $phpgw, $phpgw_info, $acl, $p;
|
||||
|
||||
$p->set_var('row_color',$bg_color);
|
||||
$p->set_var('user',$name);
|
||||
$rights = $acl->get_rights($id,$phpgw_info['flags']['currentapp']);
|
||||
// vv This is new
|
||||
$grantors = $acl->get_ids_for_location($id,$rights,$phpgw_info['flags']['currentapp']);
|
||||
$is_group_set = False;
|
||||
while(list($key,$grantor) = each($grantors))
|
||||
{
|
||||
if($phpgw->accounts->get_type($grantor) == 'g')
|
||||
{
|
||||
$is_group_set = True;
|
||||
}
|
||||
}
|
||||
// ^^ This is new
|
||||
|
||||
check_acl($label,$id,'read',$rights,PHPGW_ACL_READ);
|
||||
check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD);
|
||||
check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT);
|
||||
check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE);
|
||||
check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE);
|
||||
check_acl($label,$id,'read',$rights,PHPGW_ACL_READ,($is_group_set && ($rights & PHPGW_ACL_READ) && !$is_group?$is_group_set:False));
|
||||
check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD,($is_group_set && ($rights & PHPGW_ACL_ADD && !$is_group)?$is_group_set:False));
|
||||
check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT,($is_group_set && ($rights & PHPGW_ACL_EDIT && !$is_group)?$is_group_set:False));
|
||||
check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE,($is_group_set && ($rights & PHPGW_ACL_DELETE && !$is_group)?$is_group_set:False));
|
||||
check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE,$is_group);
|
||||
|
||||
$p->parse('row','acl_row',True);
|
||||
}
|
||||
@ -62,6 +90,11 @@
|
||||
$acct = CreateObject('phpgwapi.accounts',$owner);
|
||||
$groups = $acct->get_list('groups');
|
||||
$users = $acct->get_list('accounts');
|
||||
$owner_name = $acct->id2name($owner); // get owner name for title
|
||||
if($is_group = $acct->get_type($owner) == 'g')
|
||||
{
|
||||
$owner_name = lang('Group').' ('.$owner_name.')';
|
||||
}
|
||||
unset($acct);
|
||||
$acl = CreateObject('phpgwapi.acl',intval($owner));
|
||||
$acl->read_repository();
|
||||
@ -90,6 +123,12 @@
|
||||
{
|
||||
$totalacl += $right;
|
||||
}
|
||||
|
||||
if($is_group)
|
||||
{
|
||||
$totalacl &= ~PHPGW_ACL_PRIVATE; // Don't allow group-grants to grant private
|
||||
}
|
||||
|
||||
$acl->add($phpgw_info['flags']['currentapp'],$group_id,$totalacl);
|
||||
}
|
||||
|
||||
@ -108,6 +147,12 @@
|
||||
{
|
||||
$totalacl += $right;
|
||||
}
|
||||
|
||||
if($is_group)
|
||||
{
|
||||
$totalacl &= ~ PHPGW_ACL_PRIVATE; // Don't allow group-grants to grant private
|
||||
}
|
||||
|
||||
$acl->add($phpgw_info['flags']['currentapp'],$user_id,$totalacl);
|
||||
}
|
||||
$acl->save_repository();
|
||||
@ -176,7 +221,7 @@
|
||||
|
||||
$var = Array(
|
||||
'errors' => '',
|
||||
'title' => '<p><b>'.lang($phpgw_info['flags']['currentapp'].' preferences').' - '.lang('acl').':</b><hr><p>',
|
||||
'title' => '<p><b>'.lang($phpgw_info['flags']['currentapp'].' preferences').' - '.lang('acl').': '.$owner_name.'</b><hr><p>',
|
||||
'action_url' => $phpgw->link('/preferences/acl_preferences.php','acl_app=' . $acl_app),
|
||||
'bg_color' => $phpgw_info['theme']['th_bg'],
|
||||
'submit_lang' => lang('submit'),
|
||||
@ -224,7 +269,7 @@
|
||||
if($go)
|
||||
{
|
||||
$tr_color = $phpgw->nextmatchs->alternate_row_color($tr_color);
|
||||
display_row($tr_color,'g_',$group['account_id'],$group['account_lid']);
|
||||
display_row($tr_color,'g_',$group['account_id'],$group['account_lid'],$is_group);
|
||||
$s_groups++;
|
||||
$processed[] = $group['account_id'];
|
||||
$total++;
|
||||
@ -264,10 +309,10 @@
|
||||
}
|
||||
}
|
||||
|
||||
if($go && $user['account_id'] != $phpgw_info['user']['account_id'])
|
||||
{
|
||||
if($go && $user['account_id'] != $owner) // Need to be $owner not $phpgw_info['user']['account_id']
|
||||
{ // or the admin can't get special grants from a group
|
||||
$tr_color = $phpgw->nextmatchs->alternate_row_color($tr_color);
|
||||
display_row($tr_color,'u_',$user['account_id'],$phpgw->common->display_fullname($user['account_lid'],$user['account_firstname'],$user['account_lastname']));
|
||||
display_row($tr_color,'u_',$user['account_id'],$phpgw->common->display_fullname($user['account_lid'],$user['account_firstname'],$user['account_lastname']),$is_group);
|
||||
$s_users++;
|
||||
$processed[] = $user['account_id'];
|
||||
$total++;
|
||||
|
Loading…
Reference in New Issue
Block a user