file_access_user implementation for addressbook

addressbook/inc/class.addressbook_bo.inc.php

@@ -7,7 +7,7 @@
  * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
  * @author Joerg Lehrke <jlehrke@noc.de>
  * @package addressbook
- * @copyright (c) 2005-10 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
+ * @copyright (c) 2005-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
  * @copyright (c) 2005/6 by Cornelius Weiss <egw@von-und-zu-weiss.de>
  * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
  * @version $Id$
@@ -1008,10 +1008,23 @@ class addressbook_bo extends addressbook_so
 	 * @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
 	 * @param mixed $contact contact as array or the contact-id
 	 * @param boolean $deny_account_delete=false if true never allow to delete accounts
+	 * @param int $user=null for which user to check, default current user
 	 * @return boolean true permission granted, false for permission denied, null for contact does not exist
 	 */
-	function check_perms($needed,$contact,$deny_account_delete=false)
+	function check_perms($needed,$contact,$deny_account_delete=false,$user=null)
 	{
+		if (!$user) $user = $this->user;
+		if ($user == $this->user)
+		{
+			$grants = $this->grants;
+			$memberships = $this->memberships;
+		}
+		else
+		{
+			$grants = $this->get_grants($user);
+			$memberships =  $GLOBALS['egw']->accounts->memberships($user,true);
+		}
+
 		if ((!is_array($contact) || !isset($contact['owner'])) &&
 			!($contact = parent::read(is_array($contact) ? $contact['id'] : $contact)))
 		{
@@ -1020,24 +1033,42 @@ class addressbook_bo extends addressbook_so
 		$owner = $contact['owner'];
 
 		// allow the user to edit his own account
-		if (!$owner && $needed == EGW_ACL_EDIT && $contact['account_id'] == $this->user && $this->own_account_acl)
+		if (!$owner && $needed == EGW_ACL_EDIT && $contact['account_id'] == $user && $this->own_account_acl)
 		{
-			return true;
+			$access = true;
 		}
 		// dont allow to delete own account (as admin handels it too)
-		if (!$owner && $needed == EGW_ACL_DELETE && ($deny_account_delete || $contact['account_id'] == $this->user))
+		elseif (!$owner && $needed == EGW_ACL_DELETE && ($deny_account_delete || $contact['account_id'] == $user))
 		{
-			return false;
+			$access = false;
 		}
 		// for reading accounts (owner == 0) and account_selection == groupmembers, check if current user and contact are groupmembers
-		if ($owner == 0 && $needed == EGW_ACL_READ &&
+		elseif ($owner == 0 && $needed == EGW_ACL_READ &&
 			$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers')
 		{
-			return !!array_intersect($GLOBALS['egw']->accounts->memberships($this->user,true),
-				$GLOBALS['egw']->accounts->memberships($contact['account_id'],true));
+			$access = !!array_intersect($memberships,$GLOBALS['egw']->accounts->memberships($contact['account_id'],true));
 		}
-		return ($this->grants[$owner] & $needed) &&
-			(!$contact['private'] || ($this->grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$this->memberships));
+		else
+		{
+			$access = ($grants[$owner] & $needed) &&
+				(!$contact['private'] || ($grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$memberships));
+		}
+		//error_log(__METHOD__."($needed,$contact[id],$deny_account_delete,$user) returning ".array2string($access));
+		return $access;
+	}
+
+	/**
+	 * Check access to the file store
+	 *
+	 * @param int|array $id id of entry or entry array
+	 * @param int $check EGW_ACL_READ for read and EGW_ACL_EDIT for write or delete access
+	 * @param string $rel_path=null currently not used in InfoLog
+	 * @param int $user=null for which user to check, default current user
+	 * @return boolean true if access is granted or false otherwise
+	 */
+	function file_access($id,$check,$rel_path=null,$user=null)
+	{
+		return $this->check_perms($check,$id,false,$user);
 	}
 
 	/**
@@ -1382,17 +1413,6 @@ class addressbook_bo extends addressbook_so
 
 		return $this->link_query($pattern,$options);
 	}
-	/**
-	 * Check access to the projects file store
-	 *
-	 * @param int $id id of entry
-	 * @param int $check EGW_ACL_READ for read and EGW_ACL_EDIT for write or delete access
-	 * @return boolean true if access is granted or false otherwise
-	 */
-	function file_access($id,$check,$rel_path)
-	{
-		return $this->check_perms($check,$id);
-	}
 
 	/**
 	 * returns info about contacts for calender

addressbook/inc/class.addressbook_hooks.inc.php

@@ -362,6 +362,7 @@ class addressbook_hooks
 			'add_app'    => 'link_app',
 			'add_id'     => 'link_id',
 			'add_popup'  => '870x440',
+			'file_access_user' => true,	// file_access supports 4th parameter $user
 			'file_access'=> 'addressbook.addressbook_bo.file_access',
 			'default_types' => array('n' => array('name' => 'contact', 'options' => array('icon' => 'navbar.png','template' => 'addressbook.edit'))),
 			// registers an addtional type 'addressbook-email', returning only contacts with email, title has email appended

addressbook/inc/class.addressbook_so.inc.php

@@ -6,7 +6,7 @@
  * @author Cornelius Weiss <egw-AT-von-und-zu-weiss.de>
  * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
  * @package addressbook
- * @copyright (c) 2005-10 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
+ * @copyright (c) 2005-11 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
  * @copyright (c) 2005/6 by Cornelius Weiss <egw@von-und-zu-weiss.de>
  * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
  * @version $Id$
@@ -233,15 +233,6 @@ class addressbook_so
 			$this->contact_repository = 'ldap';
 			$this->somain = new addressbook_ldap();
 
-			if ($this->user)	// not set eg. in setup
-			{
-				// static grants from ldap: all rights for the own personal addressbook and the group ones of the meberships
-				$this->grants = array($this->user => ~0);
-				foreach($this->memberships as $gid)
-				{
-					$this->grants[$gid] = ~0;
-				}
-			}
 			$this->columns_to_search = $this->ldap_search_attributes;
 		}
 		else	// sql or sql->ldap
@@ -252,15 +243,13 @@ class addressbook_so
 			}
 			$this->somain = new addressbook_sql($db);
 
-			if ($this->user)	// not set eg. in setup
-			{
-				// group grants are now grants for the group addressbook and NOT grants for all its members,
-				// therefor the param false!
-				$this->grants = $GLOBALS['egw']->acl->get_grants($contact_app,false);
-			}
 			// remove some columns, absolutly not necessary to search in sql
 			$this->columns_to_search = array_diff(array_values($this->somain->db_cols),$this->sql_cols_not_to_search);
 		}
+		if ($this->user)
+		{
+			$this->grants = $this->get_grants($this->user);
+		}
 		if ($this->account_repository == 'ldap' && $this->contact_repository == 'sql')
 		{
 			if ($this->account_repository != $this->contact_repository)
@@ -338,6 +327,40 @@ class addressbook_so
 		}
 	}
 
+	/**
+	 * Get grants for a given user, taking into account static LDAP ACL
+	 *
+	 * @param int $user
+	 * @return array
+	 */
+	function get_grants($user)
+	{
+		if ($user)
+		{
+			// contacts backend (contacts in LDAP require accounts in LDAP!)
+			if($GLOBALS['egw_info']['server']['contact_repository'] == 'ldap' && $this->account_repository == 'ldap')
+			{
+				// static grants from ldap: all rights for the own personal addressbook and the group ones of the meberships
+				$grants = array($user => ~0);
+				foreach($GLOBALS['egw']->accounts->memberships($user,true) as $gid)
+				{
+					$grants[$gid] = ~0;
+				}
+			}
+			else	// sql or sql->ldap
+			{
+				// group grants are now grants for the group addressbook and NOT grants for all its members,
+				// therefor the param false!
+				$grants = $GLOBALS['egw']->acl->get_grants($contact_app,false,$user);
+			}
+		}
+		else
+		{
+			$grants = array();
+		}
+		return $grants;
+	}
+
 	/**
 	 * Check if the user is an admin (can unconditionally edit accounts)
 	 *