extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-21 15:33:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

allow to use "/timesheet/?filters[owner]=0" to query all timesheets the current user has access too

Browse Source
This commit is contained in:
ralf 2024-02-06 12:52:02 +02:00
parent 764b7e7e07
commit 59619f83a9
3 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
api/src/CalDAV.php
View File

@ -1165,6 +1165,7 @@ class CalDAV extends HTTP_WebDAV_Server
'data' => self::mkprop(self::CALDAV, 'data', '')
]),
'other' => [],
'root' => ['name' => null],
);
// sync-collection report via GET parameter sync-token

11
timesheet/inc/class.timesheet_bo.inc.php
View File

@ -454,15 +454,16 @@ class timesheet_bo extends Api\Storage
{
$extra_cols[] = $total_sql.' AS ts_total';
}
if (!isset($filter['ts_owner']) || !count((array)$filter['ts_owner']))
{
$filter['ts_owner'] = array_keys($this->grants);
}
// $filter['ts_owner'] === false --> no ACL checks
elseif ($filter['ts_owner'] === false)
if (isset($filter['ts_owner']) && $filter['ts_owner'] === false)
{
$filter['ts_owner'] = '';
}
// empty --> all the user has access too
elseif (empty($filter['ts_owner']))
{
$filter['ts_owner'] = array_keys($this->grants);
}
else
{
if(!is_array($filter['ts_owner']))

2
timesheet/src/ApiHandler.php
View File

@ -349,7 +349,7 @@ class ApiHandler extends Api\CalDAV\Handler
// in case of JSON/REST API pass filters to report
if (Api\CalDAV::isJSON() && !empty($options['filters']) && is_array($options['filters']))
{
$filters += $this->filter2col_filter($options['filters']); // using += to not allow overwriting existing filters
$filters = $this->filter2col_filter($options['filters']) + $filters; // + to allow overwriting default owner filter (BO ensures ACL!)
}
elseif (!empty($options['filters']))
{