extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-01-03 20:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add some acl checks into index, view, and edit

Browse Source
This commit is contained in:
Miles Lott 2001-02-12 13:57:59 +00:00
parent 16856ebc2b
commit d6274ffd3a
3 changed files with 197 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
addressbook/edit.php
View File

@ -20,7 +20,6 @@
$phpgw_info["flags"]["enable_addressbook_class"] = True;
include("../header.inc.php");
#$t = new Template($phpgw_info["server"]["app_tpl"]);
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
$t->set_file(array( "edit" => "edit.tpl"));
@ -32,6 +31,7 @@
$this = CreateObject("phpgwapi.contacts");
if (!$submit) {
// not checking acl here, only on submit - that ok?
// merge in extra fields
$extrafields = array(
"pager" => "pager",
@ -46,6 +46,9 @@
$fields = $this->read_single_entry($ab_id,$qfields);
form("","edit.php","Edit",$fields[0]);
} else {
//verify edit capabilities
$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
if ( ($rights & PHPGW_ACL_EDIT) || ($owner == $account_id) ) {
if ($url == "http://") {
$url = "";
}
@ -90,6 +93,10 @@
Header("Location: " . $phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start"));
$phpgw->common->phpgw_exit();
} else {
$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
$phpgw->common->phpgw_exit();
}
}
$t->set_var("ab_id",$ab_id);

6
addressbook/vcardout.php
View File

@ -34,6 +34,9 @@
$fields = $this->read_single_entry($ab_id,$this->stock_contact_fields);
$rights = $phpgw->acl->get_rights('u_'.$$fields[0]["owner"],$phpgw_info["flags"]["currentapp"]);
if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
$email = $fields[0]["d_email"];
$fullname = $fields[0]["fn"];
$prefix = $fields[0]["n_prefix"];
@ -121,6 +124,9 @@
printf("VERSION:2.1\r\n");
printf("END:VCARD\r\n");
} /* !nolname && !nofname */
} else { /* acl check failed */
Header("Location: " . $phpgw->link("vcardout.php","nofname=1&ab_id=$ab_id&start=$start&order=$order&filter=" . "$filter&query=$query&sort=$sort"));
}
if($nofname) {
echo "<BR><BR><CENTER>";

7
addressbook/view.php
View File

@ -53,6 +53,9 @@
$owner = $fields[0]["owner"];
$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
$view_header = "<p>&nbsp;<b>" . lang("Address book - view") . "</b><hr><p>";
$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';
@ -117,4 +120,8 @@
$t->pparse("out","view");
$phpgw->common->phpgw_footer();
} else {
$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
$phpgw->common->phpgw_exit();
}
?>