mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-05 17:42:18 +02:00
using Acl::(ADD|READ|EDIT|DELETE|PRIVAT) constants instead old EGW_ACL_* defines and fix some namespace errors found by doc/check_namespace.php
This commit is contained in:
Ralf Becker
parent
e87cbc4832
commit
e34fe9a4e7
@ -865,7 +865,7 @@ class Ads
|
||||
}
|
||||
else // we need to run the unlimited query
|
||||
{
|
||||
$query = ldap::quote(strtolower($param['query']));
|
||||
$query = Api\Ldap::quote(strtolower($param['query']));
|
||||
|
||||
$accounts = array();
|
||||
if($param['type'] !== 'groups')
|
||||
@ -916,7 +916,7 @@ class Ads
|
||||
}
|
||||
if ($param['type'] === 'groups' || $param['type'] === 'both')
|
||||
{
|
||||
$query = ldap::quote(strtolower($param['query']));
|
||||
$query = Api\Ldap::quote(strtolower($param['query']));
|
||||
|
||||
$filter = null;
|
||||
if(!empty($query) && $query != '*')
|
||||
|
||||
@ -201,7 +201,7 @@ class Sql
|
||||
if (!preg_match('/^\\{[a-z5]{3,5}\\}.+/i',$data['account_passwd']) &&
|
||||
!preg_match('/^[0-9a-f]{32}$/',$data['account_passwd'])) // md5 hash
|
||||
{
|
||||
$data['account_passwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']);
|
||||
$data['account_passwd'] = Api\Auth::encrypt_sql($data['account_passwd']);
|
||||
}
|
||||
$to_write['account_pwd'] = $data['account_passwd'];
|
||||
$to_write['account_lastpwd_change'] = time();
|
||||
|
||||
@ -683,7 +683,7 @@ class Acl
|
||||
if (!$grantor) continue; // can happen if group has no members
|
||||
|
||||
// Don't allow to override private with group ACL's!
|
||||
$rights &= ~EGW_ACL_PRIVATE;
|
||||
$rights &= ~self::PRIVAT;
|
||||
|
||||
if(!isset($grants[$grantor]))
|
||||
{
|
||||
|
||||
@ -231,7 +231,7 @@ class Auth
|
||||
* @param string $old_passwd must be cleartext
|
||||
* @param string $new_passwd must be cleartext
|
||||
* @param int $account_id account id of user whose passwd should be changed
|
||||
* @throws Exception\WrongUserinput if configured password strength is not meat
|
||||
* @throws Exception\WrongUserInput if configured password strength is not meat
|
||||
* @throws Exception from backends having extra requirements
|
||||
* @return boolean true if password successful changed, false otherwise
|
||||
*/
|
||||
@ -239,7 +239,7 @@ class Auth
|
||||
{
|
||||
if (($err = self::crackcheck($new_passwd,null,null,null,$account_id)))
|
||||
{
|
||||
throw new Exception\WrongUserinput($err);
|
||||
throw new Exception\WrongUserInput($err);
|
||||
}
|
||||
if (($ret = $this->backend->change_password($old_passwd, $new_passwd, $account_id)))
|
||||
{
|
||||
@ -256,7 +256,7 @@ class Auth
|
||||
// run changepwasswd hook
|
||||
$GLOBALS['hook_values'] = array(
|
||||
'account_id' => $account_id,
|
||||
'account_lid' => accounts::id2name($account_id),
|
||||
'account_lid' => Accounts::id2name($account_id),
|
||||
'old_passwd' => $old_passwd,
|
||||
'new_passwd' => $new_passwd,
|
||||
);
|
||||
|
||||
@ -1278,7 +1278,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
return $entry ? $entry : "404 Not found";
|
||||
}
|
||||
|
||||
if (!Link::file_access($handler->app, $entry['id'], EGW_ACL_EDIT))
|
||||
if (!Link::file_access($handler->app, $entry['id'], Acl::EDIT))
|
||||
{
|
||||
return '403 Forbidden';
|
||||
}
|
||||
@ -1386,7 +1386,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
{
|
||||
error_log(__METHOD__."('$app', $id, attach=".array2string($attach).", delete_via_put=".array2string($delete_via_put).')');
|
||||
|
||||
if (!Link::file_access($app, $id, EGW_ACL_EDIT))
|
||||
if (!Link::file_access($app, $id, Acl::EDIT))
|
||||
{
|
||||
error_log(__METHOD__."('$app', $id, ...) no rights to update attachments");
|
||||
return; // no rights --> nothing to do
|
||||
@ -1836,7 +1836,7 @@ class CalDAV extends HTTP_WebDAV_Server
|
||||
$handler = self::app_handler($app);
|
||||
|
||||
// TODO recursive locks on directories not supported yet
|
||||
if (!$id || !empty($options['depth']) || !$handler->check_access(EGW_ACL_EDIT,$id))
|
||||
if (!$id || !empty($options['depth']) || !$handler->check_access(Acl::EDIT,$id))
|
||||
{
|
||||
return '409 Conflict';
|
||||
}
|
||||
|
||||
@ -58,9 +58,9 @@ abstract class Handler
|
||||
* @var array
|
||||
*/
|
||||
var $method2acl = array(
|
||||
'GET' => EGW_ACL_READ,
|
||||
'PUT' => EGW_ACL_EDIT,
|
||||
'DELETE' => EGW_ACL_DELETE,
|
||||
'GET' => Api\Acl::READ,
|
||||
'PUT' => Api\Acl::EDIT,
|
||||
'DELETE' => Api\Acl::DELETE,
|
||||
);
|
||||
/**
|
||||
* eGW application responsible for the handler
|
||||
@ -212,7 +212,7 @@ abstract class Handler
|
||||
/**
|
||||
* Check if user has the neccessary rights on an entry
|
||||
*
|
||||
* @param int $acl EGW_ACL_READ, EGW_ACL_EDIT or EGW_ACL_DELETE
|
||||
* @param int $acl Api\Acl::READ, Api\Acl::EDIT or Api\Acl::DELETE
|
||||
* @param array|int $entry entry-array or id
|
||||
* @return boolean null if entry does not exist, false if no access, true if access permitted
|
||||
*/
|
||||
@ -291,7 +291,7 @@ abstract class Handler
|
||||
}
|
||||
$extra_acl = $this->method2acl[$method];
|
||||
if ($id && !($entry = $this->read($id, $options['path'])) && ($method != 'PUT' || $entry === false) ||
|
||||
($extra_acl != EGW_ACL_READ && $this->check_access($extra_acl,$entry) === false))
|
||||
($extra_acl != Api\Acl::READ && $this->check_access($extra_acl,$entry) === false))
|
||||
{
|
||||
if ($return_no_access && !is_null($entry))
|
||||
{
|
||||
@ -496,7 +496,7 @@ abstract class Handler
|
||||
/**
|
||||
* Get grants of current user and app
|
||||
*
|
||||
* @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs
|
||||
* @return array user-id => Api\Acl::ADD|Api\Acl::READ|Api\Acl::EDIT|Api\Acl::DELETE pairs
|
||||
*/
|
||||
public function get_grants()
|
||||
{
|
||||
@ -523,22 +523,22 @@ abstract class Handler
|
||||
}
|
||||
$priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set');
|
||||
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_READ)
|
||||
if (is_null($user) || $grants[$user] & Api\Acl::READ)
|
||||
{
|
||||
$priviledes['read'] = 'read';
|
||||
// allows on all calendars/addressbooks to write properties, as we store them on a per-user basis
|
||||
// and only allow to modify explicit named properties in CalDAV, CardDAV or Calendarserver name-space
|
||||
$priviledes['write-properties'] = 'write-properties';
|
||||
}
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_ADD)
|
||||
if (is_null($user) || $grants[$user] & Api\Acl::ADD)
|
||||
{
|
||||
$priviledes['bind'] = 'bind'; // PUT for new resources
|
||||
}
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_EDIT)
|
||||
if (is_null($user) || $grants[$user] & Api\Acl::EDIT)
|
||||
{
|
||||
$priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events
|
||||
}
|
||||
if (is_null($user) || $grants[$user] & EGW_ACL_DELETE)
|
||||
if (is_null($user) || $grants[$user] & Api\Acl::DELETE)
|
||||
{
|
||||
$priviledes['unbind'] = 'unbind'; // DELETE
|
||||
}
|
||||
@ -645,7 +645,7 @@ abstract class Handler
|
||||
$privileges = array('read', 'read-current-user-privilege-set');
|
||||
if ($this->caldav->prop_requested('current-user-privilege-set') === true && !isset($props['current-user-privilege-set']))
|
||||
{
|
||||
if ($this->check_access(EGW_ACL_EDIT, $entry))
|
||||
if ($this->check_access(Api\Acl::EDIT, $entry))
|
||||
{
|
||||
$privileges[] = 'write-content';
|
||||
}
|
||||
|
||||
@ -921,7 +921,7 @@ class Principals extends Handler
|
||||
{
|
||||
$addressbooks[] = '/';
|
||||
}
|
||||
foreach(array_keys($GLOBALS['egw']->contacts->get_addressbooks(EGW_ACL_READ)) as $id)
|
||||
foreach(array_keys($GLOBALS['egw']->contacts->get_addressbooks(Api\Acl::READ)) as $id)
|
||||
{
|
||||
if ((in_array('A',$addressbook_home_set) || in_array((string)$id,$addressbook_home_set)) &&
|
||||
is_numeric($id) && ($owner = $this->accounts->id2name($id)))
|
||||
@ -1366,8 +1366,8 @@ class Principals extends Handler
|
||||
case 'users':
|
||||
case 'groups':
|
||||
$account = $location = $this->accounts->name2id($account, 'account_lid', $account_type[0]);
|
||||
$right = $what == 'write' ? EGW_ACL_EDIT : EGW_ACL_READ;
|
||||
$mask = $what == 'write' ? EGW_ACL_EDIT : EGW_ACL_EDIT|EGW_ACL_READ; // do NOT report write+read in read
|
||||
$right = $what == 'write' ? Api\Acl::EDIT : Api\Acl::READ;
|
||||
$mask = $what == 'write' ? Api\Acl::EDIT : Api\Acl::EDIT|Api\Acl::READ; // do NOT report write+read in read
|
||||
break;
|
||||
|
||||
case 'locations':
|
||||
@ -1522,13 +1522,13 @@ class Principals extends Handler
|
||||
$set = array();
|
||||
foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
|
||||
{
|
||||
if ($account_id != $account && ($rights & EGW_ACL_READ) &&
|
||||
if ($account_id != $account && ($rights & Api\Acl::READ) &&
|
||||
($account_lid = $this->accounts->id2name($account_id)) &&
|
||||
$this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
|
||||
{
|
||||
$set[] = Api\CalDAV::mkprop('href', $this->base_uri.'/principals/'.
|
||||
($account_id < 0 ? 'groups/' : 'users/').
|
||||
$account_lid.'/'.$app.'-proxy-'.($rights & EGW_ACL_EDIT ? 'write' : 'read').'/');
|
||||
$account_lid.'/'.$app.'-proxy-'.($rights & Api\Acl::EDIT ? 'write' : 'read').'/');
|
||||
}
|
||||
}
|
||||
return $set;
|
||||
@ -1694,13 +1694,13 @@ class Principals extends Handler
|
||||
/**
|
||||
* Check if user has the neccessary rights on an entry
|
||||
*
|
||||
* @param int $acl EGW_ACL_READ, EGW_ACL_EDIT or EGW_ACL_DELETE
|
||||
* @param int $acl Api\Acl::READ, Api\Acl::EDIT or Api\Acl::DELETE
|
||||
* @param array|int $entry entry-array or id
|
||||
* @return boolean null if entry does not exist, false if no access, true if access permitted
|
||||
*/
|
||||
function check_access($acl,$entry)
|
||||
{
|
||||
if ($acl != EGW_ACL_READ)
|
||||
if ($acl != Api\Acl::READ)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -238,7 +238,7 @@ class Categories
|
||||
}
|
||||
|
||||
// check for read permission
|
||||
if(!$this->check_perms(EGW_ACL_READ, $cat, $globals === 'all_no_acl'))
|
||||
if(!$this->check_perms(Acl::READ, $cat, $globals === 'all_no_acl'))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
@ -470,7 +470,7 @@ class Categories
|
||||
* Checks category permissions for a given list of commaseparated category ids
|
||||
* and truncates it by the ones the user does not have the requested permission on
|
||||
*
|
||||
* @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
|
||||
* @param int $needed necessary ACL right: Acl::{READ|EDIT|DELETE}
|
||||
* @param string $cat_list commaseparated list of category ids
|
||||
* @return string truncated commaseparated list of category ids
|
||||
*/
|
||||
@ -487,7 +487,7 @@ class Categories
|
||||
{
|
||||
foreach($cat_arr as $id=>$cat_id)
|
||||
{
|
||||
if (!$this->check_perms($needed, $cat_id, false, $needed == EGW_ACL_READ)) // allow reading all global cats
|
||||
if (!$this->check_perms($needed, $cat_id, false, $needed == Acl::READ)) // allow reading all global cats
|
||||
{
|
||||
unset($cat_arr[$id]);
|
||||
}
|
||||
@ -503,7 +503,7 @@ class Categories
|
||||
*
|
||||
* If the access of a category is set to private, one needs a private grant for the application
|
||||
*
|
||||
* @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
|
||||
* @param int $needed necessary ACL right: Acl::{READ|EDIT|DELETE}
|
||||
* @param mixed $category category as array or the category_id
|
||||
* @param boolean $no_acl_check =false if true, grants are NOT checked, gives access to all non-private categories of all users
|
||||
* @param boolean $allow_global_read if true, global cats are allowed (independent of app) for reading
|
||||
@ -525,7 +525,7 @@ class Categories
|
||||
}
|
||||
|
||||
// Read access to global categories
|
||||
if ($needed == EGW_ACL_READ && (($is_global=array_intersect(explode(',',$category['owner']),$this->global_owners)) ||
|
||||
if ($needed == Acl::READ && (($is_global=array_intersect(explode(',',$category['owner']),$this->global_owners)) ||
|
||||
$no_acl_check && $category['access'] == 'public') && // no_acl_check only means public cats
|
||||
($category['appname'] == self::GLOBAL_APPNAME || $category['appname'] == $this->app_name ||
|
||||
$is_global && $allow_global_read))
|
||||
@ -558,7 +558,7 @@ class Categories
|
||||
foreach(explode(',',$category['owner']) as $owner)
|
||||
{
|
||||
$owner_grant = $owner_grant || (($this->grants[$owner] & $needed) &&
|
||||
($category['access'] == 'public' || ($this->grants[$owner] & EGW_ACL_PRIVATE)));
|
||||
($category['access'] == 'public' || ($this->grants[$owner] & Acl::PRIVAT)));
|
||||
}
|
||||
return $acl_grant && $owner_grant;
|
||||
}
|
||||
@ -704,7 +704,7 @@ class Categories
|
||||
if (isset($values['old_parent']) && (int)$values['old_parent'] != (int)$values['parent'])
|
||||
{
|
||||
$ret = $this->check_consistency4update($values);
|
||||
if ($ret !== true) throw new Exception\WrongUserinput($ret);
|
||||
if ($ret !== true) throw new Exception\WrongUserInput($ret);
|
||||
// everything seems in order -> proceed
|
||||
$values['level'] = ($values['parent'] ? $this->id2name($values['parent'],'level')+1:0);
|
||||
$this->adapt_level_in_subtree($values);
|
||||
@ -717,7 +717,7 @@ class Categories
|
||||
if ($values['parent'] > 0)
|
||||
{
|
||||
$ret = $this->check_consistency4update($values);
|
||||
if ($ret !== true) throw new Exception\WrongUserinput($ret);
|
||||
if ($ret !== true) throw new Exception\WrongUserInput($ret);
|
||||
|
||||
// everything seems in order -> proceed
|
||||
$values['main'] = $this->id2name($values['parent'],'main');
|
||||
@ -1056,7 +1056,7 @@ class Categories
|
||||
static $cat2color = array();
|
||||
|
||||
// ACL check
|
||||
$cats = $GLOBALS['egw']->categories->check_list(EGW_ACL_READ, $_cats);
|
||||
$cats = $GLOBALS['egw']->categories->check_list(Acl::READ, $_cats);
|
||||
|
||||
if (!$cats) return null;
|
||||
|
||||
|
||||
@ -66,7 +66,7 @@ class Config
|
||||
/**
|
||||
* reads the whole repository for $this->appname, appname has to be set via the constructor
|
||||
*
|
||||
* You can also use the static config::read($app) method, without instanciating the class.
|
||||
* You can also use the static Config::read($app) method, without instanciating the class.
|
||||
*
|
||||
* @return array the whole config-array for that app
|
||||
*/
|
||||
@ -95,7 +95,7 @@ class Config
|
||||
if (!isset($this->config_data[$name])) // has been deleted
|
||||
{
|
||||
self::save_value($name, null, $this->appname, false);
|
||||
//self::$db->delete(config::TABLE,array('config_app'=>$this->appname,'config_name'=>$name),__LINE__,__FILE__);
|
||||
//self::$db->delete(self::TABLE,array('config_app'=>$this->appname,'config_name'=>$name),__LINE__,__FILE__);
|
||||
}
|
||||
}
|
||||
|
||||
@ -126,9 +126,8 @@ class Config
|
||||
{
|
||||
if (!$app && (!isset($this) || !is_a($this,__CLASS__)))
|
||||
{
|
||||
throw new Exception\WrongParameter('$app parameter required for static call of config::save_value($name,$value,$app)!');
|
||||
throw new Exception\WrongParameter('$app parameter required for static call of Config::save_value($name,$value,$app)!');
|
||||
}
|
||||
//echo "<p>config::save_value('$name','".print_r($value,True)."','$app')</p>\n";
|
||||
if (!$app || isset($this) && is_a($this,__CLASS__) && $app == $this->appname)
|
||||
{
|
||||
$app = $this->appname;
|
||||
@ -138,7 +137,7 @@ class Config
|
||||
{
|
||||
self::init_static();
|
||||
}
|
||||
//echo "<p>config::save_value('$name','".print_r($value,True)."','$app')</p>\n";
|
||||
|
||||
if (isset(self::$configs[$app][$name]) && self::$configs[$app][$name] === $value)
|
||||
{
|
||||
return True; // no change ==> exit
|
||||
@ -147,13 +146,13 @@ class Config
|
||||
if (!isset($value) || $value === '')
|
||||
{
|
||||
if (isset(self::$configs[$app])) unset(self::$configs[$app][$name]);
|
||||
self::$db->delete(config::TABLE,array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);
|
||||
self::$db->delete(self::TABLE,array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$configs[$app][$name] = $value;
|
||||
if(is_array($value)) $value = json_encode($value);
|
||||
self::$db->insert(config::TABLE,array('config_value'=>$value),array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);
|
||||
self::$db->insert(self::TABLE,array('config_value'=>$value),array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);
|
||||
}
|
||||
if ($update_cache)
|
||||
{
|
||||
@ -176,7 +175,7 @@ class Config
|
||||
{
|
||||
self::init_static();
|
||||
}
|
||||
self::$db->delete(config::TABLE,array('config_app' => $this->appname),__LINE__,__FILE__);
|
||||
self::$db->delete(self::TABLE,array('config_app' => $this->appname),__LINE__,__FILE__);
|
||||
|
||||
unset(self::$configs[$this->appname]);
|
||||
Cache::setInstance(__CLASS__, 'configs', self::$configs);
|
||||
@ -345,7 +344,7 @@ class Config
|
||||
if (!(self::$configs = Cache::getInstance(__CLASS__, 'configs')) || !is_array(self::$configs['phpgwapi']))
|
||||
{
|
||||
self::$configs = array();
|
||||
foreach(self::$db->select(config::TABLE,'*',false,__LINE__,__FILE__) as $row)
|
||||
foreach(self::$db->select(self::TABLE,'*',false,__LINE__,__FILE__) as $row)
|
||||
{
|
||||
self::$configs[$row['config_app']][$row['config_name']] = self::unserialize($row['config_value']);
|
||||
//error_log(__METHOD__."() configs[$row[config_app]][$row[config_name]]=".array2string(self::$configs[$row['config_app']][$row['config_name']]));
|
||||
|
||||
@ -334,13 +334,13 @@ class Contacts extends Contacts\Storage
|
||||
/**
|
||||
* Get the availible addressbooks of the user
|
||||
*
|
||||
* @param int $required =EGW_ACL_READ required rights on the addressbook or multiple rights or'ed together,
|
||||
* @param int $required =Acl::READ required rights on the addressbook or multiple rights or'ed together,
|
||||
* to return only addressbooks fullfilling all the given rights
|
||||
* @param string $extra_label first label if given (already translated)
|
||||
* @param int $user =null account_id or null for current user
|
||||
* @return array with owner => label pairs
|
||||
*/
|
||||
function get_addressbooks($required=EGW_ACL_READ,$extra_label=null,$user=null)
|
||||
function get_addressbooks($required=Acl::READ,$extra_label=null,$user=null)
|
||||
{
|
||||
if (is_null($user))
|
||||
{
|
||||
@ -371,11 +371,11 @@ class Contacts extends Contacts\Storage
|
||||
asort($to_sort);
|
||||
$addressbooks += $to_sort;
|
||||
}
|
||||
if ($required != EGW_ACL_ADD && // do NOT allow to set accounts as default addressbook (AB can add accounts)
|
||||
if ($required != Acl::ADD && // do NOT allow to set accounts as default addressbook (AB can add accounts)
|
||||
!$preferences['addressbook']['hide_accounts'] && (
|
||||
($grants[0] & $required) == $required ||
|
||||
$preferences['common']['account_selection'] == 'groupmembers' &&
|
||||
$this->account_repository != 'ldap' && ($required & EGW_ACL_READ)))
|
||||
$this->account_repository != 'ldap' && ($required & Acl::READ)))
|
||||
{
|
||||
$addressbooks[0] = lang('Accounts');
|
||||
}
|
||||
@ -808,7 +808,7 @@ class Contacts extends Contacts\Storage
|
||||
$id = is_array($c) ? $c['id'] : $c;
|
||||
|
||||
$ok = false;
|
||||
if ($this->check_perms(EGW_ACL_DELETE,$c,$deny_account_delete))
|
||||
if ($this->check_perms(Acl::DELETE,$c,$deny_account_delete))
|
||||
{
|
||||
if (!($old = $this->read($id))) return false;
|
||||
// check if we only mark contacts as deleted, or really delete them
|
||||
@ -895,7 +895,7 @@ class Contacts extends Contacts\Storage
|
||||
{
|
||||
$contact['private'] = 0;
|
||||
}
|
||||
if(!$ignore_acl && !$this->check_perms($isUpdate ? EGW_ACL_EDIT : EGW_ACL_ADD,$contact))
|
||||
if(!$ignore_acl && !$this->check_perms($isUpdate ? Acl::EDIT : Acl::ADD,$contact))
|
||||
{
|
||||
$this->error = 'access denied';
|
||||
return false;
|
||||
@ -1087,7 +1087,7 @@ class Contacts extends Contacts\Storage
|
||||
{
|
||||
$data = null; // not found
|
||||
}
|
||||
elseif (!$ignore_acl && !$this->check_perms(EGW_ACL_READ,$data))
|
||||
elseif (!$ignore_acl && !$this->check_perms(Acl::READ,$data))
|
||||
{
|
||||
$data = false; // no view perms
|
||||
}
|
||||
@ -1118,7 +1118,7 @@ class Contacts extends Contacts\Storage
|
||||
* If the access of a contact is set to private, one need a private grant for a personal addressbook
|
||||
* or the group membership for a group-addressbook
|
||||
*
|
||||
* @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
|
||||
* @param int $needed necessary ACL right: Acl::{READ|EDIT|DELETE}
|
||||
* @param mixed $contact contact as array or the contact-id
|
||||
* @param boolean $deny_account_delete =false if true never allow to delete accounts
|
||||
* @param int $user =null for which user to check, default current user
|
||||
@ -1147,17 +1147,17 @@ class Contacts extends Contacts\Storage
|
||||
$owner = $contact['owner'];
|
||||
|
||||
// allow the user to edit his own account
|
||||
if (!$owner && $needed == EGW_ACL_EDIT && $contact['account_id'] == $user && $this->own_account_acl)
|
||||
if (!$owner && $needed == Acl::EDIT && $contact['account_id'] == $user && $this->own_account_acl)
|
||||
{
|
||||
$access = true;
|
||||
}
|
||||
// dont allow to delete own account (as admin handels it too)
|
||||
elseif (!$owner && $needed == EGW_ACL_DELETE && ($deny_account_delete || $contact['account_id'] == $user))
|
||||
elseif (!$owner && $needed == Acl::DELETE && ($deny_account_delete || $contact['account_id'] == $user))
|
||||
{
|
||||
$access = false;
|
||||
}
|
||||
// for reading accounts (owner == 0) and account_selection == groupmembers, check if current user and contact are groupmembers
|
||||
elseif ($owner == 0 && $needed == EGW_ACL_READ &&
|
||||
elseif ($owner == 0 && $needed == Acl::READ &&
|
||||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||
!isset($GLOBALS['egw_info']['user']['apps']['admin']))
|
||||
{
|
||||
@ -1166,7 +1166,7 @@ class Contacts extends Contacts\Storage
|
||||
else
|
||||
{
|
||||
$access = ($grants[$owner] & $needed) &&
|
||||
(!$contact['private'] || ($grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$memberships));
|
||||
(!$contact['private'] || ($grants[$owner] & Acl::PRIVAT) || in_array($owner,$memberships));
|
||||
}
|
||||
//error_log(__METHOD__."($needed,$contact[id],$deny_account_delete,$user) returning ".array2string($access));
|
||||
return $access;
|
||||
@ -1176,7 +1176,7 @@ class Contacts extends Contacts\Storage
|
||||
* Check access to the file store
|
||||
*
|
||||
* @param int|array $id id of entry or entry array
|
||||
* @param int $check EGW_ACL_READ for read and EGW_ACL_EDIT for write or delete access
|
||||
* @param int $check Acl::READ for read and Acl::EDIT for write or delete access
|
||||
* @param string $rel_path =null currently not used in InfoLog
|
||||
* @param int $user =null for which user to check, default current user
|
||||
* @return boolean true if access is granted or false otherwise
|
||||
@ -1410,7 +1410,7 @@ class Contacts extends Contacts\Storage
|
||||
}
|
||||
if ($fields)
|
||||
{
|
||||
if (!$this->check_perms(EGW_ACL_EDIT,$member) || !$this->save($member))
|
||||
if (!$this->check_perms(Acl::EDIT,$member) || !$this->save($member))
|
||||
{
|
||||
++$failed_members;
|
||||
}
|
||||
@ -1765,7 +1765,7 @@ class Contacts extends Contacts\Storage
|
||||
$target = $contacts[0];
|
||||
unset($contacts[0]);
|
||||
}
|
||||
if (!$this->check_perms(EGW_ACL_EDIT,$target))
|
||||
if (!$this->check_perms(Acl::EDIT,$target))
|
||||
{
|
||||
echo $this->error = 'No edit permission for the target contact!';
|
||||
return 0;
|
||||
@ -1809,7 +1809,7 @@ class Contacts extends Contacts\Storage
|
||||
$success = 1;
|
||||
foreach($contacts as $contact)
|
||||
{
|
||||
if (!$this->check_perms(EGW_ACL_DELETE,$contact))
|
||||
if (!$this->check_perms(Acl::DELETE,$contact))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
@ -1875,7 +1875,7 @@ class Contacts extends Contacts\Storage
|
||||
*/
|
||||
function add_list($keys,$owner,$contacts=array(),array &$data=array())
|
||||
{
|
||||
if (!$this->check_list(null,EGW_ACL_ADD|EGW_ACL_EDIT,$owner)) return false;
|
||||
if (!$this->check_list(null,Acl::ADD|Acl::EDIT,$owner)) return false;
|
||||
|
||||
try {
|
||||
$ret = parent::add_list($keys,$owner,$contacts,$data);
|
||||
@ -1899,7 +1899,7 @@ class Contacts extends Contacts\Storage
|
||||
*/
|
||||
function add2list($contact,$list,array $existing=null)
|
||||
{
|
||||
if (!$this->check_list($list,EGW_ACL_EDIT)) return false;
|
||||
if (!$this->check_list($list,Acl::EDIT)) return false;
|
||||
|
||||
unset(self::$list_cache[$list]);
|
||||
|
||||
@ -1915,7 +1915,7 @@ class Contacts extends Contacts\Storage
|
||||
*/
|
||||
function remove_from_list($contact,$list=null)
|
||||
{
|
||||
if ($list && !$this->check_list($list,EGW_ACL_EDIT)) return false;
|
||||
if ($list && !$this->check_list($list,Acl::EDIT)) return false;
|
||||
|
||||
if ($list)
|
||||
{
|
||||
@ -1937,7 +1937,7 @@ class Contacts extends Contacts\Storage
|
||||
*/
|
||||
function delete_list($list)
|
||||
{
|
||||
if (!$this->check_list($list,EGW_ACL_DELETE)) return false;
|
||||
if (!$this->check_list($list,Acl::DELETE)) return false;
|
||||
|
||||
foreach((array)$list as $l)
|
||||
{
|
||||
@ -2050,7 +2050,7 @@ class Contacts extends Contacts\Storage
|
||||
{
|
||||
foreach ($old_categories as $cat_id)
|
||||
{
|
||||
if (!$this->categories->check_perms(EGW_ACL_READ, $cat_id))
|
||||
if (!$this->categories->check_perms(Acl::READ, $cat_id))
|
||||
{
|
||||
$old_cats_preserve[] = $cat_id;
|
||||
}
|
||||
@ -2108,7 +2108,7 @@ class Contacts extends Contacts\Storage
|
||||
$cat_list = array();
|
||||
foreach($cat_id_list as $cat_id)
|
||||
{
|
||||
if ($cat_id && $this->categories->check_perms(EGW_ACL_READ, $cat_id) &&
|
||||
if ($cat_id && $this->categories->check_perms(Acl::READ, $cat_id) &&
|
||||
($cat_name = $this->categories->id2name($cat_id)) && $cat_name != '--')
|
||||
{
|
||||
$cat_list[] = $cat_name;
|
||||
|
||||
@ -344,20 +344,20 @@ class Storage
|
||||
// ToDo: be more specific for 'groupmembers', they should be able to see the groupmembers
|
||||
if (!in_array($preferences['common']['account_selection'], array('none','groupmembers')))
|
||||
{
|
||||
$grants[0] = EGW_ACL_READ;
|
||||
$grants[0] = Api\Acl::READ;
|
||||
}
|
||||
// add account grants for admins (only for current user!)
|
||||
if ($user == $this->user && $this->is_admin()) // admin rights can be limited by ACL!
|
||||
{
|
||||
$grants[0] = EGW_ACL_READ; // admins always have read-access
|
||||
if (!$GLOBALS['egw']->acl->check('account_access',16,'admin')) $grants[0] |= EGW_ACL_EDIT;
|
||||
if (!$GLOBALS['egw']->acl->check('account_access',4,'admin')) $grants[0] |= EGW_ACL_ADD;
|
||||
if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= EGW_ACL_DELETE;
|
||||
$grants[0] = Api\Acl::READ; // admins always have read-access
|
||||
if (!$GLOBALS['egw']->acl->check('account_access',16,'admin')) $grants[0] |= Api\Acl::EDIT;
|
||||
if (!$GLOBALS['egw']->acl->check('account_access',4,'admin')) $grants[0] |= Api\Acl::ADD;
|
||||
if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= Api\Acl::DELETE;
|
||||
}
|
||||
// allow certain groups to edit contact-data of accounts
|
||||
if (self::allow_account_edit($user))
|
||||
{
|
||||
$grants[0] |= EGW_ACL_READ|EGW_ACL_EDIT;
|
||||
$grants[0] |= Api\Acl::READ|Api\Acl::EDIT;
|
||||
}
|
||||
}
|
||||
else
|
||||
@ -985,12 +985,12 @@ class Storage
|
||||
/**
|
||||
* Get the availible distribution lists for a user
|
||||
*
|
||||
* @param int $required =EGW_ACL_READ required rights on the list or multiple rights or'ed together,
|
||||
* @param int $required =Api\Acl::READ required rights on the list or multiple rights or'ed together,
|
||||
* to return only lists fullfilling all the given rights
|
||||
* @param string $extra_labels =null first labels if given (already translated)
|
||||
* @return array with id => label pairs or false if backend does not support lists
|
||||
*/
|
||||
function get_lists($required=EGW_ACL_READ,$extra_labels=null)
|
||||
function get_lists($required=Api\Acl::READ,$extra_labels=null)
|
||||
{
|
||||
if (!method_exists($this->somain,'get_lists')) return false;
|
||||
|
||||
|
||||
@ -556,7 +556,7 @@ class DateTime extends \DateTime
|
||||
self::$server_timezone = new DateTimeZone('Europe/Berlin');
|
||||
}
|
||||
error_log(__METHOD__."() invalid server_timezone='{$GLOBALS['egw_info']['server']['server_timezone']}' setting now '".self::$server_timezone->getName()."'!");
|
||||
config::save_value('server_timezone',$GLOBALS['egw_info']['server']['server_timezone'] = self::$server_timezone->getName(),'phpgwapi');
|
||||
Config::save_value('server_timezone',$GLOBALS['egw_info']['server']['server_timezone'] = self::$server_timezone->getName(),'phpgwapi');
|
||||
}
|
||||
if (!isset($GLOBALS['egw_info']['user']['preferences']['common']['tz']))
|
||||
{
|
||||
|
||||
@ -371,7 +371,7 @@ class Egw extends Egw\Base
|
||||
{
|
||||
$GLOBALS['egw']->session->destroy($sessionid);
|
||||
}
|
||||
throw new Exception\Redirect(egw::link('/logout.php'));
|
||||
throw new Exception\Redirect(self::link('/logout.php'));
|
||||
}
|
||||
if ($currentapp == 'admin' || $GLOBALS['egw_info']['flags']['admin_only'])
|
||||
{
|
||||
|
||||
@ -124,7 +124,7 @@ class Taglist extends Etemplate\Widget
|
||||
}
|
||||
if($this->type == 'taglist-email' && $this->attrs['include_lists'] && is_numeric($val))
|
||||
{
|
||||
$lists = $GLOBALS['egw']->contacts->get_lists(EGW_ACL_READ);
|
||||
$lists = $GLOBALS['egw']->contacts->get_lists(Api\Acl::READ);
|
||||
if(!array_key_exists($val, $lists))
|
||||
{
|
||||
self::set_validation_error($form_name,lang("'%1' is NOT allowed ('%2')!",$val,implode("','",array_keys($lists))),'');
|
||||
|
||||
@ -1581,7 +1581,7 @@ class Link extends Link\Storage
|
||||
* @param string $app
|
||||
* @param int|string $id
|
||||
* @param string $title title string or null
|
||||
* @param int $file_access =null EGW_ACL_READ, EGW_ACL_EDIT or both or'ed together
|
||||
* @param int $file_access =null Acl::READ, Acl::EDIT or both or'ed together
|
||||
*/
|
||||
public static function set_cache($app,$id,$title,$file_access=null)
|
||||
{
|
||||
@ -1682,12 +1682,12 @@ class Link extends Link\Storage
|
||||
* @ToDo $rel_path is not yet implemented, as no app use it currently
|
||||
* @param string $app
|
||||
* @param string|int $id id of entry
|
||||
* @param int $required =EGW_ACL_READ EGW_ACL_{READ|EDIT}
|
||||
* @param int $required =Acl::READ Acl::{READ|EDIT}
|
||||
* @param string $rel_path =null
|
||||
* @param int $user =null default null = current user
|
||||
* @return boolean true if access granted, false otherwise
|
||||
*/
|
||||
static function file_access($app,$id,$required=EGW_ACL_READ,$rel_path=null,$user=null)
|
||||
static function file_access($app,$id,$required=Acl::READ,$rel_path=null,$user=null)
|
||||
{
|
||||
// are we called for an other user
|
||||
if ($user && $user != $GLOBALS['egw_info']['user']['account_id'])
|
||||
@ -1709,15 +1709,15 @@ class Link extends Link\Storage
|
||||
|
||||
$cache =& self::get_cache($app,$id,'file_access');
|
||||
|
||||
if (!isset($cache) || $required == EGW_ACL_EDIT && !($cache & $required))
|
||||
if (!isset($cache) || $required == Acl::EDIT && !($cache & $required))
|
||||
{
|
||||
if(($method = self::get_registry($app,'file_access')))
|
||||
{
|
||||
$cache |= ExecMethod2($method,$id,$required,$rel_path) ? $required|EGW_ACL_READ : 0;
|
||||
$cache |= ExecMethod2($method,$id,$required,$rel_path) ? $required|Acl::READ : 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
$cache |= self::title($app,$id) ? EGW_ACL_READ|EGW_ACL_EDIT : 0;
|
||||
$cache |= self::title($app,$id) ? Acl::READ|Acl::EDIT : 0;
|
||||
}
|
||||
//error_log(__METHOD__."($app,$id,$required,$rel_path) got $cache --> ".($cache & $required ? 'true' : 'false'));
|
||||
}
|
||||
|
||||
@ -892,7 +892,7 @@ class Account implements \ArrayAccess
|
||||
/**
|
||||
* Check which rights current user has on mail-account
|
||||
*
|
||||
* @param int $rights EGW_ACL_(READ|EDIT|DELETE)
|
||||
* @param int $rights Api\Acl::(READ|EDIT|DELETE)
|
||||
* @param array|Account $account account array or object
|
||||
* @return boolean
|
||||
*/
|
||||
@ -920,12 +920,12 @@ class Account implements \ArrayAccess
|
||||
{
|
||||
switch($rights)
|
||||
{
|
||||
case EGW_ACL_READ:
|
||||
case Api\Acl::READ:
|
||||
$access = true;
|
||||
break;
|
||||
|
||||
case EGW_ACL_EDIT:
|
||||
case EGW_ACL_DELETE:
|
||||
case Api\Acl::EDIT:
|
||||
case Api\Acl::DELETE:
|
||||
// users have only edit/delete rights on accounts marked as user-editable AND belonging to them personally
|
||||
if (!$account['acc_user_editable'])
|
||||
{
|
||||
|
||||
@ -541,7 +541,7 @@ class Mailer extends Horde_Mime_Mail
|
||||
if (!isset($flowed)) $flowed = $this->_body && $this->_body->getType() != 'multipart/encrypted';
|
||||
|
||||
// check if flowed is disabled in mail site configuration
|
||||
if (($config = config::read('mail')) && $config['disable_rfc3676_flowed'])
|
||||
if (($config = Config::read('mail')) && $config['disable_rfc3676_flowed'])
|
||||
{
|
||||
$flowed = false;
|
||||
}
|
||||
|
||||
@ -937,7 +937,7 @@ class Session
|
||||
$this->account_id = $GLOBALS['egw']->accounts->name2id($this->account_lid,'account_lid','u');
|
||||
if (!$this->account_id)
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) !accounts::name2id('$this->account_lid')");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) !accounts::name2id('$this->account_lid')");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -955,7 +955,7 @@ class Session
|
||||
|
||||
if ($GLOBALS['egw']->accounts->is_expired($GLOBALS['egw_info']['user']))
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) accounts is expired");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) accounts is expired");
|
||||
return false;
|
||||
}
|
||||
$this->passwd = base64_decode(Cache::getSession('phpgwapi', 'password'));
|
||||
@ -966,7 +966,7 @@ class Session
|
||||
}
|
||||
if ($this->account_domain != $GLOBALS['egw_info']['user']['domain'])
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) wrong domain");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) wrong domain");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -975,7 +975,7 @@ class Session
|
||||
if (strtoupper(substr(PHP_OS,0,3)) != 'WIN' && (!$GLOBALS['egw_info']['user']['session_ip'] ||
|
||||
$GLOBALS['egw_info']['user']['session_ip'] != $this->getuser_ip()))
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) wrong IP");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) wrong IP");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -988,7 +988,7 @@ class Session
|
||||
}
|
||||
if (!$this->account_lid)
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) !account_lid");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) !account_lid");
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1007,13 +1007,13 @@ class Session
|
||||
$_REQUEST[self::EGW_SESSION_NAME] === $this->sessionid &&
|
||||
(!isset($_COOKIE[self::EGW_SESSION_NAME]) || $_COOKIE[self::EGW_SESSION_NAME] !== $_REQUEST[self::EGW_SESSION_NAME]))
|
||||
{
|
||||
if (self::ERROR_LOG_DEBUG) error_log("--> session::verify($sessionid) SUCCESS, but NO required cookies set --> setting them now");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("--> Session::verify($sessionid) SUCCESS, but NO required cookies set --> setting them now");
|
||||
self::egw_setcookie(self::EGW_SESSION_NAME,$this->sessionid);
|
||||
self::egw_setcookie('kp3',$this->kp3);
|
||||
self::egw_setcookie('domain',$this->account_domain);
|
||||
}
|
||||
|
||||
if (self::ERROR_LOG_DEBUG) error_log("--> session::verify($sessionid) SUCCESS");
|
||||
if (self::ERROR_LOG_DEBUG) error_log("--> Session::verify($sessionid) SUCCESS");
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -111,8 +111,8 @@ class StreamWrapper extends LinksParent
|
||||
// which gives him then read AND write access to the file store of the entry
|
||||
else
|
||||
{
|
||||
// vfs & stream-wrapper use posix rights, Api\Link::file_access uses EGW_ACL_{EDIT|READ}!
|
||||
$required = $check & Vfs::WRITABLE ? EGW_ACL_EDIT : EGW_ACL_READ;
|
||||
// vfs & stream-wrapper use posix rights, Api\Link::file_access uses Api\Acl::{EDIT|READ}!
|
||||
$required = $check & Vfs::WRITABLE ? Api\Acl::EDIT : Api\Acl::READ;
|
||||
$access = Api\Link::file_access($app,$id,$required,$rel_path,Vfs::$user);
|
||||
$what = "from Api\Link::file_access('$app',$id,$required,'$rel_path,".Vfs::$user.")";
|
||||
}
|
||||
|
||||
@ -1855,7 +1855,7 @@ class StreamWrapper implements Vfs\StreamWrapperIface
|
||||
{
|
||||
return false;
|
||||
}
|
||||
if (!Vfs::check_access($path,EGW_ACL_EDIT,$stat))
|
||||
if (!Vfs::check_access($path,Api\Acl::EDIT,$stat))
|
||||
{
|
||||
return false; // permission denied
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user