extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-23 16:33:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

* CardDAV: fixed wrong privileges for accounts addressbook, causing clients to report it read-only even for admins

Browse Source
This commit is contained in:
Ralf Becker 2013-01-22 08:39:42 +00:00
parent b76d0b44fc
commit 637bc916af
4 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
addressbook/inc/class.addressbook_groupdav.inc.php
View File

@ -964,6 +964,18 @@ disabled for epl-11.1
return $this->bo->check_perms($acl,$contact); return $this->bo->check_perms($acl,$contact);
} }
/**
* Get grants of current user and app
*
* Reimplemented to account for static LDAP ACL and accounts (owner=0)
*
* @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
*/
public function get_grants()
{
return $this->bo->get_grants($this->bo->user);
}
/** /**
* Return calendars/addressbooks shared from other users with the current one * Return calendars/addressbooks shared from other users with the current one
* *

4
addressbook/inc/class.addressbook_so.inc.php
View File

@ -354,11 +354,15 @@ class addressbook_so
// therefor the param false! // therefor the param false!
$grants = $GLOBALS['egw']->acl->get_grants($contact_app,false,$user); $grants = $GLOBALS['egw']->acl->get_grants($contact_app,false,$user);
} }
// grants for accounts: everyone read, admins edit, no-one add or delete (only via admin app!)
$grants[0] = EGW_ACL_READ;
if ($this->is_admin()) $grants[0] |= EGW_ACL_EDIT;
} }
else else
{ {
$grants = array(); $grants = array();
} }
//error_log(__METHOD__."($user, '$contact_app') returning ".array2string($grants));
return $grants; return $grants;
} }

2
phpgwapi/inc/class.groupdav.inc.php
View File

@ -912,7 +912,7 @@ class groupdav extends HTTP_WebDAV_Server
$props['sync-token'] = $handler->get_sync_token($path,$user); $props['sync-token'] = $handler->get_sync_token($path,$user);
} }
} }
if ($handler && $user) if ($handler && !is_null($user))
{ {
return $this->add_collection($path, $props, $handler->current_user_privileges($path, $user)); return $this->add_collection($path, $props, $handler->current_user_privileges($path, $user));
} }

21
phpgwapi/inc/class.groupdav_handler.inc.php
View File

@ -416,6 +416,16 @@ abstract class groupdav_handler
return $agent; return $agent;
} }
/**
* Get grants of current user and app
*
* @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
*/
public function get_grants()
{
return $this->acl->get_grants($this->app, $this->app != 'addressbook');
}
/** /**
* Return priviledges for current user, default is read and read-current-user-privilege-set * Return priviledges for current user, default is read and read-current-user-privilege-set
* *
@ -430,30 +440,31 @@ abstract class groupdav_handler
static $grants; static $grants;
if (is_null($grants)) if (is_null($grants))
{ {
$grants = $this->acl->get_grants($this->app, $this->app != 'addressbook'); $grants = $this->get_grants();
} }
$priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set'); $priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set');
if (!$user || $grants[$user] & EGW_ACL_READ) if (is_null($user) || $grants[$user] & EGW_ACL_READ)
{ {
$priviledes['read'] = 'read'; $priviledes['read'] = 'read';
// allows on all calendars/addressbooks to write properties, as we store them on a per-user basis // allows on all calendars/addressbooks to write properties, as we store them on a per-user basis
// and only allow to modify explicit named properties in CalDAV, CardDAV or Calendarserver name-space // and only allow to modify explicit named properties in CalDAV, CardDAV or Calendarserver name-space
$priviledes['write-properties'] = 'write-properties'; $priviledes['write-properties'] = 'write-properties';
} }
if (!$user || $grants[$user] & EGW_ACL_ADD) if (is_null($user) || $grants[$user] & EGW_ACL_ADD)
{ {
$priviledes['bind'] = 'bind'; // PUT for new resources $priviledes['bind'] = 'bind'; // PUT for new resources
} }
if (!$user || $grants[$user] & EGW_ACL_EDIT) if (is_null($user) || $grants[$user] & EGW_ACL_EDIT)
{ {
$priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events $priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events
} }
if (!$user || $grants[$user] & EGW_ACL_DELETE) if (is_null($user) || $grants[$user] & EGW_ACL_DELETE)
{ {
$priviledes['unbind'] = 'unbind'; // DELETE $priviledes['unbind'] = 'unbind'; // DELETE
} }
// copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH // copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH
//error_log(__METHOD__."('$path', ".array2string($user).') returning '.array2string($priviledes).' '.function_backtrace());
return $priviledes; return $priviledes;
} }