* Addressbook: storing of account-contact-data did not work for non-admins which are in groups allowed to edit accounts (defined in Addressbook configuration)

This commit is contained in:
Ralf Becker 2015-08-19 11:21:50 +00:00
parent 95553f514c
commit 98d874e048
2 changed files with 16 additions and 5 deletions

View File

@ -931,7 +931,7 @@ class addressbook_bo extends addressbook_so
} }
$to_write = $contact; $to_write = $contact;
// (non-admin) user editing his own account, make sure he does not change fields he is not allowed to (eg. via SyncML or xmlrpc) // (non-admin) user editing his own account, make sure he does not change fields he is not allowed to (eg. via SyncML or xmlrpc)
if (!$ignore_acl && !$contact['owner'] && !$this->is_admin($contact)) if (!$ignore_acl && !$contact['owner'] && !($this->is_admin($contact) || $this->allow_account_edit()))
{ {
foreach($contact as $field => $value) foreach($contact as $field => $value)
{ {
@ -940,7 +940,7 @@ class addressbook_bo extends addressbook_so
// user is not allowed to change that // user is not allowed to change that
if ($old) if ($old)
{ {
$to_write[$field] = $old[$field]; $to_write[$field] = $contact[$field] = $old[$field];
} }
else else
{ {

View File

@ -351,9 +351,7 @@ class addressbook_so
if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= EGW_ACL_DELETE; if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= EGW_ACL_DELETE;
} }
// allow certain groups to edit contact-data of accounts // allow certain groups to edit contact-data of accounts
if ($GLOBALS['egw_info']['server']['allow_account_edit'] && if (self::allow_account_edit($user))
array_intersect($GLOBALS['egw_info']['server']['allow_account_edit'],
$GLOBALS['egw']->accounts->memberships($user, true)))
{ {
$grants[0] |= EGW_ACL_READ|EGW_ACL_EDIT; $grants[0] |= EGW_ACL_READ|EGW_ACL_EDIT;
} }
@ -379,6 +377,19 @@ class addressbook_so
return isset($GLOBALS['egw_info']['user']['apps']['admin']) && !$GLOBALS['egw']->acl->check('account_access',16,'admin'); return isset($GLOBALS['egw_info']['user']['apps']['admin']) && !$GLOBALS['egw']->acl->check('account_access',16,'admin');
} }
/**
* Check if current user is in a group, which is allowed to edit accounts
*
* @param int $user =null default $this->user
* @return boolean
*/
function allow_account_edit($user=null)
{
return $GLOBALS['egw_info']['server']['allow_account_edit'] &&
array_intersect($GLOBALS['egw_info']['server']['allow_account_edit'],
$GLOBALS['egw']->accounts->memberships($user ? $user : $this->user, true));
}
/** /**
* Read all customfields of the given id's * Read all customfields of the given id's
* *