extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-18 11:21:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix acl calls, especially not giving run perms to non-admins

Browse Source
This commit is contained in:
Miles Lott 2001-03-01 16:10:16 +00:00
parent 1dba072d6c
commit 542bb68597
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
setup/ldap.php
View File

@ -63,7 +63,7 @@
} }
$phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and " $phpgw_setup->db->query("select app_name,app_title from phpgw_applications where app_enabled != '0' and "
. "app_name != 'admin'",__LINE__,__FILE__); . "app_name != 'administration'",__LINE__,__FILE__);
while ($phpgw_setup->db->next_record()) { while ($phpgw_setup->db->next_record()) {
$apps[$phpgw_setup->db->f("app_name")] = $phpgw_setup->db->f("app_title"); $apps[$phpgw_setup->db->f("app_name")] = $phpgw_setup->db->f("app_title");
} }
@ -84,27 +84,31 @@
@reset($s_apps); @reset($s_apps);
while ($app = each($s_apps)) { while ($app = each($s_apps)) {
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='".$app[1]."' AND acl_location='run' AND acl_account=" $sql = "DELETE FROM phpgw_acl WHERE acl_appname='".$app[1]."' AND acl_location='run' AND acl_account="
. $account[1]["account_id"]." AND acl_account_type='u'"; . $account[1]["account_id"];
$phpgw_setup->db->query($sql ,__LINE__,__FILE__); $phpgw_setup->db->query($sql ,__LINE__,__FILE__);
$sql = "insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)" $sql = "insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
. " values('".$app[1]."','run',".$account[1]["account_id"].",'u',1)"; . " values('".$app[1]."','run',".$account[1]["account_id"].",1)";
$phpgw_setup->db->query($sql ,__LINE__,__FILE__); $phpgw_setup->db->query($sql ,__LINE__,__FILE__);
} }
$sql = "DELETE FROM phpgw_acl WHERE acl_appname='admin' AND acl_location='run' AND acl_account=" $sql = "DELETE FROM phpgw_acl WHERE acl_appname='admin' AND acl_location='run' AND acl_account="
. $account[1]["account_id"]." AND acl_account_type='u'"; . $account[1]["account_id"];
$phpgw_setup->db->query($sql ,__LINE__,__FILE__); $phpgw_setup->db->query($sql ,__LINE__,__FILE__);
$sql = "insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_account_type, acl_rights)" for ($a=0;$a<count($admins);$a++) {
. " values('admin','run',".$account[1]["account_id"].",'u',1)"; if ($admins[$a] == $account[1]["account_id"]) {
$sql = "insert into phpgw_acl (acl_appname, acl_location, acl_account, acl_rights)"
. " values('admin','run',".$account[1]["account_id"].",1)";
$phpgw_setup->db->query($sql ,__LINE__,__FILE__); $phpgw_setup->db->query($sql ,__LINE__,__FILE__);
}
}
$phpgw_setup->db->query("SELECT account_id FROM phpgw_accounts WHERE account_id=" . $account[1]["account_id"] $phpgw_setup->db->query("SELECT account_id FROM phpgw_accounts WHERE account_id=" . $account[1]["account_id"]
. " AND account_lid='" . $account[1]["account_lid"] . "'"); . " AND account_lid='" . $account[1]["account_lid"] . "'");
if(!$phpgw_setup->db->num_rows() && $account[1]["account_lid"]) { if(!$phpgw_setup->db->num_rows() && $account[1]["account_lid"]) {
$phpgw_setup->db->query("insert into phpgw_accounts (account_id,account_lid,account_pwd," $phpgw_setup->db->query("insert into phpgw_accounts (account_id,account_lid,account_pwd,account_type,"
. "account_groups,account_status,account_lastpwd_change) values (" . $account[1]["account_id"] . ",'" . "account_status,account_lastpwd_change) values (" . $account[1]["account_id"] . ",'"
. $account[1]["account_lid"] . "','x',',1:0,','A',".time().")",__LINE__,__FILE__); . $account[1]["account_lid"] . "','x','u','A',".time().")",__LINE__,__FILE__);
} }
} }
$setup_complete = True; $setup_complete = True;