extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-27 02:14:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix non-admins did not see all contacts in Addressbook

Browse Source
This commit is contained in:
ralf 2024-11-12 12:13:50 +01:00
parent 9515a31791
commit cc1b2b8c7c
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/src/Accounts.php
View File

@ -212,7 +212,10 @@ class Accounts
if (empty($account_ids)) if (empty($account_ids))
{ {
$account_ids = $hidden_account_ids; $account_ids = $hidden_account_ids;
if ($hidden === false) $account_ids[] = '!'; if ($hidden === false && $account_ids)
{
$account_ids[] = '!';
}
} }
elseif ($hidden === true) elseif ($hidden === true)
{ {
@ -289,9 +292,10 @@ class Accounts
$serial = self::cacheKey($param, $serial_unlimited); $serial = self::cacheKey($param, $serial_unlimited);
// implement $param['hidden'] via $param['account_id'] // implement $param['hidden'] via $param['account_id']
if (isset($param['hidden']) && !in_array($param['type'],['groups', 'owngroups'])) if (isset($param['hidden']) && !in_array($param['type'],['groups', 'owngroups']) &&
($account_id_filter = self::hidden2account_id($param['hidden'], (array)($param['account_id']??null))))
{ {
$param['account_id'] = self::hidden2account_id($param['hidden'], (array)$param['account_id']); $param['account_id'] = $account_id_filter;
} }
unset($param['hidden']); unset($param['hidden']);

1
api/src/Contacts/Sql.php
View File

@ -719,6 +719,7 @@ class Sql extends Api\Storage
// implement negated account_id filter // implement negated account_id filter
if (!empty($filter['account_id']) && ($not_account_ids = array_search('!', $filter['account_id'])) !== false) if (!empty($filter['account_id']) && ($not_account_ids = array_search('!', $filter['account_id'])) !== false)
{ {
unset($filter['account_id'][$not_account_ids]);
$filter[] = $this->db->expression($this->table_name, ' NOT ', $this->table_name.'.', ['account_id' => $filter['account_id']]); $filter[] = $this->db->expression($this->table_name, ' NOT ', $this->table_name.'.', ['account_id' => $filter['account_id']]);
unset($filter['account_id']); unset($filter['account_id']);
} }

5
api/src/Contacts/Storage.php
View File

@ -660,9 +660,10 @@ class Storage
//error_log(__METHOD__.'('.array2string($criteria,true).','.array2string($only_keys).",'$order_by','$extra_cols','$wildcard','$empty','$op',".array2string($start).','.array2string($filter,true).",'$join')"); //error_log(__METHOD__.'('.array2string($criteria,true).','.array2string($only_keys).",'$order_by','$extra_cols','$wildcard','$empty','$op',".array2string($start).','.array2string($filter,true).",'$join')");
// add hidden user filter for non-admins // add hidden user filter for non-admins
if (empty($GLOBALS['egw_info']['user']['apps']['admin']) && empty($filter['owner'])) if (empty($GLOBALS['egw_info']['user']['apps']['admin']) && empty($filter['owner']) &&
($account_id_filter = Api\Accounts::hidden2account_id(false, $filter['account_id'] ?? null)))
{ {
$filter['account_id'] = Api\Accounts::hidden2account_id(false, $filter['account_id']); $filter['account_id'] = $account_id_filter;
} }
// Handle 'None' country option // Handle 'None' country option
if(is_array($filter) && isset($filter['adr_one_countrycode']) && $filter['adr_one_countrycode'] === '-custom-') if(is_array($filter) && isset($filter['adr_one_countrycode']) && $filter['adr_one_countrycode'] === '-custom-')