From 8d52ecd059d6abc841dca92cda353c5459978fb7 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Thu, 30 Oct 2014 15:12:37 +0000
Subject: [PATCH] not show apps and context-menu entries for apps not available
 to user, hooks->single() did not check apps for new method-hooks

---
 admin/inc/class.admin_passwordreset.inc.php | 6 +++---
 admin/inc/class.admin_ui.inc.php            | 4 ++--
 phpgwapi/inc/class.hooks.inc.php            | 5 +++++
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/admin/inc/class.admin_passwordreset.inc.php b/admin/inc/class.admin_passwordreset.inc.php
index 2de696ed7c..27f82adaa9 100644
--- a/admin/inc/class.admin_passwordreset.inc.php
+++ b/admin/inc/class.admin_passwordreset.inc.php
@@ -73,10 +73,10 @@ class admin_passwordreset
 			if ($content['download_csv'] && $content['changed'])
 			{
 				html::content_header('changed.csv','text/csv');
-				//echo "account_lid;account_password;account_email;account_firstname;account_lastname\n";
+				//echo "account_lid;account_passwd;account_email;account_firstname;account_lastname\n";
 				foreach($content['changed'] as $account)
 				{
-					echo "$account[account_lid];$account[account_password];$account[account_email];$account[account_firstname];$account[account_lastname]\n";
+					echo "$account[account_lid];$account[account_passwd];$account[account_email];$account[account_firstname];$account[account_lastname]\n";
 				}
 				common::egw_exit();
 			}
@@ -149,7 +149,7 @@ class admin_passwordreset
 								$GLOBALS['egw']->acl->delete_repository('preferences','nopasswordchange',$account_id);
 							}
 						}
-						$account['account_password'] = $password;
+						$account['account_passwd'] = $password;
 
 						if ((string)$content['mail']['activate'] !== '' || (string)$content['mail']['quota'] !== '' ||
 							strpos($content['mail']['domain'], '.') !== false)
diff --git a/admin/inc/class.admin_ui.inc.php b/admin/inc/class.admin_ui.inc.php
index 194fd75684..52a1cbc0ec 100644
--- a/admin/inc/class.admin_ui.inc.php
+++ b/admin/inc/class.admin_ui.inc.php
@@ -145,7 +145,7 @@ class admin_ui
 		foreach($apps as $app)
 		{
 			$GLOBALS['menuData'] = $data = array();
-			$data = $GLOBALS['egw']->hooks->single('edit_group', $app, true);
+			$data = $GLOBALS['egw']->hooks->single('edit_group', $app);
 			if (!is_array($data)) $data = $GLOBALS['menuData'];
 			//error_log(__METHOD__."() app $app returned ".array2string($data));
 			foreach($data as $item)
@@ -226,7 +226,7 @@ class admin_ui
 			foreach($apps as $app)
 			{
 				$GLOBALS['menuData'] = $data = array();
-				$data = $GLOBALS['egw']->hooks->single('edit_user', $app, true);
+				$data = $GLOBALS['egw']->hooks->single('edit_user', $app);
 				if (!is_array($data)) $data = $GLOBALS['menuData'];
 				foreach($data as $item)
 				{
diff --git a/phpgwapi/inc/class.hooks.inc.php b/phpgwapi/inc/class.hooks.inc.php
index 2f5a640b26..2511fbb203 100644
--- a/phpgwapi/inc/class.hooks.inc.php
+++ b/phpgwapi/inc/class.hooks.inc.php
@@ -138,6 +138,11 @@ class hooks
 		{
 			$appname = is_array($args) && isset($args['appname']) ? $args['appname'] : $GLOBALS['egw_info']['flags']['currentapp'];
 		}
+		// excute hook only if $no_permission_check or user has run-rights for app
+		if (!($no_permission_check || isset($GLOBALS['egw_info']['user']['apps'][$appname])))
+		{
+			return false;
+		}
 		$SEP = filesystem_separator();
 
 		/* First include the ordered apps hook file */