diff --git a/api/src/Link.php b/api/src/Link.php index 89ab367c5e..5eba4b6f62 100644 --- a/api/src/Link.php +++ b/api/src/Link.php @@ -201,8 +201,10 @@ class Link extends Link\Storage /** * initialize our static vars + * + * @param boolean $clear_all do not use session AND not permission check for app-registry */ - static function init_static( ) + static function init_static($clear_all=false) { // FireFox 36 can not display pdf with it's internal viewer in an iframe used by mobile theme/template for popups // same is true for all mobile devices @@ -214,9 +216,9 @@ class Link extends Link\Storage // other apps can participate in the linking by implementing a search_link hook, which // has to return an array in the format of an app_register entry // for performance reasons, we do it only once / cache it in the session - if (!($search_link_hooks = Cache::getSession(__CLASS__, 'search_link_hooks'))) + if ($clear_all || !($search_link_hooks = Cache::getSession(__CLASS__, 'search_link_hooks'))) { - $search_link_hooks = Hooks::process('search_link',array(), (bool)$GLOBALS['egw_info']['flags']['async-service']); + $search_link_hooks = Hooks::process('search_link',array(), $clear_all || (bool)$GLOBALS['egw_info']['flags']['async-service']); Cache::setSession(__CLASS__, 'search_link_hooks', $search_link_hooks); } if (is_array($search_link_hooks)) diff --git a/api/src/Vfs/Links/StreamWrapper.php b/api/src/Vfs/Links/StreamWrapper.php index 90f5bd474b..27277b8cfb 100644 --- a/api/src/Vfs/Links/StreamWrapper.php +++ b/api/src/Vfs/Links/StreamWrapper.php @@ -96,7 +96,7 @@ class StreamWrapper extends LinksParent $access = !($check & Vfs::WRITABLE); // always grant read access to /apps $what = '!$app'; } - elseif(!isset($GLOBALS['egw_info']['user']['apps'][$app])) + elseif (!self::check_app_rights($app)) { $access = false; // user has no access to the $app application $what = 'no app-rights'; @@ -120,6 +120,26 @@ class StreamWrapper extends LinksParent return $access; } + /** + * Check app-rights for current Vfs::$user + * + * @param string $app + * @return boolean + */ + protected static function check_app_rights($app) + { + if ($GLOBALS['egw_info']['user']['account_id'] == Vfs::$user) + { + return isset($GLOBALS['egw_info']['user']['apps'][$app]); + } + static $user_apps = array(); + if (!isset($user_apps[Vfs::$user])) + { + $user_apps[Vfs::$user] = $GLOBALS['egw']->acl->get_user_applications(Vfs::$user); + } + return !empty($user_apps[Vfs::$user][$app]); + } + /** * This method is called in response to stat() calls on the URL paths associated with the wrapper. * diff --git a/api/src/Vfs/Sharing.php b/api/src/Vfs/Sharing.php index 7706bc5dc3..e1dbae1dbf 100644 --- a/api/src/Vfs/Sharing.php +++ b/api/src/Vfs/Sharing.php @@ -254,6 +254,8 @@ class Sharing } Vfs::$is_root = false; Vfs::clearstatcache(); + // clear link-cache and load link registry without permission check to access /apps + Api\Link::init_static(true); // update accessed timestamp self::$db->update(self::TABLE, array(