forked from extern/egroupware
* CalDAV/CardDAV: log failed requests with ### like exceptions to ease diagnose problems, log if clients requests accounts not visible because of account-selection preference, skip proxys if not visible
This commit is contained in:
Ralf Becker
parent
18d74430ea
commit
15c9fd0d32
@ -621,6 +621,40 @@ class accounts
|
||||
return $data['account_type'] == 'u' ? 1 : 2;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given account is visible to current user
|
||||
*
|
||||
* Not all existing accounts are visible because off account_selection preference: 'none' or 'groupmembers'
|
||||
*
|
||||
* @param int|string $account_id nummeric account_id or account_lid
|
||||
* @return boolean true = account is visible, false = account not visible, null = account does not exist
|
||||
*/
|
||||
function visible($account_id)
|
||||
{
|
||||
if (!is_numeric($account_id)) // account_lid given
|
||||
{
|
||||
$account_lid = $account_id;
|
||||
if (!($account_id = $this->name2id($account_lid))) return null;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!($account_lid = $this->id2name($account_id))) return null;
|
||||
}
|
||||
if (!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
|
||||
// do NOT allow other user, if account-selection is none
|
||||
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
|
||||
$account_lid != $GLOBALS['egw_info']['user']['account_lid'] ||
|
||||
// only allow group-members for account-selection is groupmembers
|
||||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||
!array_intersect($this->memberships($account_id,true),
|
||||
$this->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
|
||||
{
|
||||
//error_log(__METHOD__."($account_id='$account_lid') returning FALSE");
|
||||
return false; // user is not allowed to see given account
|
||||
}
|
||||
return true; // user allowed to see given account
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all memberships of an account $account_id / groups the account is a member off
|
||||
*
|
||||
|
||||
@ -1556,7 +1556,9 @@ class groupdav extends HTTP_WebDAV_Server
|
||||
$content .= $c;
|
||||
if ($extra) $content .= $extra;
|
||||
if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n";
|
||||
$content .= sprintf('*** %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
|
||||
$content .= $this->_http_status[0] == '4' && substr($this->_http_status,0,3) != '412' ||
|
||||
$this->_http_status[0] == '5' ? '###' : '***'; // mark failed requests with ###, instead of ***
|
||||
$content .= sprintf(' %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
|
||||
|
||||
if ($msg_file && ($f = fopen($msg_file,'a')))
|
||||
{
|
||||
|
||||
@ -614,15 +614,9 @@ class groupdav_principals extends groupdav_handler
|
||||
{
|
||||
if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
|
||||
!($account = $this->accounts->read($id)) ||
|
||||
!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
|
||||
// do NOT allow other user, if account-selection is none
|
||||
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
|
||||
$name != $GLOBALS['egw_info']['user']['account_lid'] ||
|
||||
// only allow group-members for account-selection is groupmembers
|
||||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||
!array_intersect($this->accounts->memberships($account['account_id'],true),
|
||||
$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
|
||||
!$this->accounts->visible($name))
|
||||
{
|
||||
$this->groupdav->log(__METHOD__."('$name', ...) account '$name' NOT found OR not visible to you (check account-selection preference)!");
|
||||
return '404 Not Found';
|
||||
}
|
||||
while (substr($rest,-1) == '/') $rest = substr($rest,0,-1);
|
||||
@ -1220,7 +1214,10 @@ class groupdav_principals extends groupdav_handler
|
||||
$set = array();
|
||||
foreach($accounts as $account_id => $account_lid)
|
||||
{
|
||||
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
|
||||
if ($this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
|
||||
{
|
||||
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
|
||||
}
|
||||
}
|
||||
if ($add_proxys)
|
||||
{
|
||||
@ -1300,7 +1297,8 @@ class groupdav_principals extends groupdav_handler
|
||||
foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
|
||||
{
|
||||
if ($account_id != $account && ($rights & EGW_ACL_READ) &&
|
||||
($account_lid = $this->accounts->id2name($account_id)))
|
||||
($account_lid = $this->accounts->id2name($account_id)) &&
|
||||
$this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
|
||||
{
|
||||
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.
|
||||
($account_id < 0 ? 'groups/' : 'users/').
|
||||
|
||||
Loading…
Reference in New Issue
Block a user