mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-08 00:54:15 +01:00
Add some acl checks into index, view, and edit
This commit is contained in:
parent
16856ebc2b
commit
d6274ffd3a
@ -20,7 +20,6 @@
|
||||
$phpgw_info["flags"]["enable_addressbook_class"] = True;
|
||||
include("../header.inc.php");
|
||||
|
||||
#$t = new Template($phpgw_info["server"]["app_tpl"]);
|
||||
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
|
||||
$t->set_file(array( "edit" => "edit.tpl"));
|
||||
|
||||
@ -30,8 +29,9 @@
|
||||
}
|
||||
|
||||
$this = CreateObject("phpgwapi.contacts");
|
||||
|
||||
|
||||
if (!$submit) {
|
||||
// not checking acl here, only on submit - that ok?
|
||||
// merge in extra fields
|
||||
$extrafields = array(
|
||||
"pager" => "pager",
|
||||
@ -46,50 +46,57 @@
|
||||
$fields = $this->read_single_entry($ab_id,$qfields);
|
||||
form("","edit.php","Edit",$fields[0]);
|
||||
} else {
|
||||
if ($url == "http://") {
|
||||
$url = "";
|
||||
}
|
||||
if (! $bday_month && ! $bday_day && ! $bday_year) {
|
||||
$bday = "";
|
||||
//verify edit capabilities
|
||||
$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
|
||||
if ( ($rights & PHPGW_ACL_EDIT) || ($owner == $account_id) ) {
|
||||
if ($url == "http://") {
|
||||
$url = "";
|
||||
}
|
||||
if (! $bday_month && ! $bday_day && ! $bday_year) {
|
||||
$bday = "";
|
||||
} else {
|
||||
$bday = "$bday_month/$bday_day/$bday_year";
|
||||
}
|
||||
|
||||
$fields["org_name"] = $company;
|
||||
$fields["org_unit"] = $department;
|
||||
$fields["n_given"] = $firstname;
|
||||
$fields["n_family"] = $lastname;
|
||||
$fields["n_middle"] = $middle;
|
||||
$fields["n_prefix"] = $prefix;
|
||||
$fields["n_suffix"] = $suffix;
|
||||
if ($prefix) { $pspc = " "; }
|
||||
if ($middle) { $mspc = " "; }
|
||||
if ($suffix) { $sspc = " "; }
|
||||
$fields["fn"] = $prefix.$pspc.$firstname.$mspc.$middle.$mspc.$lastname.$sspc.$suffix;
|
||||
$fields["d_email"] = $email;
|
||||
$fields["d_emailtype"] = $email_type;
|
||||
$fields["title"] = $title;
|
||||
$fields["a_tel"] = $wphone;
|
||||
$fields["b_tel"] = $hphone;
|
||||
$fields["c_tel"] = $fax;
|
||||
$fields["pager"] = $pager;
|
||||
$fields["mphone"] = $mphone;
|
||||
$fields["ophone"] = $ophone;
|
||||
$fields["adr_street"] = $street;
|
||||
$fields["address2"] = $address2;
|
||||
$fields["adr_locality"] = $city;
|
||||
$fields["adr_region"] = $state;
|
||||
$fields["adr_postalcode"] = $zip;
|
||||
$fields["adr_countryname"] = $country;
|
||||
$fields["tz"] = $timezone;
|
||||
$fields["bday"] = $bday;
|
||||
$fields["url"] = $url;
|
||||
$fields["notes"] = $notes;
|
||||
|
||||
$this->update($ab_id,$phpgw_info["user"]["account_id"],$fields);
|
||||
|
||||
Header("Location: " . $phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start"));
|
||||
$phpgw->common->phpgw_exit();
|
||||
} else {
|
||||
$bday = "$bday_month/$bday_day/$bday_year";
|
||||
$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
|
||||
$phpgw->common->phpgw_exit();
|
||||
}
|
||||
|
||||
$fields["org_name"] = $company;
|
||||
$fields["org_unit"] = $department;
|
||||
$fields["n_given"] = $firstname;
|
||||
$fields["n_family"] = $lastname;
|
||||
$fields["n_middle"] = $middle;
|
||||
$fields["n_prefix"] = $prefix;
|
||||
$fields["n_suffix"] = $suffix;
|
||||
if ($prefix) { $pspc = " "; }
|
||||
if ($middle) { $mspc = " "; }
|
||||
if ($suffix) { $sspc = " "; }
|
||||
$fields["fn"] = $prefix.$pspc.$firstname.$mspc.$middle.$mspc.$lastname.$sspc.$suffix;
|
||||
$fields["d_email"] = $email;
|
||||
$fields["d_emailtype"] = $email_type;
|
||||
$fields["title"] = $title;
|
||||
$fields["a_tel"] = $wphone;
|
||||
$fields["b_tel"] = $hphone;
|
||||
$fields["c_tel"] = $fax;
|
||||
$fields["pager"] = $pager;
|
||||
$fields["mphone"] = $mphone;
|
||||
$fields["ophone"] = $ophone;
|
||||
$fields["adr_street"] = $street;
|
||||
$fields["address2"] = $address2;
|
||||
$fields["adr_locality"] = $city;
|
||||
$fields["adr_region"] = $state;
|
||||
$fields["adr_postalcode"] = $zip;
|
||||
$fields["adr_countryname"] = $country;
|
||||
$fields["tz"] = $timezone;
|
||||
$fields["bday"] = $bday;
|
||||
$fields["url"] = $url;
|
||||
$fields["notes"] = $notes;
|
||||
|
||||
$this->update($ab_id,$phpgw_info["user"]["account_id"],$fields);
|
||||
|
||||
Header("Location: " . $phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start"));
|
||||
$phpgw->common->phpgw_exit();
|
||||
}
|
||||
|
||||
$t->set_var("ab_id",$ab_id);
|
||||
|
@ -34,93 +34,99 @@
|
||||
|
||||
$fields = $this->read_single_entry($ab_id,$this->stock_contact_fields);
|
||||
|
||||
$email = $fields[0]["d_email"];
|
||||
$fullname = $fields[0]["fn"];
|
||||
$prefix = $fields[0]["n_prefix"];
|
||||
$firstname = $fields[0]["n_given"];
|
||||
$middle = $fields[0]["n_middle"];
|
||||
$lastname = $fields[0]["n_family"];
|
||||
$suffix = $fields[0]["n_suffix"];
|
||||
$title = $fields[0]["title"];
|
||||
$hphone = $fields[0]["a_tel"];
|
||||
$wphone = $fields[0]["b_tel"];
|
||||
$fax = $fields[0]["c_tel"];
|
||||
$pager = $fields[0]["pager"];
|
||||
$mphone = $fields[0]["mphone"];
|
||||
$ophone = $fields[0]["ophone"];
|
||||
$street = $fields[0]["adr_street"];
|
||||
$address2 = $fields[0]["address2"];
|
||||
$city = $fields[0]["adr_locality"];
|
||||
$state = $fields[0]["adr_region"];
|
||||
$zip = $fields[0]["adr_postalcode"];
|
||||
$country = $fields[0]["adr_countryname"];
|
||||
$company = $fields[0]["org_name"];
|
||||
$dept = $fields[0]["org_unit"];
|
||||
$bday = $fields[0]["bday"];
|
||||
$notes = $fields[0]["notes"];
|
||||
$access = $fields[0]["access"];
|
||||
$url = $fields[0]["url"];
|
||||
$rights = $phpgw->acl->get_rights('u_'.$$fields[0]["owner"],$phpgw_info["flags"]["currentapp"]);
|
||||
if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
|
||||
|
||||
if(!$nolname && !$nofname) {
|
||||
/* First name and last must be in the vcard. */
|
||||
if($lastname == "") {
|
||||
/* Run away here. */
|
||||
Header("Location: " . $phpgw->link("vcardout.php","nolname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
|
||||
}
|
||||
if($firstname == "" ) {
|
||||
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
|
||||
}
|
||||
$email = $fields[0]["d_email"];
|
||||
$fullname = $fields[0]["fn"];
|
||||
$prefix = $fields[0]["n_prefix"];
|
||||
$firstname = $fields[0]["n_given"];
|
||||
$middle = $fields[0]["n_middle"];
|
||||
$lastname = $fields[0]["n_family"];
|
||||
$suffix = $fields[0]["n_suffix"];
|
||||
$title = $fields[0]["title"];
|
||||
$hphone = $fields[0]["a_tel"];
|
||||
$wphone = $fields[0]["b_tel"];
|
||||
$fax = $fields[0]["c_tel"];
|
||||
$pager = $fields[0]["pager"];
|
||||
$mphone = $fields[0]["mphone"];
|
||||
$ophone = $fields[0]["ophone"];
|
||||
$street = $fields[0]["adr_street"];
|
||||
$address2 = $fields[0]["address2"];
|
||||
$city = $fields[0]["adr_locality"];
|
||||
$state = $fields[0]["adr_region"];
|
||||
$zip = $fields[0]["adr_postalcode"];
|
||||
$country = $fields[0]["adr_countryname"];
|
||||
$company = $fields[0]["org_name"];
|
||||
$dept = $fields[0]["org_unit"];
|
||||
$bday = $fields[0]["bday"];
|
||||
$notes = $fields[0]["notes"];
|
||||
$access = $fields[0]["access"];
|
||||
$url = $fields[0]["url"];
|
||||
|
||||
header("Content-type: text/X-VCARD");
|
||||
$fn = explode("@",$email);
|
||||
$filename = sprintf("%s.vcf", $fn[0]);
|
||||
if(!$nolname && !$nofname) {
|
||||
/* First name and last must be in the vcard. */
|
||||
if($lastname == "") {
|
||||
/* Run away here. */
|
||||
Header("Location: " . $phpgw->link("vcardout.php","nolname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
|
||||
}
|
||||
if($firstname == "" ) {
|
||||
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
|
||||
}
|
||||
|
||||
header("Content-Disposition: attachment; filename=$filename");
|
||||
|
||||
printf("BEGIN:VCARD\r\n");
|
||||
printf("N:%s;%s\r\n", $lastname, $firstname);
|
||||
if (!$fullname) { printf("FN:%s %s\r\n", $firstname, $lastname); }
|
||||
else { printf("FN:%s\r\n", $fullname); }
|
||||
header("Content-type: text/X-VCARD");
|
||||
$fn = explode("@",$email);
|
||||
$filename = sprintf("%s.vcf", $fn[0]);
|
||||
|
||||
/* This stuff is optional. */
|
||||
if($title != "") /* Title */
|
||||
printf("TITLE:%s\r\n",$title);
|
||||
if($email != "") /* E-mail */
|
||||
printf("EMAIL;INTERNET:%s\r\n", $email);
|
||||
if($hphone != "") /* Home Phone */
|
||||
printf("TEL;HOME:%s\r\n", $hphone);
|
||||
if($wphone != "") /* Work Phone */
|
||||
printf("TEL;WORK:%s\r\n", $wphone);
|
||||
if($mphone != "") /* Mobile Phone */
|
||||
printf("TEL;CELL:%s\r\n", $mphone);
|
||||
if($fax != "") /* Fax Number */
|
||||
printf("TEL;FAX:%s\r\n", $fax);
|
||||
if($pager != "") /* Pager Number */
|
||||
printf("TEL;PAGER:%s\r\n", $pager);
|
||||
//if($ophone != "") /* Other Phone */
|
||||
//$NOTES .= "Other Phone: " . $ophone;
|
||||
/* The address one is pretty icky. Send it if ANY of the fields are present. */
|
||||
if($address2 != "" || /* Street Line 1 */
|
||||
$street != "" || /* Street Line 2 */
|
||||
$city != "" || /* City */
|
||||
$state != "" || /* State */
|
||||
$zip != "") /* Zip */
|
||||
printf("ADR:;%s;%s;%s;%s;%s;%s\r\n", $address2,
|
||||
$street,$city,$state,$zip,$country);
|
||||
header("Content-Disposition: attachment; filename=$filename");
|
||||
|
||||
if($bday != "" && $bday != "//") /* Birthday */
|
||||
printf("BDAY:%s\r\n", $bday); /* This is not the right format. */
|
||||
if($company != "") /* Company Name (Really isn't company_name?) */
|
||||
printf("ORG:%s %s\r\n", $company, $dept);
|
||||
if($notes != "") /* Notes */
|
||||
$NOTES .= $notes;
|
||||
printf("BEGIN:VCARD\r\n");
|
||||
printf("N:%s;%s\r\n", $lastname, $firstname);
|
||||
if (!$fullname) { printf("FN:%s %s\r\n", $firstname, $lastname); }
|
||||
else { printf("FN:%s\r\n", $fullname); }
|
||||
|
||||
if($NOTES != "") /* All of the notes. */
|
||||
printf("NOTE:%s\r\n", $NOTES);
|
||||
/* End of Stuff. */
|
||||
printf("VERSION:2.1\r\n");
|
||||
printf("END:VCARD\r\n");
|
||||
} /* !nolname && !nofname */
|
||||
/* This stuff is optional. */
|
||||
if($title != "") /* Title */
|
||||
printf("TITLE:%s\r\n",$title);
|
||||
if($email != "") /* E-mail */
|
||||
printf("EMAIL;INTERNET:%s\r\n", $email);
|
||||
if($hphone != "") /* Home Phone */
|
||||
printf("TEL;HOME:%s\r\n", $hphone);
|
||||
if($wphone != "") /* Work Phone */
|
||||
printf("TEL;WORK:%s\r\n", $wphone);
|
||||
if($mphone != "") /* Mobile Phone */
|
||||
printf("TEL;CELL:%s\r\n", $mphone);
|
||||
if($fax != "") /* Fax Number */
|
||||
printf("TEL;FAX:%s\r\n", $fax);
|
||||
if($pager != "") /* Pager Number */
|
||||
printf("TEL;PAGER:%s\r\n", $pager);
|
||||
//if($ophone != "") /* Other Phone */
|
||||
//$NOTES .= "Other Phone: " . $ophone;
|
||||
/* The address one is pretty icky. Send it if ANY of the fields are present. */
|
||||
if($address2 != "" || /* Street Line 1 */
|
||||
$street != "" || /* Street Line 2 */
|
||||
$city != "" || /* City */
|
||||
$state != "" || /* State */
|
||||
$zip != "") /* Zip */
|
||||
printf("ADR:;%s;%s;%s;%s;%s;%s\r\n", $address2,
|
||||
$street,$city,$state,$zip,$country);
|
||||
|
||||
if($bday != "" && $bday != "//") /* Birthday */
|
||||
printf("BDAY:%s\r\n", $bday); /* This is not the right format. */
|
||||
if($company != "") /* Company Name (Really isn't company_name?) */
|
||||
printf("ORG:%s %s\r\n", $company, $dept);
|
||||
if($notes != "") /* Notes */
|
||||
$NOTES .= $notes;
|
||||
|
||||
if($NOTES != "") /* All of the notes. */
|
||||
printf("NOTE:%s\r\n", $NOTES);
|
||||
/* End of Stuff. */
|
||||
printf("VERSION:2.1\r\n");
|
||||
printf("END:VCARD\r\n");
|
||||
} /* !nolname && !nofname */
|
||||
} else { /* acl check failed */
|
||||
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
|
||||
}
|
||||
|
||||
if($nofname) {
|
||||
echo "<BR><BR><CENTER>";
|
||||
|
@ -24,9 +24,9 @@
|
||||
|
||||
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
|
||||
$t->set_file(array( "view" => "view.tpl"));
|
||||
|
||||
|
||||
$this = CreateObject("phpgwapi.contacts");
|
||||
|
||||
|
||||
if (! $ab_id) {
|
||||
Header("Location: " . $phpgw->link("index.php"));
|
||||
}
|
||||
@ -52,31 +52,34 @@
|
||||
$fields = $this->read_single_entry($ab_id,$qfields);
|
||||
|
||||
$owner = $fields[0]["owner"];
|
||||
|
||||
$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
|
||||
if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
|
||||
|
||||
$view_header = "<p> <b>" . lang("Address book - view") . "</b><hr><p>";
|
||||
$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';
|
||||
|
||||
$view_header = "<p> <b>" . lang("Address book - view") . "</b><hr><p>";
|
||||
$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';
|
||||
|
||||
while ($column = each($columns_to_display)) { // each entry column
|
||||
$columns_html .= "<tr><td><b>" . lang(display_name($colname[$column[0]])) . "</b>:</td>";
|
||||
$ref=$data="";
|
||||
$coldata = $fields[0][$column[0]];
|
||||
// Some fields require special formatting.
|
||||
if ($column[0] == "url") {
|
||||
$ref='<a href="'.$coldata.'" target="_new">';
|
||||
$data=$coldata.'</a>';
|
||||
} elseif ($column[0] == "email") {
|
||||
if ($phpgw_info["user"]["apps"]["email"]) {
|
||||
$ref='<a href="'.$phpgw->link($phpgw_info["server"]["webserver_url"]
|
||||
. "/email/compose.php","to=" . urlencode($coldata)).'" target="_new">';
|
||||
} else {
|
||||
$ref='<a href="mailto:'.$coldata.'">';
|
||||
while ($column = each($columns_to_display)) { // each entry column
|
||||
$columns_html .= "<tr><td><b>" . lang(display_name($colname[$column[0]])) . "</b>:</td>";
|
||||
$ref=$data="";
|
||||
$coldata = $fields[0][$column[0]];
|
||||
// Some fields require special formatting.
|
||||
if ($column[0] == "url") {
|
||||
$ref='<a href="'.$coldata.'" target="_new">';
|
||||
$data=$coldata.'</a>';
|
||||
} elseif ($column[0] == "email") {
|
||||
if ($phpgw_info["user"]["apps"]["email"]) {
|
||||
$ref='<a href="'.$phpgw->link($phpgw_info["server"]["webserver_url"]
|
||||
. "/email/compose.php","to=" . urlencode($coldata)).'" target="_new">';
|
||||
} else {
|
||||
$ref='<a href="mailto:'.$coldata.'">';
|
||||
}
|
||||
$data=$coldata."</a>";
|
||||
} else { // But these do not
|
||||
$ref=""; $data=$coldata;
|
||||
}
|
||||
$data=$coldata."</a>";
|
||||
} else { // But these do not
|
||||
$ref=""; $data=$coldata;
|
||||
$columns_html .= "<td>" . $ref . $data . "</td>";
|
||||
}
|
||||
$columns_html .= "<td>" . $ref . $data . "</td>";
|
||||
}
|
||||
|
||||
/*
|
||||
if ($access == "private") {
|
||||
@ -87,34 +90,38 @@
|
||||
$access_link ="";
|
||||
}
|
||||
*/
|
||||
$columns_html .= '<tr><td colspan="4"> </td></tr>'
|
||||
. '<tr><td><b>' . lang("Record owner") . '</b></td><td>'
|
||||
. $phpgw->common->grab_owner_name($owner) . '</td><td><b>'
|
||||
. $access_link . '</b></td><td></table>';
|
||||
$columns_html .= '<tr><td colspan="4"> </td></tr>'
|
||||
. '<tr><td><b>' . lang("Record owner") . '</b></td><td>'
|
||||
. $phpgw->common->grab_owner_name($owner) . '</td><td><b>'
|
||||
. $access_link . '</b></td><td></table>';
|
||||
|
||||
$editlink = $phpgw->common->check_owner($owner,"edit.php",lang("edit"),"ab_id=" . $ab_id . "&start=".$start."&sort=".$sort."&order=".$order);
|
||||
$vcardlink = '<form action="'.$phpgw->link("vcardout.php","ab_id=$ab_id&order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
|
||||
$donelink = '<form action="'.$phpgw->link("index.php","order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
|
||||
|
||||
$t->set_var("access_link",$access_link);
|
||||
$t->set_var("ab_id",$ab_id);
|
||||
$t->set_var("sort",$sort);
|
||||
$t->set_var("order",$order);
|
||||
$t->set_var("filter",$filter);
|
||||
$t->set_var("start",$start);
|
||||
$t->set_var("view_header",$view_header);
|
||||
$t->set_var("cols",$columns_html);
|
||||
$t->set_var("lang_ok",lang("ok"));
|
||||
$t->set_var("lang_done",lang("done"));
|
||||
$t->set_var("lang_edit",lang("edit"));
|
||||
$t->set_var("lang_submit",lang("submit"));
|
||||
$t->set_var("lang_vcard",lang("vcard"));
|
||||
$t->set_var("done_link",$donelink);
|
||||
$t->set_var("edit_link",$editlink);
|
||||
$t->set_var("vcard_link",$vcardlink);
|
||||
|
||||
$editlink = $phpgw->common->check_owner($owner,"edit.php",lang("edit"),"ab_id=" . $ab_id . "&start=".$start."&sort=".$sort."&order=".$order);
|
||||
$vcardlink = '<form action="'.$phpgw->link("vcardout.php","ab_id=$ab_id&order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
|
||||
$donelink = '<form action="'.$phpgw->link("index.php","order=$order&start=$start&filter=$filter&query=$query&sort=$sort").'">';
|
||||
$t->parse("out","view");
|
||||
$t->pparse("out","view");
|
||||
|
||||
$t->set_var("access_link",$access_link);
|
||||
$t->set_var("ab_id",$ab_id);
|
||||
$t->set_var("sort",$sort);
|
||||
$t->set_var("order",$order);
|
||||
$t->set_var("filter",$filter);
|
||||
$t->set_var("start",$start);
|
||||
$t->set_var("view_header",$view_header);
|
||||
$t->set_var("cols",$columns_html);
|
||||
$t->set_var("lang_ok",lang("ok"));
|
||||
$t->set_var("lang_done",lang("done"));
|
||||
$t->set_var("lang_edit",lang("edit"));
|
||||
$t->set_var("lang_submit",lang("submit"));
|
||||
$t->set_var("lang_vcard",lang("vcard"));
|
||||
$t->set_var("done_link",$donelink);
|
||||
$t->set_var("edit_link",$editlink);
|
||||
$t->set_var("vcard_link",$vcardlink);
|
||||
|
||||
$t->parse("out","view");
|
||||
$t->pparse("out","view");
|
||||
|
||||
$phpgw->common->phpgw_footer();
|
||||
$phpgw->common->phpgw_footer();
|
||||
} else {
|
||||
$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
|
||||
$phpgw->common->phpgw_exit();
|
||||
}
|
||||
?>
|
||||
|
Loading…
Reference in New Issue
Block a user