From 9165bf5f60c9e0a6a86fce9aa7b5e373b0111c30 Mon Sep 17 00:00:00 2001 From: skeeter Date: Thu, 29 Nov 2001 03:12:01 +0000 Subject: [PATCH] Fix for group accessing calendar events. A few places I removed some extraneous code. --- calendar/inc/class.bocalendar.inc.php | 35 ++- calendar/inc/class.socalendar.inc.php | 4 +- calendar/inc/class.socalendar_sql.inc.php | 2 +- calendar/inc/class.uicalendar.inc.php | 249 +++++++++++----------- phpgwapi/inc/class.acl.inc.php | 3 +- 5 files changed, 157 insertions(+), 136 deletions(-) diff --git a/calendar/inc/class.bocalendar.inc.php b/calendar/inc/class.bocalendar.inc.php index c7b68b8b5c..6133b78d95 100755 --- a/calendar/inc/class.bocalendar.inc.php +++ b/calendar/inc/class.bocalendar.inc.php @@ -82,8 +82,8 @@ ) ); - var $debug = False; -// var $debug = True; +// var $debug = False; + var $debug = True; var $so; var $cached_events; @@ -122,6 +122,16 @@ { $this->grants = $GLOBALS['phpgw']->acl->get_grants('calendar'); + @reset($this->grants); + if($this->debug) + { + while(list($grantor,$rights) = each($this->grants)) + { + echo ''."\n"; + } + @reset($this->grantor); + } + if($this->debug) { echo ''."\n"; } if($session) @@ -330,6 +340,19 @@ } } + function member_of_group() + { + $group_owners = $GLOBALS['phpgw']->accounts->membership($GLOBALS['phpgw_info']['user']['account_id']); + while($group_owners && list($index,$group_info) = each($group_owners)) + { + if($this->owner = $group_info['account_id']) + { + return True; + } + } + return False; + } + function save_sessiondata($data) { if ($this->use_session) @@ -1098,7 +1121,13 @@ { if($user == 0) { - return !!($this->grants[$this->owner] & $needed); + $allowed = !!($this->grants[$this->owner] & $needed); + if($this->debug) + { + echo ''."\n"; + } + + return $allowed; } else { diff --git a/calendar/inc/class.socalendar.inc.php b/calendar/inc/class.socalendar.inc.php index 07e6c8e84e..feed0d074f 100755 --- a/calendar/inc/class.socalendar.inc.php +++ b/calendar/inc/class.socalendar.inc.php @@ -110,10 +110,10 @@ $member[] = $group_info['account_id']; } @reset($member); - $sql .= ','.implode(',',$member).') '; +// $sql .= ','.implode(',',$member).') '; // $sql .= 'AND (phpgw_cal.datetime <= '.$starttime.') '; // $sql .= 'AND (((phpgw_cal_repeats.recur_enddate >= '.$starttime.') AND (phpgw_cal_repeats.recur_enddate <= '.$endtime.')) OR (phpgw_cal_repeats.recur_enddate=0))) ' - $sql .= 'AND ((phpgw_cal_repeats.recur_enddate >= '.$starttime.') OR (phpgw_cal_repeats.recur_enddate=0))) ' + $sql .= ') AND ((phpgw_cal_repeats.recur_enddate >= '.$starttime.') OR (phpgw_cal_repeats.recur_enddate=0))) ' . (strpos($this->filter,'private')?'AND phpgw_cal.is_public=0 ':'') . ($this->cat_id?"AND phpgw_cal.category like '%".$this->cat_id."%' ":'') . 'ORDER BY phpgw_cal.datetime ASC, phpgw_cal.edatetime ASC, phpgw_cal.priority ASC'; diff --git a/calendar/inc/class.socalendar_sql.inc.php b/calendar/inc/class.socalendar_sql.inc.php index e8126d0d07..18279f0d05 100755 --- a/calendar/inc/class.socalendar_sql.inc.php +++ b/calendar/inc/class.socalendar_sql.inc.php @@ -268,7 +268,7 @@ class socalendar_ extends socalendar__ $member[] = $group_info['account_id']; } @reset($member); - $user_where .= ','.implode(',',$member); +// $user_where .= ','.implode(',',$member); $user_where .= ')) '; if($this->debug) diff --git a/calendar/inc/class.uicalendar.inc.php b/calendar/inc/class.uicalendar.inc.php index 3a14af55cb..8f1d5ab64d 100755 --- a/calendar/inc/class.uicalendar.inc.php +++ b/calendar/inc/class.uicalendar.inc.php @@ -522,18 +522,15 @@ $date = $date?$date:intval($GLOBALS['HTTP_GET_VARS']['date']); // First, make sure they have permission to this entry - $continue_ok = True; if ($cal_id < 1) { echo lang('Invalid entry id.').''."\n"; - $continue_ok = False; $GLOBALS['phpgw']->common->phpgw_exit(True); } if(!$this->bo->check_perms(PHPGW_ACL_READ)) { echo lang('You do not have permission to read this record!').''."\n"; - $continue_ok = False; $GLOBALS['phpgw']->common->phpgw_exit(True); } @@ -542,152 +539,148 @@ if(!isset($event['id'])) { echo lang("Sorry, this event does not exist").'.'.''."\n"; - $continue_ok = False; $GLOBALS['phpgw']->common->phpgw_exit(True); } - if($continue_ok) + $this->bo->repeating_events = Array(); + $this->bo->cached_events = Array(); + $this->bo->repeating_events[0] = $event; + $datetime = mktime(0,0,0,$this->bo->month,$this->bo->day,$this->bo->year) - $this->tz_offset; + $this->bo->check_repeating_events($datetime); + $check_date = $GLOBALS['phpgw']->common->show_date($datetime,'Ymd'); + if(is_array($this->bo->cached_events[$check_date][0]) && + $this->bo->cached_events[$check_date][0]['id'] == $event['id']) { - $this->bo->repeating_events = Array(); - $this->bo->cached_events = Array(); - $this->bo->repeating_events[0] = $event; - $datetime = mktime(0,0,0,$this->bo->month,$this->bo->day,$this->bo->year) - $this->tz_offset; - $this->bo->check_repeating_events($datetime); - $check_date = $GLOBALS['phpgw']->common->show_date($datetime,'Ymd'); - if(is_array($this->bo->cached_events[$check_date][0]) && - $this->bo->cached_events[$check_date][0]['id'] == $event['id']) + $starttime = $this->bo->maketime($event['start']); + $endtime = $this->bo->maketime($event['end']); + $event['start']['month'] = $this->bo->month; + $event['start']['mday'] = $this->bo->day; + $event['start']['year'] = $this->bo->year; + $temp_end = $this->bo->maketime($event['start']) + ($endtime - $starttime); + $event['end']['month'] = date('m',$temp_end); + $event['end']['mday'] = date('d',$temp_end); + $event['end']['year'] = date('Y',$temp_end); + } + + $ret_value = $this->view_event($event,True); + echo $ret_value; + + if($ret_value == '
'.lang('You do not have permission to read this record!').'
') + { + echo ''."\n"; + $GLOBALS['phpgw']->common->phpgw_exit(True); + } + + $p = CreateObject('phpgwapi.Template',$this->template_dir); + $p->set_file( + Array( + 'form_button' => 'form_button_script.tpl' + ) + ); + + if($this->bo->owner == $event['owner']) + { + if ($this->bo->check_perms(PHPGW_ACL_EDIT)) { - $starttime = $this->bo->maketime($event['start']); - $endtime = $this->bo->maketime($event['end']); - $event['start']['month'] = $this->bo->month; - $event['start']['mday'] = $this->bo->day; - $event['start']['year'] = $this->bo->year; - $temp_end = $this->bo->maketime($event['start']) + ($endtime - $starttime); - $event['end']['month'] = date('m',$temp_end); - $event['end']['mday'] = date('d',$temp_end); - $event['end']['year'] = date('Y',$temp_end); - } - - $ret_value = $this->view_event($event,True); - echo $ret_value; - - if($ret_value == '
'.lang('You do not have permission to read this record!').'
') - { - echo ''."\n"; - $GLOBALS['phpgw']->common->phpgw_exit(True); - } - - $p = CreateObject('phpgwapi.Template',$this->template_dir); - $p->set_file( - Array( - 'form_button' => 'form_button_script.tpl' - ) - ); - - if($this->bo->owner == $event['owner']) - { - if ($this->bo->check_perms(PHPGW_ACL_EDIT)) + if($event['recur_type'] != MCAL_RECUR_NONE) { - if($event['recur_type'] != MCAL_RECUR_NONE) - { - $var = Array( - 'action_url_button' => $this->page('edit','&cal_id='.$cal_id), - 'action_text_button' => lang('Edit Single'), - 'action_confirm_button' => '', - 'action_extra_field' => ''."\n" - . '' - ); - $p->set_var($var); - echo $p->fp('out','form_button'); - - $var = Array( - 'action_url_button' => $this->page('edit','&cal_id='.$cal_id), - 'action_text_button' => lang('Edit Series'), - 'action_confirm_button' => '', - 'action_extra_field' => '' - ); - $p->set_var($var); - echo $p->fp('out','form_button'); - } - else - { - $var = Array( - 'action_url_button' => $this->page('edit','&cal_id='.$cal_id), - 'action_text_button' => lang('Edit'), - 'action_confirm_button' => '', - 'action_extra_field' => '' - ); - $p->set_var($var); - echo $p->fp('out','form_button'); - } + $var = Array( + 'action_url_button' => $this->page('edit','&cal_id='.$cal_id), + 'action_text_button' => lang('Edit Single'), + 'action_confirm_button' => '', + 'action_extra_field' => ''."\n" + . '' + ); + $p->set_var($var); + echo $p->fp('out','form_button'); $var = Array( - 'action_url_button' => $GLOBALS['phpgw']->link('/index.php','menuaction=calendar.uialarm.manager'), - 'action_text_button' => lang('Alarm Management'), + 'action_url_button' => $this->page('edit','&cal_id='.$cal_id), + 'action_text_button' => lang('Edit Series'), 'action_confirm_button' => '', - 'action_extra_field' => '' + 'action_extra_field' => '' + ); + $p->set_var($var); + echo $p->fp('out','form_button'); + } + else + { + $var = Array( + 'action_url_button' => $this->page('edit','&cal_id='.$cal_id), + 'action_text_button' => lang('Edit'), + 'action_confirm_button' => '', + 'action_extra_field' => '' ); $p->set_var($var); echo $p->fp('out','form_button'); } - if ($this->bo->check_perms(PHPGW_ACL_DELETE)) + $var = Array( + 'action_url_button' => $GLOBALS['phpgw']->link('/index.php','menuaction=calendar.uialarm.manager'), + 'action_text_button' => lang('Alarm Management'), + 'action_confirm_button' => '', + 'action_extra_field' => '' + ); + $p->set_var($var); + echo $p->fp('out','form_button'); + } + + if ($this->bo->check_perms(PHPGW_ACL_DELETE)) + { + if($event['recur_type'] != MCAL_RECUR_NONE) { - if($event['recur_type'] != MCAL_RECUR_NONE) + $var = Array( + 'action_url_button' => $this->page('delete','&cal_id='.$cal_id), + 'action_text_button' => lang('Delete Single'), + 'action_confirm_button' => "onClick=\"return confirm('".lang("Are you sure\\nyou want to\\ndelete this single occurence ?\\n\\nThis will delete\\nthis entry for all users.")."')\"", + 'action_extra_field' => '' + ); + $p->set_var($var); + echo $p->fp('out','form_button'); + + $var = Array( + 'action_url_button' => $this->page('delete','&cal_id='.$cal_id), + 'action_text_button' => lang('Delete Series'), + 'action_confirm_button' => "onClick=\"return confirm('".lang("Are you sure\\nyou want to\\ndelete this entry ?\\n\\nThis will delete\\nthis entry for all users.")."')\"", + 'action_extra_field' => '' + ); + $p->set_var($var); + echo $p->fp('out','form_button'); + + if($event['recur_exception']) { $var = Array( - 'action_url_button' => $this->page('delete','&cal_id='.$cal_id), - 'action_text_button' => lang('Delete Single'), - 'action_confirm_button' => "onClick=\"return confirm('".lang("Are you sure\\nyou want to\\ndelete this single occurence ?\\n\\nThis will delete\\nthis entry for all users.")."')\"", - 'action_extra_field' => '' - ); - $p->set_var($var); - echo $p->fp('out','form_button'); - - $var = Array( - 'action_url_button' => $this->page('delete','&cal_id='.$cal_id), - 'action_text_button' => lang('Delete Series'), - 'action_confirm_button' => "onClick=\"return confirm('".lang("Are you sure\\nyou want to\\ndelete this entry ?\\n\\nThis will delete\\nthis entry for all users.")."')\"", - 'action_extra_field' => '' - ); - $p->set_var($var); - echo $p->fp('out','form_button'); - - if($event['recur_exception']) - { - $var = Array( - 'action_url_button' => $this->page('reinstate_list','&cal_id='.$cal_id), - 'action_text_button' => lang('Reinstate'), - 'action_confirm_button' => '', - 'action_extra_field' => '' - ); - $p->set_var($var); - echo $p->fp('out','form_button'); - } - } - else - { - $var = Array( - 'action_url_button' => $this->page('delete','&cal_id='.$cal_id), - 'action_text_button' => lang('Delete'), - 'action_confirm_button' => "onClick=\"return confirm('".lang("Are you sure\\nyou want to\\ndelete this entry ?\\n\\nThis will delete\\nthis entry for all users.")."')\"", + 'action_url_button' => $this->page('reinstate_list','&cal_id='.$cal_id), + 'action_text_button' => lang('Reinstate'), + 'action_confirm_button' => '', 'action_extra_field' => '' ); $p->set_var($var); echo $p->fp('out','form_button'); } } + else + { + $var = Array( + 'action_url_button' => $this->page('delete','&cal_id='.$cal_id), + 'action_text_button' => lang('Delete'), + 'action_confirm_button' => "onClick=\"return confirm('".lang("Are you sure\\nyou want to\\ndelete this entry ?\\n\\nThis will delete\\nthis entry for all users.")."')\"", + 'action_extra_field' => '' + ); + $p->set_var($var); + echo $p->fp('out','form_button'); + } } - - $var = Array( - 'action_url_button' => $this->page('export','&cal_id='.$cal_id), - 'action_text_button' => lang('Export'), - 'action_confirm_button' => '', - 'action_extra_field' => '' - ); - $p->set_var($var); - echo $p->fp('out','form_button').''; } + + $var = Array( + 'action_url_button' => $this->page('export','&cal_id='.$cal_id), + 'action_text_button' => lang('Export'), + 'action_confirm_button' => '', + 'action_extra_field' => '' + ); + $p->set_var($var); + echo $p->fp('out','form_button').''; } function edit($params='') @@ -1113,7 +1106,8 @@ unset($GLOBALS[\'phpgw_info\'][\'flags\'][\'nonavbar\']); $GLOBALS[\'phpgw\']->common->phpgw_header(); - $html = CreateObject(\'infolog.html\'); + $html = CreateObject(\'calendar.html\'); +// $html = CreateObject(\'infolog.html\'); $sbox = CreateObject(\'phpgwapi.sbox\'); $intervals_per_day = 3; // this should be configurable @@ -2378,7 +2372,7 @@ function view_event($event,$alarms=False) { - if(!$event['participants'][$this->bo->owner]) + if(!$event['participants'][$this->bo->owner] && !$this->bo->member_of_group()) { return '
'.lang('You do not have permission to read this record!').'
'; } @@ -2824,7 +2818,6 @@ } } -// if (isset($time[99]) && strlen($time[99]) > 0) if (isset($time[99][0])) { $var = Array( @@ -2854,7 +2847,6 @@ { // this might mean there's an overlap, or it could mean one event // ends at 11:15 and another starts at 11:30. -// if (isset($time[$i]) && strlen($time[$i])) if (isset($time[$i][$j])) { $p->set_var('event',$time[$i][$j]); @@ -2863,7 +2855,6 @@ } $rowspan--; } -// elseif (!isset($time[$i]) || !strlen($time[$i])) elseif (!isset($time[$i][$j])) { $p->set_var('event',' '); diff --git a/phpgwapi/inc/class.acl.inc.php b/phpgwapi/inc/class.acl.inc.php index 9132465759..444eeabe06 100644 --- a/phpgwapi/inc/class.acl.inc.php +++ b/phpgwapi/inc/class.acl.inc.php @@ -644,9 +644,10 @@ { $grants[$grantor] = 0; } + $grants[$grantor] |= $rights; if(!!($rights & PHPGW_ACL_READ)) { - $grants[$grantor] = PHPGW_ACL_READ; + $grants[$grantor] |= PHPGW_ACL_READ; } } while(list($nul,$grantors) = each($accounts[$grantor]))