extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-09 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix prevent deleting of accounts via SyncML and to read private flag from the DB if missing

Browse Source
This commit is contained in:
Ralf Becker 2007-10-11 06:24:57 +00:00
parent 628f9e1e0b
commit 74c9b0ccb7
2 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
addressbook/inc/class.bocontacts.inc.php
View File

@ -392,9 +392,10 @@ class bocontacts extends socontacts
* deletes contact in db * deletes contact in db
* *
* @param mixed &$contact contact array with key id or (array of) id(s) * @param mixed &$contact contact array with key id or (array of) id(s)
* @param boolean $deny_account_delete=true if true never allow to delete accounts
* @return boolean true on success or false on failiure * @return boolean true on success or false on failiure
*/ */
function delete($contact) function delete($contact,$deny_account_delete=true)
{ {
if (is_array($contact) && isset($contact['id'])) if (is_array($contact) && isset($contact['id']))
{ {
@ -413,7 +414,7 @@ class bocontacts extends socontacts
{ {
$id = is_array($c) ? $c['id'] : $c; $id = is_array($c) ? $c['id'] : $c;
if ($this->check_perms(EGW_ACL_DELETE,$c) && parent::delete($id)) if ($this->check_perms(EGW_ACL_DELETE,$c,$deny_account_delete) && parent::delete($id))
{ {
$GLOBALS['egw']->link->unlink(0,'addressbook',$id); $GLOBALS['egw']->link->unlink(0,'addressbook',$id);
$GLOBALS['egw']->contenthistory->updateTimeStamp('contacts', $id, 'delete', time()); $GLOBALS['egw']->contenthistory->updateTimeStamp('contacts', $id, 'delete', time());
@ -438,11 +439,14 @@ class bocontacts extends socontacts
// remember if we add or update a entry // remember if we add or update a entry
if (($isUpdate = $contact['id'])) if (($isUpdate = $contact['id']))
{ {
if (!isset($contact['owner'])) // owner not set on update, eg. SyncML if (!isset($contact['owner']) || !isset($contact['private'])) // owner/private not set on update, eg. SyncML
{ {
if (($old = $this->read($contact['id']))) // --> try reading the old entry and set it from there if (($old = $this->read($contact['id']))) // --> try reading the old entry and set it from there
{
if(!isset($contact['owner']))
{ {
$contact['owner'] = $old['owner']; $contact['owner'] = $old['owner'];
}
if(!isset($contact['private'])) if(!isset($contact['private']))
{ {
$contact['private'] = $old['private']; $contact['private'] = $old['private'];
@ -544,14 +548,15 @@ class bocontacts extends socontacts
* *
* @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE} * @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
* @param mixed $contact contact as array or the contact-id * @param mixed $contact contact as array or the contact-id
* @return boolean true permission granted or false for permission denied * @param boolean $deny_account_delete=false if true never allow to delete accounts
* @return boolean true permission granted, false for permission denied, null for contact does not exist
*/ */
function check_perms($needed,$contact) function check_perms($needed,$contact,$deny_account_delete=false)
{ {
if ((!is_array($contact) || !isset($contact['owner'])) && if ((!is_array($contact) || !isset($contact['owner'])) &&
!($contact = parent::read(is_array($contact) ? $contact['id'] : $contact))) !($contact = parent::read(is_array($contact) ? $contact['id'] : $contact)))
{ {
return false; return null;
} }
$owner = $contact['owner']; $owner = $contact['owner'];
@ -561,7 +566,7 @@ class bocontacts extends socontacts
return true; return true;
} }
// dont allow to delete own account (as admin handels it too) // dont allow to delete own account (as admin handels it too)
if (!$owner && $needed == EGW_ACL_DELETE && $contact['account_id'] == $this->user) if (!$owner && $needed == EGW_ACL_DELETE && ($deny_account_delete || $contact['account_id'] == $this->user))
{ {
return false; return false;
} }

2
phpgwapi/inc/class.accounts_sql.inc.php
View File

@ -215,7 +215,7 @@ class accounts_backend
{ {
$GLOBALS['egw']->contacts =& CreateObject('phpgwapi.contacts'); $GLOBALS['egw']->contacts =& CreateObject('phpgwapi.contacts');
} }
$GLOBALS['egw']->contacts->delete($contact_id); $GLOBALS['egw']->contacts->delete($contact_id,false); // false = allow to delete accounts (!)
} }
return true; return true;
} }