extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-23 08:23:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed admins not having access to all accounts, if account_selection was none or groupmembers, from which admins are explicitly excepted

Browse Source
This commit is contained in:
Ralf Becker 2011-10-03 13:40:41 +00:00
parent 175197d7c0
commit 60ba2b9628
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
phpgwapi/inc/class.groupdav_principals.inc.php
View File

@ -497,7 +497,8 @@ class groupdav_principals extends groupdav_handler
if ($options['depth'])
{
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none')
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
!isset($GLOBALS['egw_info']['user']['apps']['admin']))
{
$files[] = $this->add_account($this->accounts->read($GLOBALS['egw_info']['user']['account_id']));
}
@ -515,13 +516,14 @@ class groupdav_principals extends groupdav_handler
{
if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
!($account = $this->accounts->read($id)) ||
!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
// do NOT allow other user, if account-selection is none
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
$name != $GLOBALS['egw_info']['user']['account_lid'] ||
// only allow group-members for account-selection is groupmembers
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
!array_intersect($this->accounts->memberships($account['account_id'],true),
$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true)))
$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
{
return '404 Not Found';
}