Fix resource invite permission was checked for every resource type

2024-11-07 08:34:29 +01:00 · 2018-10-01 10:25:55 -06:00 · 2018-10-01 10:25:55 -06:00 · eb7ea6bfab
commit eb7ea6bfab
parent b7f72bf7c4
3 changed files with 20 additions and 18 deletions
--- a/calendar/inc/class.calendar_boupdate.inc.php
+++ b/calendar/inc/class.calendar_boupdate.inc.php
@ -80,12 +80,6 @@ class calendar_boupdate extends calendar_bo
 	 */
 	protected static $tz_cache = array();

-	/**
-	 * The resources storage object
-	 * @var resources_so $resources_so
-	 */
-	protected $resources_so;
-
 	/**
 	 * Constructor
 	 */
@ -95,8 +89,6 @@ class calendar_boupdate extends calendar_bo

 		parent::__construct();	// calling the parent constructor

-		$this->resources_so = new resources_so();
-
 		if ($this->debug > 0) $this->debug_message('calendar_boupdate::__construct() finished',True);
 	}

@ -515,17 +507,12 @@ class calendar_boupdate extends calendar_bo
 	 */
 	public function check_acl_invite($uid)
 	{
-		if (!is_numeric($uid))
+		if (!is_numeric($uid) && $this->resources[$uid[0]]['check_invite'])
 		{
-			$resources_config = Api\Config::read('resources');
-			if ($resources_config['bookingrequests'] === 'disabled') {
-				$cat_id = $this->resources_so->get_value('cat_id', intval(substr($uid, 1)));
-				return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING);
-			}
-			else
-			{
-				$ret = true;
-			}
+			// Resource specific ACL check
+			return call_user_func($this->resources[$uid[0]]['check_invite'], $uid);
+
+
 		}
 		elseif (!$this->require_acl_invite)
 		{
--- a/resources/inc/class.resources_acl_bo.inc.php
+++ b/resources/inc/class.resources_acl_bo.inc.php
@ -204,6 +204,20 @@ class resources_acl_bo
 		return $GLOBALS['egw']->acl->get_all_rights('L'.$cat_id,'resources');
 	}

+	static public function check_calendar_invite($uid)
+	{
+		$resources_config = Api\Config::read('resources');
+		$resources_so = new resources_so();
+		if ($resources_config['bookingrequests'] === 'disabled') {
+			$resources_so = new resources_so();
+			$cat_id = $resources_so->get_value('cat_id', intval(substr($uid, 1)));
+			return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING);
+		}
+		else
+		{
+			return true;
+		}
+	}

 	// privat functions from here on -------------------------------------------------------------------------
 	function save_sessiondata()
--- a/resources/inc/class.resources_hooks.inc.php
+++ b/resources/inc/class.resources_hooks.inc.php
@ -108,6 +108,7 @@ class resources_hooks
 			'type' => 'r',// one char type-identifiy for this resources
 			'icon' => 'calicon',//icon
 			'participants_header' => lang('resources'), // header of participants from this type
+			'check_invite' => 'resources_acl_bo::check_calendar_invite' // Check that the current user is allowed to invite the givent resource
 		);
 	}