diff --git a/addressbook/view.php b/addressbook/view.php index 556403e992..de92085e3a 100755 --- a/addressbook/view.php +++ b/addressbook/view.php @@ -12,29 +12,37 @@ /* $Id$ */ - if ($submit || ! $ab_id) { - $phpgw_info["flags"] = array( - "noheader" => True, - "nonavbar" => True - ); - } - $phpgw_info["flags"] = array( + "noheader" => True, + "nonavbar" => True, "currentapp" => "addressbook", "enable_contacts_class" => True, - "enable_nextmatchs_class" => True); + "enable_nextmatchs_class" => True + ); include("../header.inc.php"); - $t = new Template($phpgw->common->get_tpl_dir("addressbook")); - $t->set_file(array( "view" => "view.tpl")); - $this = CreateObject("phpgwapi.contacts"); - if (! $ab_id) { - Header("Location: " . $phpgw->link("/addressbook/index.php")); + // First, make sure they have permission to this entry + $check = addressbook_read_entry($ab_id,array('owner' => 'owner')); + + if (! $this->check_perms($this->grants[$check[0]['owner']],PHPGW_ACL_PRIVATE) && $check[0]['owner'] != $phpgw_info['user']['account_id']) + { + Header("Location: " . $phpgw->link('/addressbook/index.php',"cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query")); + $phpgw->common->phpgw_exit(); } + if (!$ab_id) { + Header("Location: " . $phpgw->link("/addressbook/index.php")); + } elseif (!$submit && $ab_id) { + $phpgw->common->phpgw_header(); + echo parse_navbar(); + } + + $t = new Template($phpgw->common->get_tpl_dir("addressbook")); + $t->set_file(array( "view" => "view.tpl")); + while ($column = each($this->stock_contact_fields)) { if (isset($phpgw_info["user"]["preferences"]["addressbook"][$column[0]]) && $phpgw_info["user"]["preferences"]["addressbook"][$column[0]]) { @@ -46,9 +54,13 @@ // No prefs? if (!$columns_to_display ) { $columns_to_display = array( - "n_given" => "n_given", - "n_family" => "n_family", - "org_name" => "org_name" + "n_given" => "n_given", + "n_family" => "n_family", + "org_name" => "org_name", + "tel_work" => "tel_work", + "tel_home" => "tel_home", + "email" => "email", + "email_home" => "email_home" ); while ($column = each($columns_to_display)) { $colname[$column[0]] = $column[1]; @@ -68,6 +80,12 @@ $record_owner = $fields[0]["owner"]; + if ($fields[0]["access"] == 'private') { + $access_check = lang('private'); + } else { + $access_check = lang('public'); + } + $view_header = "

 " . lang("Address book - view") . $noprefs . "


"; $view_header .= ''; @@ -95,8 +113,10 @@ $columns_html .= '' . '
 
' . lang("Record owner") . '' - . $phpgw->common->grab_owner_name($record_owner) . '' - . $access_link . '
'; + . $phpgw->common->grab_owner_name($record_owner) . '' + . '' . lang("Record access") . '' + . $access_check . '' + . ''; $sfields = rawurlencode(serialize($fields[0]));