Hopefully a fix for acl issues, and the strip_html loop

This commit is contained in:
Miles Lott 2001-08-04 14:12:32 +00:00
parent bd30af4d61
commit de68820130
4 changed files with 112 additions and 74 deletions

View File

@ -23,6 +23,51 @@
'add_email' => True,
'update_entry' => True
);
var $soap_functions = array(
'read_entries' => array(
'in' => array(
'int',
'int',
'struct',
'string',
'int'
),
'out' => array(
'array'
)
),
'read_entry' => array(
'in' => array(
'int',
'struct'
),
'out' => array(
'array'
)
),
'read_last_entry' => array(
'in' => array(
'struct'
),
'out' => array(
'array'
)
),
'add_entry' => array(
'in' => array(
'int',
'struct'
),
'out' => array()
),
'update_entry' => array(
'in' => array(
'int',
'struct'
),
'out' => array()
)
);
var $debug = False;
@ -43,6 +88,8 @@
global $phpgw;
$this->so = CreateObject('addressbook.soaddressbook');
$this->rights = $this->so->rights;
$this->grants = $this->so->grants;
if($session)
{
@ -94,28 +141,38 @@
{
global $phpgw;
if ($dirty == ''){$dirty = array();}
if ($dirty == '')
{
$dirty = array();
}
for($i=0;$i<count($dirty);$i++)
{
while (list($name,$value) = each($dirty[$i]))
if(gettype($dirty[$i]) == 'array')
{
$cleaned[$i][$name] = $phpgw->strip_html($dirty[$i][$name]);
while (list($name,$value) = @each($dirty[$i]))
{
$cleaned[$i][$name] = $phpgw->strip_html($dirty[$i][$name]);
}
}
else
{
$cleaned[$i] == $phpgw->strip_html($dirty[$i]);
}
}
return $cleaned;
}
function read_entries($start,$limit,$qcols,$qfilter,$userid='')
function read_entries($start,$limit,$qcols,$qfilter)
{
$entries = $this->so->read_entries($start,$limit,$qcols,$this->query,$qfilter,$this->sort,$this->order,$userid);
$entries = $this->so->read_entries($start,$limit,$qcols,$this->query,$qfilter,$this->sort,$this->order);
$this->total = $this->so->contacts->total_records;
if($this->debug) { echo '<br>Total records="' . $this->total . '"'; }
return $this->strip_html($entries);
}
function read_entry($id,$fields,$userid='')
function read_entry($id,$fields)
{
$entry = $this->so->read_entry($id,$fields,$userid);
$entry = $this->so->read_entry($id,$fields);
return $this->strip_html($entry);
}
@ -152,7 +209,11 @@
$vcard = CreateObject('phpgwapi.vcard');
$entry = $vcard->in_file($filename);
/* _debug_array($entry);exit; */
$this->so->add_entry($phpgw_info['user']['account_id'],$entry,'private','','n');
$entry['owner'] = $phpgw_info['user']['account_id'];
$entry['access'] = 'private';
$entry['tid'] = 'n';
/* _debug_array($entry);exit; */
$this->so->add_entry($entry);
$ab_id = $this->get_lastid();
/* Delete the temp file. */
@ -189,33 +250,9 @@
. $phpgw->link('/index.php',"menuaction=addressbook.uiaddressbook.view&ab_id=$ab_id&referer=$referer"));
}
function OLDcopy_entry($ab_id)
function add_entry($fields)
{
global $phpgw,$phpgw_info;
$addnew = $this->read_entry($ab_id,$this->so->contacts->stock_contact_fields,$phpgw_info['user']['account_id']);
$addnew[0]['note'] .= "\nCopied from ".$phpgw->accounts->id2name($addnew[0]['owner']).", record #".$addnew[0]['id'].".";
$addnew[0]['owner'] = $phpgw_info['user']['account_id'];
$addnew[0]['id'] = '';
$fields = $addnew[0];
if ($addnew['tid'])
{
$this->so->add_entry($fields['owner'],$fields,$fields['access'],$fields['cat_id'],$fields['tid']);
}
else
{
$this->so->add_entry($fields['owner'],$fields,$fields['access'],$fields['cat_id']);
}
$ab_id = $this->get_lastid();
Header("Location: " . $phpgw->link('/index.php',"menuaction=addressbook.uiaddressbook.edit&ab_id=$ab_id"));
}
function add_entry($userid,$fields)
{
return $this->so->add_entry($userid,$fields);
return $this->so->add_entry($fields);
}
function get_lastid()
@ -223,9 +260,9 @@
return $this->so->get_lastid();
}
function update_entry($userid,$fields)
function update_entry($fields)
{
return $this->so->update_entry($userid,$fields);
return $this->so->update_entry($fields);
}
function delete_entry($ab_id)
@ -239,7 +276,7 @@
$phpgw->preferences->read_repository();
if (is_array($prefs))
{
/* _debug_array($prefs);exit; */
/* _debug_array($prefs);exit; */
while (list($pref,$x) = each($qfields))
{
/* echo '<br>checking: ' . $pref . '=' . $prefs[$pref]; */

View File

@ -16,12 +16,36 @@
{
var $contacts;
var $rights;
var $grants;
var $owner;
function soaddressbook()
{
global $rights;
global $phpgw,$phpgw_info,$owner;
if(!isset($owner)) { $owner = 0; }
$grants = $phpgw->acl->get_grants('addressbook');
if(!isset($owner) || !$owner)
{
$owner = $phpgw_info['user']['account_id'];
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
}
else
{
if($grants[$owner])
{
$rights = $grants[$owner];
if (!($rights & PHPGW_ACL_READ))
{
$owner = $phpgw_info['user']['account_id'];
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
}
}
}
$this->rights = $rights;
$this->grants = $grants;
$this->owner = $owner;
}
function makeobj()
@ -49,7 +73,7 @@
}
else
{
$rtrn = array('No access' => 'No access');
$rtrn = array(0 => array('No access' => 'No access'));
return $rtrn;
}
}

View File

@ -73,7 +73,7 @@
$this->filter = $this->bo->filter;
$this->cat_id = $this->bo->cat_id;
if($this->debug) { $this->_debug_sqsof(); }
/* _debug_array($this); */
/* _debug_array($this); */
}
function _debug_sqsof()
@ -416,7 +416,7 @@
else
{
/* read the entry list */
$entries = $this->bo->read_entries($this->start,$this->limit,$columns_to_display,$qfilter,$userid);
$entries = $this->bo->read_entries($this->start,$this->limit,$columns_to_display,$qfilter);
$total_records = $this->bo->total;
}
@ -609,7 +609,7 @@
$referer = urlencode($fields['referer']);
unset($fields['referer']);
$this->bo->add_entry($phpgw_info['user']['account_id'],$fields);
$this->bo->add_entry($fields);
$ab_id = $this->bo->get_lastid();
@ -656,7 +656,7 @@
$referer = urlencode($fields['referer']);
unset($fields['referer']);
$this->bo->update_entry($userid,$fields);
$this->bo->update_entry($fields);
Header("Location: "
. $phpgw->link('/index.php',"menuaction=addressbook.uiaddressbook.view&ab_id=" . $fields['ab_id'] . "&referer=$referer"));
@ -755,8 +755,9 @@
{
global $phpgw,$phpgw_info,$ab_id,$submit,$referer;
// First, make sure they have permission to this entry
/* First, make sure they have permission to this entry */
$check = $this->bo->read_entry($ab_id,array('owner' => 'owner'));
$perms = $this->contacts->check_perms($this->contacts->grants[$check[0]['owner']],PHPGW_ACL_READ);
if ( (!$perms) && ($check[0]['owner'] != $phpgw_info['user']['account_id']) )
@ -793,7 +794,7 @@
}
}
// No prefs?
/* No prefs? */
if (!$columns_to_display )
{
$columns_to_display = array(
@ -949,7 +950,7 @@
if (!$catname) { $catname = lang('none'); }
// These are in the footer
/* These are in the footer */
$this->template->set_var('lang_owner',lang('Record owner'));
$this->template->set_var('owner',$phpgw->common->grab_owner_name($record_owner));
$this->template->set_var('lang_access',lang('Record access'));
@ -1040,11 +1041,11 @@
while (list($col, $descr) = each($qfields))
{
// echo "<br>test: $col - $i $j - " . count($abc);
/* echo "<br>test: $col - $i $j - " . count($abc); */
$i++; $j++;
$showcol = $this->display_name($col);
if (!$showcol) { $showcol = $col; }
// yank the *'s prior to testing for a valid column description
/* yank the *'s prior to testing for a valid column description */
$coltest = ereg_replace("\*","",$showcol);
if ($coltest)
{
@ -1384,7 +1385,7 @@
if ($format != "view")
{
// Preferred phone number radio buttons
/* Preferred phone number radio buttons */
$pref[0] = '<font size="-2">';
$pref[1] = '(' . lang('pref') . ')</font>';
while (list($name,$val) = each($this->contacts->tel_types))
@ -1674,6 +1675,6 @@
$this->template->set_var('row_text',$phpgw_info['theme']['row_text']);
$this->template->pfp('out','form');
} //end form function
} /* end form function */
}
?>

View File

@ -12,30 +12,6 @@
/* $Id$ */
/* I don't think this is needed anymore */
/* Perform acl check, set $rights */
if(!isset($owner)) { $owner = 0; }
$grants = $phpgw->acl->get_grants('addressbook');
if(!isset($owner) || !$owner)
{
$owner = $phpgw_info['user']['account_id'];
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
}
else
{
if($grants[$owner])
{
$rights = $grants[$owner];
if (!($rights & PHPGW_ACL_READ))
{
$owner = $phpgw_info['user']['account_id'];
$rights = PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE + 16;
}
}
}
function formatted_list($name,$list,$id='',$default=False,$java=False)
{
if ($java)