From b5b6784ec181356f89c5b0deedc3aaaf8f6b6ff2 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Tue, 4 Aug 2015 09:55:29 +0000
Subject: [PATCH] * Admin/PostgreSQL: shorten ACL labels used to limit admin
 rights to 16 char and fixed stalled 14.3 update for PostgreSQL

---
 admin/inc/class.admin_accesslog.inc.php  |   4 +-
 admin/inc/class.admin_categories.inc.php |  14 +-
 admin/inc/class.admin_hooks.inc.php      |  20 +--
 admin/inc/class.uiasyncservice.inc.php   |   2 +-
 admin/inc/class.uiconfig.inc.php         |   6 +-
 admin/inc/class.uimainscreen.inc.php     |   6 +-
 admin/inc/hook_acl_manager.inc.php       | 213 +++++++++++------------
 phpgwapi/setup/tables_update.inc.php     |   7 +
 8 files changed, 138 insertions(+), 134 deletions(-)

diff --git a/admin/inc/class.admin_accesslog.inc.php b/admin/inc/class.admin_accesslog.inc.php
index 4aed86e0a8..2af7986864 100644
--- a/admin/inc/class.admin_accesslog.inc.php
+++ b/admin/inc/class.admin_accesslog.inc.php
@@ -142,7 +142,7 @@ class admin_accesslog
 		if (is_array($content)) $sessions_list = $content['nm']['session_list'];
 
 		// check if user has access to requested functionality
-		if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions_access' : 'access_log_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check($sessions_list ? 'current_sessions' : 'access_log_acces',1,'admin'))
 		{
 			$GLOBALS['egw']->redirect_link('/index.php');
 		}
@@ -283,7 +283,7 @@ class admin_accesslog
 				{
 						unset($sessionid[$key]);	// dont allow to kill own sessions
 				}
-				if ($GLOBALS['egw']->acl->check('current_sessions_access',8,'admin'))
+				if ($GLOBALS['egw']->acl->check('current_sessions',8,'admin'))
 				{
 					$failed ++;
 				}
diff --git a/admin/inc/class.admin_categories.inc.php b/admin/inc/class.admin_categories.inc.php
index e272f18584..7f6fb7c875 100644
--- a/admin/inc/class.admin_categories.inc.php
+++ b/admin/inc/class.admin_categories.inc.php
@@ -57,7 +57,7 @@ class admin_categories
 		{
 			throw new egw_exception_no_permission_admin();
 		}
-		if ($GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
 		{
 			$GLOBALS['egw']->redirect_link('/index.php');
 		}
@@ -71,12 +71,12 @@ class admin_categories
 	{
 		if (is_null(self::$acl_search))
 		{
-			self::$acl_search = !$GLOBALS['egw']->acl->check('global_categories_access',2,'admin');
-			self::$acl_add    = !$GLOBALS['egw']->acl->check('global_categories_access',4,'admin');
-			self::$acl_view   = !$GLOBALS['egw']->acl->check('global_categories_access',8,'admin');
-			self::$acl_edit   = !$GLOBALS['egw']->acl->check('global_categories_access',16,'admin');
-			self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categories_access',32,'admin');
-			self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categories_access',64,'admin');
+			self::$acl_search = !$GLOBALS['egw']->acl->check('global_categorie',2,'admin');
+			self::$acl_add    = !$GLOBALS['egw']->acl->check('global_categorie',4,'admin');
+			self::$acl_view   = !$GLOBALS['egw']->acl->check('global_categorie',8,'admin');
+			self::$acl_edit   = !$GLOBALS['egw']->acl->check('global_categorie',16,'admin');
+			self::$acl_delete = !$GLOBALS['egw']->acl->check('global_categorie',32,'admin');
+			self::$acl_add_sub= !$GLOBALS['egw']->acl->check('global_categorie',64,'admin');
 		}
 	}
 
diff --git a/admin/inc/class.admin_hooks.inc.php b/admin/inc/class.admin_hooks.inc.php
index bbc95bd440..89ba8a24a4 100644
--- a/admin/inc/class.admin_hooks.inc.php
+++ b/admin/inc/class.admin_hooks.inc.php
@@ -53,7 +53,7 @@ class admin_hooks
 		if ($GLOBALS['egw_info']['user']['apps']['admin'])
 		{
 
-			if (! $GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
 			{
 				$file['Site Configuration']         = egw::link('/index.php','menuaction=admin.uiconfig.index&appname=admin');
 			}
@@ -80,26 +80,26 @@ class admin_hooks
 				);
 			}
 
-			if (! $GLOBALS['egw']->acl->check('applications_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('applications_acc',1,'admin'))
 			{
 				$file['Applications']               = egw::link('/index.php','menuaction=admin.admin_applications.index');
 			}
-			if (! $GLOBALS['egw']->acl->check('global_categories_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('global_categorie',1,'admin'))
 			{
 				$file['Global Categories']          = egw::link('/index.php','menuaction=admin.admin_categories.index&appname=phpgw&ajax=true');
 			}
 
-			if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
+			if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin') || !$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
 			{
 				$file['Change Main Screen Message'] = egw::link('/index.php','menuaction=admin.uimainscreen.index');
 			}
 
-			if (! $GLOBALS['egw']->acl->check('current_sessions_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('current_sessions',1,'admin'))
 			{
 				$file['View Sessions'] = egw::link('/index.php','menuaction=admin.admin_accesslog.sessions&ajax=true');
 			}
 
-			if (! $GLOBALS['egw']->acl->check('access_log_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('access_log_acces',1,'admin'))
 			{
 				$file['View Access Log'] = egw::link('/index.php','menuaction=admin.admin_accesslog.index&ajax=true');
 			}
@@ -110,12 +110,12 @@ class admin_hooks
 				$file['View Error Log']  = egw::link('/index.php','menuaction=admin.uilog.list_log');
 			}*/
 
-			if (! $GLOBALS['egw']->acl->check('applications_access',16,'admin'))
+			if (! $GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
 			{
 				$file['Clear cache and register hooks'] = egw::link('/index.php','menuaction=admin.admin_hooks.register_all_hooks');
 			}
 
-			if (! $GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
+			if (! $GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
 			{
 				$file['Asynchronous timed services'] = egw::link('/index.php','menuaction=admin.uiasyncservice.index');
 			}
@@ -156,7 +156,7 @@ class admin_hooks
 	 */
 	function register_all_hooks()
 	{
-		if ($GLOBALS['egw']->acl->check('applications_access',16,'admin'))
+		if ($GLOBALS['egw']->acl->check('applications_acc',16,'admin'))
 		{
 			$GLOBALS['egw']->redirect_link('/index.php');
 		}
@@ -193,7 +193,7 @@ class admin_hooks
 			'icon' => 'lock',
 		);
 
-		if (!$GLOBALS['egw']->acl->check('current_sessions_access',1,'admin'))	// no rights to view
+		if (!$GLOBALS['egw']->acl->check('current_sessions',1,'admin'))	// no rights to view
 		{
 			$actions[] = array(
 				'description' => 'Login History',
diff --git a/admin/inc/class.uiasyncservice.inc.php b/admin/inc/class.uiasyncservice.inc.php
index cec90d57ca..cde4aec042 100644
--- a/admin/inc/class.uiasyncservice.inc.php
+++ b/admin/inc/class.uiasyncservice.inc.php
@@ -20,7 +20,7 @@ class uiasyncservice
 
 	function index()
 	{
-		if ($GLOBALS['egw']->acl->check('asyncservice_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check('asyncservice_acc',1,'admin'))
 		{
 			egw::redirect_link('/index.php');
 		}
diff --git a/admin/inc/class.uiconfig.inc.php b/admin/inc/class.uiconfig.inc.php
index 1829bf5a79..555febaf1b 100644
--- a/admin/inc/class.uiconfig.inc.php
+++ b/admin/inc/class.uiconfig.inc.php
@@ -36,7 +36,7 @@ class uiconfig
 			//_debug_array($params);
 			$_appname = $_GET['appname'];
 		}
-		if ($GLOBALS['egw']->acl->check('site_config_access',1,'admin'))
+		if ($GLOBALS['egw']->acl->check('site_config_acce',1,'admin'))
 		{
 			egw::redirect_link('/index.php');
 		}
@@ -105,7 +105,7 @@ class uiconfig
 
 		$c = new config($config_appname);
 		$c->read_repository();
-		if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_access',2,'admin'))
+		if ($_POST['cancel'] || ($_POST['submit'] || $_POST['save'] || $_POST['apply']) && $GLOBALS['egw']->acl->check('site_config_acce',2,'admin'))
 		{
 			egw::redirect_link('/admin/index.php?ajax=true');
 		}
@@ -261,7 +261,7 @@ class uiconfig
 			}
 		}
 		$t->set_var('submit', '<div class="dialogFooterToolbar" style="text-align: left">'.
-			($GLOBALS['egw']->acl->check('site_config_access',2,'admin') ? '' :
+			($GLOBALS['egw']->acl->check('site_config_acce',2,'admin') ? '' :
 				html::submit_button('save', 'Save')."\n".
 				html::submit_button('apply', 'Apply')));
 		$t->set_var('cancel', html::submit_button('cancel', 'Cancel').'</div>');
diff --git a/admin/inc/class.uimainscreen.inc.php b/admin/inc/class.uimainscreen.inc.php
index 7811197295..19e4fbe44c 100644
--- a/admin/inc/class.uimainscreen.inc.php
+++ b/admin/inc/class.uimainscreen.inc.php
@@ -18,11 +18,11 @@ class uimainscreen
 		$select_lang = $_POST['select_lang'];
 		$message     = get_magic_quotes_gpc() ? stripslashes($_POST['message']) : $_POST['message'];
 		$acl_ok = array();
-		if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',1,'admin'))
+		if (!$GLOBALS['egw']->acl->check('mainscreen_messa',1,'admin'))
 		{
 			$acl_ok['mainscreen'] = True;
 		}
-		if (!$GLOBALS['egw']->acl->check('mainscreen_message_access',2,'admin'))
+		if (!$GLOBALS['egw']->acl->check('mainscreen_messa',2,'admin'))
 		{
 			$acl_ok['loginscreen'] = True;
 		}
@@ -80,7 +80,7 @@ class uimainscreen
 			$GLOBALS['egw']->template->fp('rows','row',True);
 
 			$select_section = '<select name="section">'."\n";
-			foreach($acl_ok as $key => $val)
+			foreach(array_keys($acl_ok) as $key)
 			{
 				$select_section .= ' <option value="'.$key.'"'.
 					($key == $_POST['section'] ? ' selected' : '') . '>' .
diff --git a/admin/inc/hook_acl_manager.inc.php b/admin/inc/hook_acl_manager.inc.php
index e40709cfbb..e20efcfbc7 100644
--- a/admin/inc/hook_acl_manager.inc.php
+++ b/admin/inc/hook_acl_manager.inc.php
@@ -1,125 +1,122 @@
 <?php
-	/**************************************************************************\
-	* eGroupWare                                                               *
-	* http://www.egroupware.org                                                *
-	* --------------------------------------------                             *
-	*  This program is free software; you can redistribute it and/or modify it *
-	*  under the terms of the GNU General Public License as published by the   *
-	*  Free Software Foundation; either version 2 of the License, or (at your  *
-	*  option) any later version.                                              *
-	\**************************************************************************/
+/**
+ * EGgroupware administration
+ *
+ * @link http://www.egroupware.org
+ * @package admin
+ * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
+ * @version $Id$
+ */
 
-	/* $Id$ */
+$GLOBALS['acl_manager']['admin']['site_config_acce'] = array(
+	'name' => 'Deny access to site configuration',
+	'rights' => array(
+		'List config settings'   => 1,
+		'Change config settings' => 2
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['site_config_access'] = array(
-		'name' => 'Deny access to site configuration',
-		'rights' => array(
-			'List config settings'   => 1,
-			'Change config settings' => 2
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['account_access'] = array(
+	'name' => 'Deny access to user accounts',
+	'rights' => array(
+		'Account list'    => 1,
+		'Search accounts' => 2,
+		'Add account'     => 4,
+		'View account'    => 8,
+		'Edit account'    => 16,
+		'Delete account'  => 32,
+		'change ACL Rights' => 64
+	)
+);	// was already there and seems to work ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['account_access'] = array(
-		'name' => 'Deny access to user accounts',
-		'rights' => array(
-			'Account list'    => 1,
-			'Search accounts' => 2,
-			'Add account'     => 4,
-			'View account'    => 8,
-			'Edit account'    => 16,
-			'Delete account'  => 32,
-			'change ACL Rights' => 64
-		)
-	);	// was already there and seems to work ralfbecker
-
-	$GLOBALS['acl_manager']['admin']['group_access'] = array(
-		'name' => 'Deny access to groups',
-		'rights' => array(
-			'Group list'    => 1,
-			'Search groups' => 2,
-			'Add group'     => 4,
+$GLOBALS['acl_manager']['admin']['group_access'] = array(
+	'name' => 'Deny access to groups',
+	'rights' => array(
+		'Group list'    => 1,
+		'Search groups' => 2,
+		'Add group'     => 4,
 //			'View group'    => 8,			// Will be added in the future
-			'Edit group'    => 16,
-			'Delete group'  => 32
-		)
-	);	// was already there and seems to work ralfbecker
+		'Edit group'    => 16,
+		'Delete group'  => 32
+	)
+);	// was already there and seems to work ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['applications_access'] = array(
-		'name' => 'Deny access to applications',
-		'rights' => array(
+$GLOBALS['acl_manager']['admin']['applications_acc'] = array(
+	'name' => 'Deny access to applications',
+	'rights' => array(
 /* not usefull --> setup
-			'Applications list' => 1,
-			'Add application'   => 2,
-			'Edit application'  => 4,
-			'Delete application'  => 8,
+		'Applications list' => 1,
+		'Add application'   => 2,
+		'Edit application'  => 4,
+		'Delete application'  => 8,
 */
-			'Register application hooks' => 16
-		)
-	);	// added and working ralfbecker
+		'Register application hooks' => 16
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['global_categories_access'] = array(
-		'name' => 'Deny access to global categories',
-		'rights' => array(
-			'Categories list'   => 1,
-			'Search categories' => 2,
-			'Add category'      => 4,
-			'View category'     => 8,
-			'Edit category'     => 16,
-			'Delete category'   => 32,
-			'Add sub-category'  => 64
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['global_categorie'] = array(
+	'name' => 'Deny access to global categories',
+	'rights' => array(
+		'Categories list'   => 1,
+		'Search categories' => 2,
+		'Add category'      => 4,
+		'View category'     => 8,
+		'Edit category'     => 16,
+		'Delete category'   => 32,
+		'Add sub-category'  => 64
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['mainscreen_message_access'] = array(
-		'name' => 'Deny access to mainscreen message',
-		'rights' => array(
-			'Main screen message' => 1,
-			'Login message'       => 2
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['mainscreen_messa'] = array(
+	'name' => 'Deny access to mainscreen message',
+	'rights' => array(
+		'Main screen message' => 1,
+		'Login message'       => 2
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['current_sessions_access'] = array(
-		'name' => 'Deny access to current sessions',
-		'rights' => array(
-			'List current sessions'   => 1,
-			'Show current action'     => 2,
-			'Show session IP address' => 4,
-			'Kill session'            => 8
-		)
-	);	// checked and working ralfbecker
+$GLOBALS['acl_manager']['admin']['current_sessions'] = array(
+	'name' => 'Deny access to current sessions',
+	'rights' => array(
+		'List current sessions'   => 1,
+		'Show current action'     => 2,
+		'Show session IP address' => 4,
+		'Kill session'            => 8
+	)
+);	// checked and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['access_log_access'] = array(
-		'name' => 'Deny access to access log',
-		'rights' => array(
-			'Show access log' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['access_log_acces'] = array(
+	'name' => 'Deny access to access log',
+	'rights' => array(
+		'Show access log' => 1
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
-		'name' => 'Deny access to error log',
-		'rights' => array(
-			'Show error log' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['error_log_access'] = array(
+	'name' => 'Deny access to error log',
+	'rights' => array(
+		'Show error log' => 1
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['asyncservice_access'] = array(
-		'name' => 'Deny access to asynchronous timed services',
-		'rights' => array(
-			'Asynchronous timed services' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['asyncservice_acc'] = array(
+	'name' => 'Deny access to asynchronous timed services',
+	'rights' => array(
+		'Asynchronous timed services' => 1
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
-		'name' => 'Deny access to DB backup and restore',
-		'rights' => array(
-			'DB backup and restore' => 1
-		)
-	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['db_backup_access'] = array(
+	'name' => 'Deny access to DB backup and restore',
+	'rights' => array(
+		'DB backup and restore' => 1
+	)
+);	// added and working ralfbecker
 
-	$GLOBALS['acl_manager']['admin']['info_access'] = array(
-		'name' => 'Deny access to phpinfo',
-		'rights' => array(
-			'Show phpinfo()' => 1
- 		)
- 	);	// added and working ralfbecker
+$GLOBALS['acl_manager']['admin']['info_access'] = array(
+	'name' => 'Deny access to phpinfo',
+	'rights' => array(
+		'Show phpinfo()' => 1
+	)
+);	// added and working ralfbecker
 
diff --git a/phpgwapi/setup/tables_update.inc.php b/phpgwapi/setup/tables_update.inc.php
index 55f65090e6..53bf811c62 100644
--- a/phpgwapi/setup/tables_update.inc.php
+++ b/phpgwapi/setup/tables_update.inc.php
@@ -162,6 +162,13 @@ function phpgwapi_upgrade14_2_004()
 		'type' => 'auto',
 		'nullable' => False
 	));*/
+
+	// shorten all acl_location entries to 16 chars, to not stall update for PostgreSQL
+	$GLOBALS['egw_setup']->db->update('egw_acl', array(
+		'acl_location=SUBSTRING(acl_location FROM 1 FOR 16)',
+		'acl_appname=SUBSTRING(acl_appname FROM 1 FOR 16)',
+	), 'LENGTH(acl_location) > 16 OR LENGTH(acl_appname) > 16', __LINE__, __FILE__);
+
 	$GLOBALS['egw_setup']->oProc->RefreshTable('egw_acl',array(
 		'fd' => array(
 			'acl_appname' => array('type' => 'ascii','precision' => '16','nullable' => False),