fixed not working access to all non-private user categories (ACL was priviously allways taken into account)

This commit is contained in:
Ralf Becker 2011-06-24 13:35:39 +00:00
parent 92d861e712
commit e960b79570
2 changed files with 21 additions and 14 deletions

View File

@ -198,7 +198,7 @@ class admin_categories
$sel_options['icon'] = self::get_icons(); $sel_options['icon'] = self::get_icons();
$sel_options['owner'] = array(); $sel_options['owner'] = array();
// User's category - add current value to be able to preserve owner // User's category - add current value to be able to preserve owner
if(!$content['id'] && $this->appname != 'admin') $content['owner'] = $GLOBALS['egw_info']['user']['account_id']; if(!$content['id'] && $this->appname != 'admin') $content['owner'] = $GLOBALS['egw_info']['user']['account_id'];
@ -215,7 +215,7 @@ class admin_categories
{ {
$sel_options['owner'][0] = lang('All users'); $sel_options['owner'][0] = lang('All users');
$accs = $GLOBALS['egw']->accounts->get_list('groups'); $accs = $GLOBALS['egw']->accounts->get_list('groups');
foreach($accs as $acc) foreach($accs as $acc)
{ {
if ($acc['account_type'] == 'g') if ($acc['account_type'] == 'g')
{ {
@ -299,7 +299,7 @@ class admin_categories
{ {
$globalcat = false; $globalcat = false;
} }
if($globalcat) $filter['access'] = 'public'; if ($globalcat) $filter['access'] = 'public';
egw_cache::setSession(__CLASS__.$query['appname'],'nm',$query); egw_cache::setSession(__CLASS__.$query['appname'],'nm',$query);
if($query['filter'] > 0 || $query['col_filter']['owner']) { if($query['filter'] > 0 || $query['col_filter']['owner']) {
@ -311,10 +311,7 @@ class admin_categories
} }
$cats = new categories($filter['owner'],$query['appname']); $cats = new categories($filter['owner'],$query['appname']);
$rows = $cats->return_sorted_array($query['start'],false,$query['search'],$query['sort'],$query['order'],'all_no_acl',$parent=0,true,$filter);
$globalcat=1;
$parent = 0;
$rows = $cats->return_sorted_array($query['start'],false,$query['search'],$query['sort'],$query['order'],$globalcat,$parent,true,$filter);
$count = $cats->total_records; $count = $cats->total_records;
foreach($rows as $key => &$row) foreach($rows as $key => &$row)
{ {
@ -367,7 +364,7 @@ $parent = 0;
$appname = categories::GLOBAL_APPNAME; $appname = categories::GLOBAL_APPNAME;
foreach(array($content['nm']['appname'], $_GET['cats_app'], $_GET['appname']) as $field) foreach(array($content['nm']['appname'], $_GET['cats_app'], $_GET['appname']) as $field)
{ {
if($field) if($field)
{ {
$appname = $field; $appname = $field;
break; break;

View File

@ -171,7 +171,8 @@ class categories
* @param string $query='' query-pattern * @param string $query='' query-pattern
* @param string $sort='ASC' sort order, defaults to 'ASC' * @param string $sort='ASC' sort order, defaults to 'ASC'
* @param string $order='' order by, default cat_main, cat_level, cat_name ASC * @param string $order='' order by, default cat_main, cat_level, cat_name ASC
* @param boolean $globals include the global egroupware categories or not * @param boolean|string $globals includes the global egroupware categories or not,
* 'all_no_acl' to return global and all non-private user categories independent of ACL
* @param array|int $parent_id=null return only subcats of $parent_id(s) * @param array|int $parent_id=null return only subcats of $parent_id(s)
* @param int $lastmod = -1 if > 0 return only cats modified since then * @param int $lastmod = -1 if > 0 return only cats modified since then
* @param string $column='' if column-name given only that column is returned, not the full array with all cat-data * @param string $column='' if column-name given only that column is returned, not the full array with all cat-data
@ -234,7 +235,7 @@ class categories
} }
// check for read permission // check for read permission
if(!$this->check_perms(EGW_ACL_READ, $cat)) if(!$this->check_perms(EGW_ACL_READ, $cat, $globals === 'all_no_acl'))
{ {
continue; continue;
} }
@ -316,7 +317,8 @@ class categories
* @param string $query='' query-pattern * @param string $query='' query-pattern
* @param string $sort='ASC' sort order, either defaults to 'ASC' * @param string $sort='ASC' sort order, either defaults to 'ASC'
* @param string $order='cat_name' order by * @param string $order='cat_name' order by
* @param boolean $globals includes the global egroupware categories or not * @param boolean|string $globals includes the global egroupware categories or not,
* 'all_no_acl' to return global and all non-private user categories independent of ACL
* @param array|int $parent_id=0 return only subcats of $parent_id(s) * @param array|int $parent_id=0 return only subcats of $parent_id(s)
* @param boolean $unserialize_data=false return $cat['data'] as array (not serialized array) * @param boolean $unserialize_data=false return $cat['data'] as array (not serialized array)
* @return array with cats * @return array with cats
@ -479,9 +481,10 @@ class categories
* *
* @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE} * @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}
* @param mixed $category category as array or the category_id * @param mixed $category category as array or the category_id
* @param boolean $no_acl_check=false if true, grants are NOT checked, gives access to all non-private categories of all users
* @return boolean true permission granted, false for permission denied, null for category does not exist * @return boolean true permission granted, false for permission denied, null for category does not exist
*/ */
public function check_perms($needed,$category) public function check_perms($needed, $category, $no_acl_check=false)
{ {
if (!is_array($category) && !($category = self::read($category))) if (!is_array($category) && !($category = self::read($category)))
{ {
@ -510,6 +513,12 @@ class categories
return true; return true;
} }
// if $no_acl_check is set, allow access to all public (non-private) categories
if ($no_acl_check && $category['access'] == 'public' && $this->account_id != self::GLOBAL_ACCOUNT && $category['appname'] == $this->app_name)
{
return true;
}
// Load the application grants // Load the application grants
if ($category['appname'] == $this->app_name && is_null($this->grants)) if ($category['appname'] == $this->app_name && is_null($this->grants))
{ {
@ -517,8 +526,9 @@ class categories
} }
// Check for ACL granted access, the self::GLOBAL_ACCOUNT user must not get access by ACL to keep old behaviour // Check for ACL granted access, the self::GLOBAL_ACCOUNT user must not get access by ACL to keep old behaviour
return ($this->account_id != self::GLOBAL_ACCOUNT && $category['appname'] == $this->app_name && ($this->grants[$category['owner']] & $needed) && return $this->account_id != self::GLOBAL_ACCOUNT && $category['appname'] == $this->app_name &&
($category['access'] == 'public' || ($this->grants[$category['owner']] & EGW_ACL_PRIVATE))); ($this->grants[$category['owner']] & $needed) &&
($category['access'] == 'public' || ($this->grants[$category['owner']] & EGW_ACL_PRIVATE));
} }
/** /**