extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-27 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

new $enum_group_acl parameter for acl::get_grants: should group acls be returned for all members of that group, default yes

Browse Source
This commit is contained in:
Ralf Becker 2006-04-23 14:46:38 +00:00
parent 2a909066da
commit 6922784f83
1 changed files with 33 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
phpgwapi/inc/class.acl.inc.php
View File

@ -696,10 +696,11 @@
/** /**
* Read the grants other users gave $this->account_id for $app, group ACL is taken into account * Read the grants other users gave $this->account_id for $app, group ACL is taken into account
* *
* @param string $app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']; * @param string $app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']
* @param boolean $enum_group_acls=true should group acls be returned for all members of that group, default yes
* @return array with account-ids (of owners) and granted rights as values * @return array with account-ids (of owners) and granted rights as values
*/ */
function get_grants($app='') function get_grants($app='',$enum_group_acls=true)
{ {
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp']; if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
@ -709,7 +710,7 @@
$memberships[] = $group['account_id']; $memberships[] = $group['account_id'];
} }
$db2 = clone($this->db); $db2 = clone($this->db);
$db2->select($this->table_name,array('acl_account','acl_rights'),array( $db2->select($this->table_name,array('acl_account','acl_rights','acl_location'),array(
'acl_appname' => $app, 'acl_appname' => $app,
'acl_location' => $memberships, 'acl_location' => $memberships,
),__LINE__,__FILE__); ),__LINE__,__FILE__);
@ -719,48 +720,39 @@
{ {
$grantor = $db2->f('acl_account'); $grantor = $db2->f('acl_account');
$rights = $db2->f('acl_rights'); $rights = $db2->f('acl_rights');
$granted_to = (int) $db2->f('acl_location');
if(!isset($accounts[$grantor]))
// cache the group-members for performance
{
// if $grantor is a group, get its members
$members = $this->get_ids_for_location($grantor,1,'phpgw_group');
if(!$members)
{
$accounts[$grantor] = Array($grantor);
$is_group[$grantor] = False;
}
else
{
$accounts[$grantor] = $members;
$is_group[$grantor] = True;
}
}
if(@$is_group[$grantor])
{
// Don't allow to override private!
$rights &= (~ EGW_ACL_PRIVATE);
if(!isset($grants[$grantor])) if(!isset($grants[$grantor]))
{ {
$grants[$grantor] = 0; $grants[$grantor] = 0;
} }
$grants[$grantor] |= $rights; $grants[$grantor] |= $rights;
if(!!($rights & EGW_ACL_READ))
// if the right is granted to a group and we enummerated group ACL's
if ($granted_to != $this->account_id && $enum_group_acls)
{ {
$grants[$grantor] |= EGW_ACL_READ; // return the grant for each member of the group
} foreach((array)$GLOBALS['egw']->accounts->member($grantor) as $member)
}
foreach($accounts[$grantor] as $grantors)
{ {
if(!isset($grants[$grantors])) if (!$member) continue; // can happen if group has no members
// Don't allow to override private with group ACL's!
$rights &= ~EGW_ACL_PRIVATE;
$grantor = $member['account_id'];
if(!isset($grants[$grantor]))
{ {
$grants[$grantors] = 0; $grants[$grantor] = 0;
} }
$grants[$grantors] |= $rights; $grants[$grantor] |= $rights;
} }
} }
}
// user has implizit all rights on own data
$grants[$GLOBALS['egw_info']['user']['account_id']] = ~0; $grants[$GLOBALS['egw_info']['user']['account_id']] = ~0;
//echo "acl::get_grants('$app',$enum_group_acls) ".function_backtrace(); _debug_array($grants);
return $grants; return $grants;
} }