From eb7ea6bfabccf2eefa13d2d90ad01cf0ee731d5a Mon Sep 17 00:00:00 2001 From: nathangray Date: Mon, 1 Oct 2018 10:25:55 -0600 Subject: [PATCH] Fix resource invite permission was checked for every resource type --- calendar/inc/class.calendar_boupdate.inc.php | 23 +++++--------------- resources/inc/class.resources_acl_bo.inc.php | 14 ++++++++++++ resources/inc/class.resources_hooks.inc.php | 1 + 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php index 76e431052b..345527d06c 100644 --- a/calendar/inc/class.calendar_boupdate.inc.php +++ b/calendar/inc/class.calendar_boupdate.inc.php @@ -80,12 +80,6 @@ class calendar_boupdate extends calendar_bo */ protected static $tz_cache = array(); - /** - * The resources storage object - * @var resources_so $resources_so - */ - protected $resources_so; - /** * Constructor */ @@ -95,8 +89,6 @@ class calendar_boupdate extends calendar_bo parent::__construct(); // calling the parent constructor - $this->resources_so = new resources_so(); - if ($this->debug > 0) $this->debug_message('calendar_boupdate::__construct() finished',True); } @@ -515,17 +507,12 @@ class calendar_boupdate extends calendar_bo */ public function check_acl_invite($uid) { - if (!is_numeric($uid)) + if (!is_numeric($uid) && $this->resources[$uid[0]]['check_invite']) { - $resources_config = Api\Config::read('resources'); - if ($resources_config['bookingrequests'] === 'disabled') { - $cat_id = $this->resources_so->get_value('cat_id', intval(substr($uid, 1))); - return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING); - } - else - { - $ret = true; - } + // Resource specific ACL check + return call_user_func($this->resources[$uid[0]]['check_invite'], $uid); + + } elseif (!$this->require_acl_invite) { diff --git a/resources/inc/class.resources_acl_bo.inc.php b/resources/inc/class.resources_acl_bo.inc.php index 5c88de77e7..e77f6503d7 100755 --- a/resources/inc/class.resources_acl_bo.inc.php +++ b/resources/inc/class.resources_acl_bo.inc.php @@ -204,6 +204,20 @@ class resources_acl_bo return $GLOBALS['egw']->acl->get_all_rights('L'.$cat_id,'resources'); } + static public function check_calendar_invite($uid) + { + $resources_config = Api\Config::read('resources'); + $resources_so = new resources_so(); + if ($resources_config['bookingrequests'] === 'disabled') { + $resources_so = new resources_so(); + $cat_id = $resources_so->get_value('cat_id', intval(substr($uid, 1))); + return resources_acl_bo::is_permitted($cat_id, resources_acl_bo::DIRECT_BOOKING); + } + else + { + return true; + } + } // privat functions from here on ------------------------------------------------------------------------- function save_sessiondata() diff --git a/resources/inc/class.resources_hooks.inc.php b/resources/inc/class.resources_hooks.inc.php index 0ade26fcdb..3951b80f7a 100644 --- a/resources/inc/class.resources_hooks.inc.php +++ b/resources/inc/class.resources_hooks.inc.php @@ -108,6 +108,7 @@ class resources_hooks 'type' => 'r',// one char type-identifiy for this resources 'icon' => 'calicon',//icon 'participants_header' => lang('resources'), // header of participants from this type + 'check_invite' => 'resources_acl_bo::check_calendar_invite' // Check that the current user is allowed to invite the givent resource ); }