mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 14:41:29 +01:00
allow to use "/timesheet/?filters[owner]=0" to query all timesheets the current user has access too
This commit is contained in:
parent
764b7e7e07
commit
59619f83a9
@ -1165,6 +1165,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
'data' => self::mkprop(self::CALDAV, 'data', '')
|
||||
]),
|
||||
'other' => [],
|
||||
'root' => ['name' => null],
|
||||
);
|
||||
|
||||
// sync-collection report via GET parameter sync-token
|
||||
|
@ -454,15 +454,16 @@ class timesheet_bo extends Api\Storage
|
||||
{
|
||||
$extra_cols[] = $total_sql.' AS ts_total';
|
||||
}
|
||||
if (!isset($filter['ts_owner']) || !count((array)$filter['ts_owner']))
|
||||
{
|
||||
$filter['ts_owner'] = array_keys($this->grants);
|
||||
}
|
||||
// $filter['ts_owner'] === false --> no ACL checks
|
||||
elseif ($filter['ts_owner'] === false)
|
||||
if (isset($filter['ts_owner']) && $filter['ts_owner'] === false)
|
||||
{
|
||||
$filter['ts_owner'] = '';
|
||||
}
|
||||
// empty --> all the user has access too
|
||||
elseif (empty($filter['ts_owner']))
|
||||
{
|
||||
$filter['ts_owner'] = array_keys($this->grants);
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!is_array($filter['ts_owner']))
|
||||
|
@ -349,7 +349,7 @@ class ApiHandler extends Api\CalDAV\Handler
|
||||
// in case of JSON/REST API pass filters to report
|
||||
if (Api\CalDAV::isJSON() && !empty($options['filters']) && is_array($options['filters']))
|
||||
{
|
||||
$filters += $this->filter2col_filter($options['filters']); // using += to not allow overwriting existing filters
|
||||
$filters = $this->filter2col_filter($options['filters']) + $filters; // + to allow overwriting default owner filter (BO ensures ACL!)
|
||||
}
|
||||
elseif (!empty($options['filters']))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user