extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 14:41:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

- corrected lots of ACL problems with a new function

Browse Source 
bo->rb_check_prevs(PHPGW_ACL_xyz,$cal_id_or_event)
- edit is not longer forgetting the participant status
This commit is contained in:
Ralf Becker 2002-05-12 21:11:34 +00:00
parent ea34fb8cb1
commit d6bc8af79a
3 changed files with 102 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
infolog/calendar/inc/class.bocalendar.inc.php
View File

@ -383,9 +383,10 @@
function read_entry($id)
{
if($this->check_perms(PHPGW_ACL_READ))
if($this->rb_check_perms(PHPGW_ACL_READ,$id))
{
$event = $this->so->read_entry($id);
if(!isset($event['participants'][$this->owner]) && $this->user_is_a_member($event,$this->owner))
{
$this->so->add_attribute('participants','U',intval($this->owner));
@ -399,12 +400,12 @@
function delete_single($param)
{
if($this->check_perms(PHPGW_ACL_DELETE))
if($this->rb_check_perms(PHPGW_ACL_DELETE,intval($param['id'])))
{
$temp_event = $this->get_cached_event();
$event = $this->read_entry(intval($param['id']));
if($this->owner == $event['owner'])
{
//RB if($this->owner == $event['owner'])
//RB {
$exception_time = mktime($event['start']['hour'],$event['start']['min'],0,$param['month'],$param['day'],$param['year']) - $this->datetime->tz_offset;
$event['recur_exception'][] = intval($exception_time);
$this->so->cal->event = $event;
@ -419,7 +420,7 @@
else
{
$cd = 60;
}
//RB }
}
$this->so->cal->event = $temp_event;
unset($temp_event);
@ -428,25 +429,26 @@
function delete_entry($id)
{
if($this->check_perms(PHPGW_ACL_DELETE))
if($this->rb_check_perms(PHPGW_ACL_DELETE,$id))
{
$temp_event = $this->read_entry($id);
if($this->owner == $temp_event['owner'])
{
//RB if($this->owner == $temp_event['owner'])
//RB {
$this->so->delete_entry($id);
$cd = 16;
}
else
{
$cd = 60;
}
//RB }
}
return $cd;
}
function reinstate($params='')
{
if($this->check_perms(PHPGW_ACL_EDIT) && isset($params['cal_id']) && isset($params['reinstate_index']))
//RB if($this->check_perms(PHPGW_ACL_EDIT) && isset($params['cal_id']) && isset($params['reinstate_index']))
if($this->rb_check_perms(PHPGW_ACL_EDIT,$params['cal_id']) && isset($params['reinstate_index']))
{
$event = $this->so->read_entry($params['cal_id']);
@reset($params['reinstate_index']);
@ -511,7 +513,7 @@
function expunge()
{
if($this->check_perms(PHPGW_ACL_DELETE))
if($this->rb_check_perms(PHPGW_ACL_DELETE))
{
reset($this->so->cal->deleted_events);
for($i=0;$i<count($this->so->cal->deleted_events);$i++)
@ -573,7 +575,7 @@
}
else
{
if((!$l_cal['id'] && !$this->check_perms(PHPGW_ACL_ADD)) || ($l_cal['id'] && !$this->check_perms(PHPGW_ACL_EDIT)))
if((!$l_cal['id'] && !$this->rb_check_perms(PHPGW_ACL_ADD)) || ($l_cal['id'] && !$this->rb_check_perms(PHPGW_ACL_EDIT,$l_cal['id'])))
{
ExecMethod('calendar.uicalendar.index');
$GLOBALS['phpgw']->common->phpgw_exit();
@ -656,14 +658,18 @@
$part = Array();
for($i=0;$i<count($parts);$i++)
{
if (($accept_type = substr($parts[$i],-1,1)) == '0' || intval($accept_type) > 0)
{
$accept_type = 'U';
}
$acct_type = $GLOBALS['phpgw']->accounts->get_type(intval($parts[$i]));
if($acct_type == 'u')
{
$part[$parts[$i]] = 1;
$part[intval($parts[$i])] = $accept_type;
}
elseif($acct_type == 'g')
{
$part[$parts[$i]] = 1;
$part[intval($parts[$i])] = $accept_type;
$groups[] = $parts[$i];
/* This pulls ALL users of a group and makes them as participants to the event */
/* I would like to turn this back into a group thing. */
@ -676,7 +682,7 @@
}
while($member = each($members))
{
$part[$member[1]['account_id']] = 1;
$part[$member[1]['account_id']] = $accept_type;
}
}
}
@ -689,9 +695,9 @@
if($part)
{
@reset($part);
while(list($key,$value) = each($part))
while(list($key,$accept_type) = each($part))
{
$this->so->add_attribute('participants','U',intval($key));
$this->so->add_attribute('participants',$accept_type,intval($key));
}
}
@ -851,8 +857,38 @@
return mktime($time['hour'],$time['min'],$time['sec'],$time['month'],$time['mday'],$time['year']);
}
function rb_check_perms($needed,$event=0)
{
if (is_int($event) && $event == 0)
{
$owner = $this->owner;
}
else
{
if (!is_array($event))
{
$event = $this->so->read_entry((int) $event);
}
if (!is_array($event))
{
return False;
}
$owner = $event['owner'];
$privat = $event['public'] == False || $event['public'] == 0;
}
$user = $GLOBALS['phpgw_info']['user']['account_id'];
$grants = $this->grants[$owner];
$access = $user == $owner || $grants & $needed && (!$privat || $grants & PHPGW_ACL_PRIVAT);
//echo "<p>rb_check_perms for user $user and needed_acl $needed: event=$event[title]: owner=$owner, privat=$privat, grants=$grants ==> access=$access</p>\n";
return $access;
}
function can_user_edit($event)
{
return $this->rb_check_perms(PHPGW_ACL_EDIT,$event);
$can_edit = False;
if(($event['owner'] == $this->owner) && ($this->check_perms(PHPGW_ACL_EDIT) == True))
@ -1197,7 +1233,7 @@
return $status;
}
function is_private($event,$owner)
function is_private($event,$owner) //RB_NEED_WORK
{
if($owner == 0)
{

2
infolog/calendar/inc/class.socalendar_sql.inc.php
View File

@ -495,7 +495,7 @@ class socalendar_ extends socalendar__
@reset($event['participants']);
while (list($key,$value) = @each($event['participants']))
{
if(intval($key) == intval($this->user))
if(intval($key) == $event['owner']/*RB intval($this->user)*/)
{
$value = 'A';
}

80
infolog/calendar/inc/class.uicalendar.inc.php
View File

@ -627,7 +627,8 @@
$GLOBALS['phpgw']->common->phpgw_exit(True);
}
if(!$this->bo->check_perms(PHPGW_ACL_READ))
//RB if(!$this->bo->check_perms(PHPGW_ACL_READ))
if(!$this->bo->rb_check_perms(PHPGW_ACL_READ,$cal_id))
{
echo lang('You do not have permission to read this record!').'</center>'."\n";
$GLOBALS['phpgw']->common->phpgw_exit(True);
@ -677,9 +678,11 @@
)
);
if($this->bo->owner == $event['owner'] || $this->bo->member_of_group($this->bo->owner))
{
if ($this->bo->check_perms(PHPGW_ACL_EDIT,$event['owner']))
//RB: this is handled by the acl
//RB if($this->bo->owner == $event['owner'] || $this->bo->member_of_group($this->bo->owner))
//RB {
//RB if ($this->bo->rb_check_perms(PHPGW_ACL_EDIT,$event['owner']))
if ($this->bo->rb_check_perms(PHPGW_ACL_EDIT,$event))
{
if($event['recur_type'] != MCAL_RECUR_NONE)
{
@ -724,7 +727,8 @@
echo $p->fp('out','form_button');
}
if ($this->bo->check_perms(PHPGW_ACL_DELETE,$event['owner']))
//RB if ($this->bo->check_perms(PHPGW_ACL_DELETE,$event['owner']))
if ($this->bo->rb_check_perms(PHPGW_ACL_DELETE,$event))
{
if($event['recur_type'] != MCAL_RECUR_NONE)
{
@ -770,7 +774,7 @@
echo $p->fp('out','form_button');
}
}
}
//RB}
$var = Array(
'action_url_button' => $this->page('export'),
@ -786,7 +790,7 @@
function edit($params='')
{
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))//RB_NEED_WORK
{
$this->no_edit();
}
@ -912,11 +916,11 @@
function reinstate_list($params='')
{
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))//RB_NEED_WORK
{
$this->no_edit();
}
elseif(!$this->bo->check_perms(PHPGW_ACL_ADD))
elseif(!$this->bo->check_perms(PHPGW_ACL_ADD))//RB_NEED_WORK
{
$this->index();
}
@ -936,7 +940,7 @@
$GLOBALS['phpgw']->common->phpgw_exit(True);
}
if(!$this->bo->check_perms(PHPGW_ACL_READ))
if(!$this->bo->check_perms(PHPGW_ACL_READ))//RB_NEED_WORK
{
echo lang('You do not have permission to read this record!').'</center>'."\n";
$GLOBALS['phpgw']->common->phpgw_exit(True);
@ -999,11 +1003,11 @@
function reinstate($params='')
{
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))//RB_NEED_WORK
{
$this->no_edit();
}
elseif(!$this->bo->check_perms(PHPGW_ACL_ADD))
elseif(!$this->bo->check_perms(PHPGW_ACL_ADD))//RB_NEED_WORK
{
$this->index();
}
@ -1032,7 +1036,7 @@
function add($cd=0,$readsess=0)
{
if(!$this->bo->check_perms(PHPGW_ACL_ADD))
if(!$this->bo->rb_check_perms(PHPGW_ACL_ADD))
{
$this->index();
}
@ -1092,7 +1096,8 @@
$date = sprintf("%04d%02d%02d",$this->bo->year,$this->bo->month,$this->bo->day);
$event = $this->bo->read_entry(intval($GLOBALS['HTTP_GET_VARS']['cal_id']));
if(($GLOBALS['HTTP_GET_VARS']['cal_id'] > 0) && ($event['owner'] == $this->bo->owner) && $this->bo->check_perms(PHPGW_ACL_DELETE))
//if(($GLOBALS['HTTP_GET_VARS']['cal_id'] > 0) && ($event['owner'] == $this->bo->owner) && $this->bo->check_perms(PHPGW_ACL_DELETE))
if ($this->bo->rb_check_perms(PHPGW_ACL_DELETE,$event))
{
if(isset($GLOBALS['HTTP_POST_VARS']['delete_type']) && $GLOBALS['HTTP_POST_VARS']['delete_type'] == 'single')
@ -1205,7 +1210,7 @@
return;
}
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))
if(!$this->bo->rb_check_perms(PHPGW_ACL_EDIT))
{
$this->no_edit();
return;
@ -1229,7 +1234,7 @@
function set_action()
{
if(!$this->bo->check_perms(PHPGW_ACL_EDIT))
if(!$this->bo->rb_check_perms(PHPGW_ACL_EDIT))
{
$this->no_edit();
return;
@ -1539,7 +1544,7 @@
@reset($users);
while ($user = each($users))
{
if(($GLOBALS['phpgw']->accounts->exists($user[0]) && $this->bo->check_perms(PHPGW_ACL_READ,$user[0])) || $GLOBALS['phpgw']->accounts->get_type($user[0]) == 'g')
if(($GLOBALS['phpgw']->accounts->exists($user[0]) && $this->bo->check_perms(PHPGW_ACL_READ,$user[0])) || $GLOBALS['phpgw']->accounts->get_type($user[0]) == 'g')//RB_NEED_WORK
{
$str .= ' <option value="'.$user[0].'">('.$GLOBALS['phpgw']->accounts->get_type($user[0]).') '.$user[1].'</option>'."\n";
}
@ -1581,14 +1586,14 @@
$members = $acct->member(intval($participants[$i]));
while($members != False && list($index,$member) = each($members))
{
if($this->bo->check_perms(PHPGW_ACL_READ,$member['account_id']) && !isset($parts[$member['account_id']]))
if($this->bo->check_perms(PHPGW_ACL_READ,$member['account_id']) && !isset($parts[$member['account_id']]))//RB_NEED_WORK
{
$parts[$member['account_id']] = 1;
}
}
break;
case 'u':
if($this->bo->check_perms(PHPGW_ACL_READ,$participants[$i]) && !isset($parts[$participants[$i]]))
if($this->bo->check_perms(PHPGW_ACL_READ,$participants[$i]) && !isset($parts[$participants[$i]]))//RB_NEED_WORK
{
$parts[$participants[$i]] = 1;
}
@ -1813,7 +1818,7 @@
function header()
{
$cols = 8;
if($this->bo->check_perms(PHPGW_ACL_PRIVATE) == True)
if($this->bo->check_perms(PHPGW_ACL_PRIVATE) == True)//RB_NEED_WORK
{
$cols++;
}
@ -1967,7 +1972,7 @@
function no_edit()
{
if(!$isset($GLOBALS['phpgw_info']['flags']['noheader']))
if(isset($GLOBALS['phpgw_info']['flags']['noheader']))
{
unset($GLOBALS['phpgw_info']['flags']['noheader']);
unset($GLOBALS['phpgw_info']['flags']['nonavbar']);
@ -1982,8 +1987,11 @@
function link_to_entry($event,$month,$day,$year)
{
$str = '';
$is_private = $this->bo->is_private($event,$event['owner']);
$editable = ((!$this->bo->printer_friendly) && (($is_private && $this->bo->check_perms(PHPGW_ACL_PRIVATE)) || !$is_private));
//RB $is_private = $this->bo->is_private($event,$event['owner']);
//RB $editable = ((!$this->bo->printer_friendly) && (($is_private && $this->bo->check_perms(PHPGW_ACL_PRIVATE)) || !$is_private));
//RB editable means here, ok to set a link to view
$editable = !$this->bo->printer_friendly && $this->bo->rb_check_perms(PHPGW_ACL_READ,$event);
$is_private = !$event['public'] && !$this->bo->rb_check_perms(PHPGW_ACL_READ,$event);
$p = CreateObject('phpgwapi.Template',$this->template_dir);
$p->set_unknowns('remove');
$p->set_file(
@ -2581,7 +2589,8 @@
function view_event($event,$alarms=False)
{
if((!$event['participants'][$this->bo->owner] && !$this->bo->member_of_group()) || (!$event['public'] && !$this->bo->check_perms(PHPGW_ACL_PRIVATE)))
//RB if((!$event['participants'][$this->bo->owner] && !$this->bo->member_of_group()) || (!$event['public'] && !$this->bo->check_perms(PHPGW_ACL_PRIVATE)))
if((!$event['participants'][$this->bo->owner] && !$this->bo->rb_check_perms(PHPGW_ACL_READ,$event)))
{
return '<center>'.lang('You do not have permission to read this record!').'</center>';
}
@ -2706,7 +2715,7 @@
{
if($GLOBALS['phpgw']->accounts->exists($user))
{
$str .= ($str?'<br>':'').$GLOBALS['phpgw']->common->grab_owner_name($user).' ('.($this->bo->check_perms(PHPGW_ACL_EDIT,$user)?'<a href="'.$this->page('edit_status','&cal_id='.$event['id'].'&owner='.$user).'">'.$this->bo->get_long_status($short_status).'</a>':$this->bo->get_long_status($short_status)).')'."\n";
$str .= ($str?'<br>':'').$GLOBALS['phpgw']->common->grab_owner_name($user).' ('.($this->bo->check_perms(PHPGW_ACL_EDIT,$user)?'<a href="'.$this->page('edit_status','&cal_id='.$event['id'].'&owner='.$user).'">'.$this->bo->get_long_status($short_status).'</a>':$this->bo->get_long_status($short_status)).')'."\n";//RB_NEED_WORK
}
}
$var[] = Array(
@ -3125,7 +3134,7 @@
$open_link = ' - ';
$close_link = '';
if(!$this->bo->printer_friendly && $this->bo->check_perms(PHPGW_ACL_ADD))
if(!$this->bo->printer_friendly && $this->bo->rb_check_perms(PHPGW_ACL_ADD))
{
$new_hour = intval(substr($dtime,0,strpos($dtime,':')));
if ($this->bo->prefs['common']['timeformat'] == '12' && $i > 12)
@ -3357,7 +3366,7 @@
'calendar_action' => ($event['id']?lang('Calendar - Edit'):lang('Calendar - Add')),
'action_url' => $GLOBALS['phpgw']->link('/index.php',Array('menuaction'=>'calendar.bocalendar.update')),
'common_hidden' => '<input type="hidden" name="cal[id]" value="'.$event['id'].'">'."\n"
. '<input type="hidden" name="cal[owner]" value="'.$this->bo->owner.'">'."\n"
. '<input type="hidden" name="cal[owner]" value="'.$event['owner']/*RB else owner changes if someone with edit-acl edits entry $this->bo->owner*/.'">'."\n"
. '<input type="hidden" name="cal[uid]" value="'.$event['uid'].'">'."\n"
. ($GLOBALS['HTTP_GET_VARS']['cal_id'] && $event['id'] == 0?'<input type="hidden" name="cal[reference]" value="'.$GLOBALS['HTTP_GET_VARS']['cal_id'].'">'."\n":
(@isset($event['reference'])?'<input type="hidden" name="cal[reference]" value="'.$event['reference'].'">'."\n":''))
@ -3468,17 +3477,18 @@
if(!isset($GLOBALS['phpgw_info']['server']['deny_user_grants_access']) || !$GLOBALS['phpgw_info']['server']['deny_user_grants_access'])
{
$accounts = $GLOBALS['phpgw']->acl->get_ids_for_location('run',1,'calendar');
$users = Array();
$this->build_part_list($users,$accounts,$this->bo->owner);
$users = Array();
$this->build_part_list($users,$accounts,$event['owner']); //RB was $this->bo->owner);
// if the calendar of a group was selected all participants of this group got removed from the participants list
$str = '';
@asort($users);
@reset($users);
while (list($id,$user_array) = each($users))
{
if($id != intval($this->bo->owner))
if($id != intval($event['owner']/*RB$this->bo->owner*/))
{
$str .= ' <option value="' . $id . '"'.($event['participants'][$id]?' selected':'').'>('.$user_array['type'].') '.$user_array['name'].'</option>'."\n";
$str .= ' <option value="' . $id . $event['participants'][$id] . '"'.($event['participants'][$id]?' selected':'').'>('.$user_array['type'].') '.$user_array['name'].'</option>'."\n";
}
}
$var[] = Array(
@ -3487,7 +3497,7 @@
);
// I Participate
if((($event['id'] > 0) && isset($event['participants'][$this->bo->owner])) || !$event['id'])
if((($event['id'] > 0) && isset($event['participants'][$event['owner']/*RB$this->bo->owner*/])) || !$event['id'])
{
$checked = ' checked';
}
@ -3496,8 +3506,8 @@
$checked = '';
}
$var[] = Array(
'field' => $GLOBALS['phpgw']->common->grab_owner_name($this->bo->owner).' '.lang('Participates'),
'data' => '<input type="checkbox" name="participants[]" value="'.$this->bo->owner.'"'.$checked.'>'
'field' => $GLOBALS['phpgw']->common->grab_owner_name($event['owner']/*RB$this->bo->owner*/).' '.lang('Participates'),
'data' => '<input type="checkbox" name="participants[]" value="'.$event['owner'].$event['participants'][$event['owner']]/*RB$this->bo->owner*/.'"'.$checked.'>'
);
}
@ -3689,7 +3699,7 @@
$extra = '';
}
if(!$this->bo->printer_friendly && $this->bo->check_perms(PHPGW_ACL_ADD))
if(!$this->bo->printer_friendly && $this->bo->rb_check_perms(PHPGW_ACL_ADD))
{
$new_event = True;
}