From d3cd7ea65bcec5d73b17c3eecdc99ee5d3a8c909 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Thu, 22 Mar 2012 12:59:34 +0000
Subject: [PATCH] only transfer link-registry for apps user has access too,
 otherwise mime-registry would open eg. iCal files in calender, even if user
 has no calendar access

---
 phpgwapi/inc/class.egw_link.inc.php | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/phpgwapi/inc/class.egw_link.inc.php b/phpgwapi/inc/class.egw_link.inc.php
index 7c8a34514f..164ac548ef 100644
--- a/phpgwapi/inc/class.egw_link.inc.php
+++ b/phpgwapi/inc/class.egw_link.inc.php
@@ -210,6 +210,8 @@ class egw_link extends solink
 	 * Get clientside relevant attributes from app registry in json format
 	 *
 	 * Only transfering relevant information cuts approx. half of the size.
+	 * Also only transfering information relevant to apps user has access too.
+	 * Important eg. for mime-registry, to not use calendar for opening iCal files, if user has no calendar!
 	 *
 	 * @return string json encoded object with app: object pairs with attributes "(view|add|edit)(|_id|_popup)"
 	 */
@@ -218,14 +220,17 @@ class egw_link extends solink
 		$to_json = array();
 		foreach(self::$app_register as $app => $data)
 		{
-			$to_json[$app] = array_intersect_key($data, array_flip(array(
-				'view','view_id','view_popup',
-				'add','add_app','add_id','add_popup',
-				'edit','edit_id','edit_popup',
-				'list','list_popup',
-				'name','icon','query',
-				'mime',
-			)));
+			if (isset($GLOBALS['egw_info']['user']['apps'][$app]))
+			{
+				$to_json[$app] = array_intersect_key($data, array_flip(array(
+					'view','view_id','view_popup',
+					'add','add_app','add_id','add_popup',
+					'edit','edit_id','edit_popup',
+					'list','list_popup',
+					'name','icon','query',
+					'mime',
+				)));
+			}
 		}
 		return json_encode($to_json);
 	}