forked from extern/egroupware
* CalDAV/CardDAV: log failed requests with ### like exceptions to ease diagnose problems, log if clients requests accounts not visible because of account-selection preference, skip proxys if not visible
This commit is contained in:
parent
18d74430ea
commit
15c9fd0d32
@ -621,6 +621,40 @@ class accounts
|
|||||||
return $data['account_type'] == 'u' ? 1 : 2;
|
return $data['account_type'] == 'u' ? 1 : 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if a given account is visible to current user
|
||||||
|
*
|
||||||
|
* Not all existing accounts are visible because off account_selection preference: 'none' or 'groupmembers'
|
||||||
|
*
|
||||||
|
* @param int|string $account_id nummeric account_id or account_lid
|
||||||
|
* @return boolean true = account is visible, false = account not visible, null = account does not exist
|
||||||
|
*/
|
||||||
|
function visible($account_id)
|
||||||
|
{
|
||||||
|
if (!is_numeric($account_id)) // account_lid given
|
||||||
|
{
|
||||||
|
$account_lid = $account_id;
|
||||||
|
if (!($account_id = $this->name2id($account_lid))) return null;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
if (!($account_lid = $this->id2name($account_id))) return null;
|
||||||
|
}
|
||||||
|
if (!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
|
||||||
|
// do NOT allow other user, if account-selection is none
|
||||||
|
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
|
||||||
|
$account_lid != $GLOBALS['egw_info']['user']['account_lid'] ||
|
||||||
|
// only allow group-members for account-selection is groupmembers
|
||||||
|
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||||
|
!array_intersect($this->memberships($account_id,true),
|
||||||
|
$this->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
|
||||||
|
{
|
||||||
|
//error_log(__METHOD__."($account_id='$account_lid') returning FALSE");
|
||||||
|
return false; // user is not allowed to see given account
|
||||||
|
}
|
||||||
|
return true; // user allowed to see given account
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all memberships of an account $account_id / groups the account is a member off
|
* Get all memberships of an account $account_id / groups the account is a member off
|
||||||
*
|
*
|
||||||
|
@ -1556,7 +1556,9 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
$content .= $c;
|
$content .= $c;
|
||||||
if ($extra) $content .= $extra;
|
if ($extra) $content .= $extra;
|
||||||
if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n";
|
if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n";
|
||||||
$content .= sprintf('*** %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
|
$content .= $this->_http_status[0] == '4' && substr($this->_http_status,0,3) != '412' ||
|
||||||
|
$this->_http_status[0] == '5' ? '###' : '***'; // mark failed requests with ###, instead of ***
|
||||||
|
$content .= sprintf(' %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
|
||||||
|
|
||||||
if ($msg_file && ($f = fopen($msg_file,'a')))
|
if ($msg_file && ($f = fopen($msg_file,'a')))
|
||||||
{
|
{
|
||||||
|
@ -614,15 +614,9 @@ class groupdav_principals extends groupdav_handler
|
|||||||
{
|
{
|
||||||
if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
|
if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
|
||||||
!($account = $this->accounts->read($id)) ||
|
!($account = $this->accounts->read($id)) ||
|
||||||
!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
|
!$this->accounts->visible($name))
|
||||||
// do NOT allow other user, if account-selection is none
|
|
||||||
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
|
|
||||||
$name != $GLOBALS['egw_info']['user']['account_lid'] ||
|
|
||||||
// only allow group-members for account-selection is groupmembers
|
|
||||||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
|
||||||
!array_intersect($this->accounts->memberships($account['account_id'],true),
|
|
||||||
$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
|
|
||||||
{
|
{
|
||||||
|
$this->groupdav->log(__METHOD__."('$name', ...) account '$name' NOT found OR not visible to you (check account-selection preference)!");
|
||||||
return '404 Not Found';
|
return '404 Not Found';
|
||||||
}
|
}
|
||||||
while (substr($rest,-1) == '/') $rest = substr($rest,0,-1);
|
while (substr($rest,-1) == '/') $rest = substr($rest,0,-1);
|
||||||
@ -1219,9 +1213,12 @@ class groupdav_principals extends groupdav_handler
|
|||||||
{
|
{
|
||||||
$set = array();
|
$set = array();
|
||||||
foreach($accounts as $account_id => $account_lid)
|
foreach($accounts as $account_id => $account_lid)
|
||||||
|
{
|
||||||
|
if ($this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
|
||||||
{
|
{
|
||||||
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
|
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if ($add_proxys)
|
if ($add_proxys)
|
||||||
{
|
{
|
||||||
foreach((array)$add_proxys as $app)
|
foreach((array)$add_proxys as $app)
|
||||||
@ -1300,7 +1297,8 @@ class groupdav_principals extends groupdav_handler
|
|||||||
foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
|
foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
|
||||||
{
|
{
|
||||||
if ($account_id != $account && ($rights & EGW_ACL_READ) &&
|
if ($account_id != $account && ($rights & EGW_ACL_READ) &&
|
||||||
($account_lid = $this->accounts->id2name($account_id)))
|
($account_lid = $this->accounts->id2name($account_id)) &&
|
||||||
|
$this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
|
||||||
{
|
{
|
||||||
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.
|
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.
|
||||||
($account_id < 0 ? 'groups/' : 'users/').
|
($account_id < 0 ? 'groups/' : 'users/').
|
||||||
|
Loading…
Reference in New Issue
Block a user