extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 06:30:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply ACL to definition list - only show definitions user can use

Browse Source
This commit is contained in:
Nathan Gray 2011-05-18 14:46:57 +00:00
parent 678efd6ced
commit 86ced579db
4 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
importexport/inc/class.importexport_definition.inc.php
View File

@ -136,7 +136,7 @@ class importexport_definition implements importexport_iface_egw_record {
* @return array
*/
private function get_allowed_users() {
return explode(',',$this->definition['allowed_users']);
return explode(',',substr($this->definition['allowed_users'],1,-1));
}
/**
@ -145,7 +145,7 @@ class importexport_definition implements importexport_iface_egw_record {
* @param array $_allowed_users
*/
private function set_allowed_users( $_allowed_users ) {
$this->definition['allowed_users'] = implode(',',(array)$_allowed_users);
$this->definition['allowed_users'] = ','.implode(',',(array)$_allowed_users) .',';
}
/**

22
importexport/inc/class.importexport_definitions_bo.inc.php
View File

@ -42,9 +42,29 @@ class importexport_definitions_bo {
public function get_rows(&$query, &$rows, &$readonlys)
{
// Filter only definitions user is allowed to use
if(!$GLOBALS['egw_info']['user']['apps']['admin']) {
$this_membership = $GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'], true);
$this_membership[] = $GLOBALS['egw_info']['user']['account_id'];
$sql .= ' (';
$read = array();
foreach($this_membership as $id)
{
$read[] = 'allowed_users '.
$GLOBALS['egw']->db->capabilities['case_insensitive_like'].' '.
$GLOBALS['egw']->db->quote('%,'.str_replace('_','\\_',$id) .',%');
}
$sql .= implode(' OR ', $read);
$sql .= ') ';
$query['col_filter'][] = $sql;
}
$total = $this->so_sql->get_rows($query, $rows, $readonlys);
$ro_count = 0;
foreach($rows as $row) {
foreach($rows as &$row) {
// Strip off leading + trailing ,
$row['allowed_users'] = substr($row['allowed_users'],1,-1);
$readonlys["edit[{$row['definition_id']}]"] = $readonlys["delete[{$row['definition_id']}]"] =
($row['owner'] != $GLOBALS['egw_info']['user']['account_id']) &&
!$GLOBALS['egw_info']['user']['apps']['admin'];

2
importexport/setup/setup.inc.php
View File

@ -10,7 +10,7 @@
*/
$setup_info['importexport']['name'] = 'importexport';
$setup_info['importexport']['version'] = '1.9.002';
$setup_info['importexport']['version'] = '1.9.003';
$setup_info['importexport']['app_order'] = 2;
$setup_info['importexport']['enable'] = 2;
$setup_info['importexport']['tables'] = array('egw_importexport_definitions');

8
importexport/setup/tables_update.inc.php
View File

@ -60,3 +60,11 @@ function importexport_upgrade1_9_001()
// Not needed - did it wrong
return $GLOBALS['setup_info']['importexport']['currentver'] = '1.9.002';
}
function importexport_upgrade1_9_002()
{
$sql = 'UPDATE egw_importexport_definitions SET allowed_users = '.
$GLOBALS['egw_setup']->db->concat("','", 'allowed_users', "','");
$GLOBALS['egw_setup']->oProc->query($sql, __LINE__, __FILE__);
return $GLOBALS['setup_info']['importexport']['currentver'] = '1.9.003';
}