forked from extern/egroupware
Take contact shares into account for push ACL checks
This commit is contained in:
parent
1f41bba904
commit
158e65fc90
@ -409,11 +409,33 @@ class addressbook_hooks
|
||||
'key' => 'egw_addressbook.contact_id',
|
||||
'column' => 'egw_addressbook.contact_owner'
|
||||
),
|
||||
'push_data' => ['owner','tid','cat_id']
|
||||
'push_data' => self::class.'::prepareEntryPush',
|
||||
);
|
||||
return $links;
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepare entry to be pushed via Link::notify_update()
|
||||
*
|
||||
* Add in shared users
|
||||
*
|
||||
* @param $entry
|
||||
* @return array
|
||||
*/
|
||||
static public function prepareEntryPush($entry)
|
||||
{
|
||||
// Add users / groups this contact is shared with
|
||||
$entry['shared_with'] = [];
|
||||
foreach($entry['shared'] as $id => $share)
|
||||
{
|
||||
$entry['shared_with'][] = $share['shared_with'];
|
||||
}
|
||||
$entry['shared_with'] = array_unique($entry['shared_with']);
|
||||
|
||||
$entry = array_intersect_key($entry, array_flip(['owner','tid','cat_id','shared_with']));
|
||||
return $entry;
|
||||
}
|
||||
|
||||
/**
|
||||
* Hook called to retrieve a app specific exportLimit
|
||||
*
|
||||
|
@ -48,7 +48,7 @@ var AddressbookApp = /** @class */ (function (_super) {
|
||||
// call parent
|
||||
_super.call(this, 'addressbook') || this;
|
||||
// These fields help with push
|
||||
_this.push_grant_fields = ["owner"];
|
||||
_this.push_grant_fields = ["owner", "shared_with"];
|
||||
_this.push_filter_fields = ["tid", "owner", "cat_id"];
|
||||
return _this;
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ import {etemplate2} from "../../api/js/etemplate/etemplate2";
|
||||
class AddressbookApp extends EgwApp
|
||||
{
|
||||
// These fields help with push
|
||||
protected push_grant_fields = ["owner"];
|
||||
protected push_grant_fields = ["owner","shared_with"];
|
||||
protected push_filter_fields = ["tid","owner","cat_id"]
|
||||
|
||||
/**
|
||||
|
@ -202,12 +202,26 @@ var EgwApp = /** @class */ (function () {
|
||||
*/
|
||||
EgwApp.prototype._push_grant_check = function (pushData, grant_fields) {
|
||||
var grants = egw.grants(this.appname);
|
||||
// No grants known
|
||||
if (!grants)
|
||||
return true;
|
||||
var _loop_1 = function (i) {
|
||||
var grant_field = pushData.acl[grant_fields[i]];
|
||||
if (["number", "string"].indexOf(typeof grant_field) >= 0 && grants[grant_field] !== 'undefined') {
|
||||
return { value: true };
|
||||
}
|
||||
else if (!Object.keys(grants).filter(function (grant_account) {
|
||||
return grant_field.indexOf(grant_account) >= 0 ||
|
||||
grant_field.indexOf(parseInt(grant_account)).length;
|
||||
})) {
|
||||
return { value: false };
|
||||
}
|
||||
};
|
||||
// check user has a grant from owner or something
|
||||
for (var i = 0; i < grant_fields.length; i++) {
|
||||
if (grants && typeof grants[pushData.acl[grant_fields[i]]] !== 'undefined') {
|
||||
// ACL access
|
||||
return true;
|
||||
}
|
||||
var state_1 = _loop_1(i);
|
||||
if (typeof state_1 === "object")
|
||||
return state_1.value;
|
||||
}
|
||||
return false;
|
||||
};
|
||||
@ -240,7 +254,7 @@ var EgwApp = /** @class */ (function () {
|
||||
}
|
||||
}
|
||||
}
|
||||
var _loop_1 = function (field_filter) {
|
||||
var _loop_2 = function (field_filter) {
|
||||
// no filter set
|
||||
if (field_filter.filter_values.length == 0)
|
||||
return "continue";
|
||||
@ -259,9 +273,9 @@ var EgwApp = /** @class */ (function () {
|
||||
// check filters against pushData.acl data
|
||||
for (var _b = 0, _c = Object.values(filters); _b < _c.length; _b++) {
|
||||
var field_filter = _c[_b];
|
||||
var state_1 = _loop_1(field_filter);
|
||||
if (typeof state_1 === "object")
|
||||
return state_1.value;
|
||||
var state_2 = _loop_2(field_filter);
|
||||
if (typeof state_2 === "object")
|
||||
return state_2.value;
|
||||
}
|
||||
return true;
|
||||
};
|
||||
|
@ -329,14 +329,25 @@ export abstract class EgwApp
|
||||
{
|
||||
let grants = egw.grants(this.appname);
|
||||
|
||||
// No grants known
|
||||
if(!grants) return true;
|
||||
|
||||
// check user has a grant from owner or something
|
||||
for(let i = 0; i < grant_fields.length; i++)
|
||||
{
|
||||
if(grants && typeof grants[pushData.acl[grant_fields[i]]] !== 'undefined')
|
||||
let grant_field = pushData.acl[grant_fields[i]];
|
||||
if(["number","string"].indexOf(typeof grant_field) >=0 && grants[grant_field] !== 'undefined')
|
||||
{
|
||||
// ACL access
|
||||
return true;
|
||||
}
|
||||
else if(!Object.keys(grants).filter(function(grant_account) {
|
||||
return grant_field.indexOf(grant_account) >= 0 ||
|
||||
grant_field.indexOf(parseInt(grant_account)).length
|
||||
}))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user