forked from extern/egroupware
forgot required changes in acl class, to read grants of a different user
This commit is contained in:
parent
04be4c57fe
commit
7b83209e7c
@ -669,58 +669,65 @@ class acl
|
|||||||
* @param string $app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']
|
* @param string $app optional defaults to $GLOBALS['egw_info']['flags']['currentapp']
|
||||||
* @param boolean/array $enum_group_acls=true should group acls be returned for all members of that group, default yes
|
* @param boolean/array $enum_group_acls=true should group acls be returned for all members of that group, default yes
|
||||||
* if an array of group-id's is given, that id's will NOT be enumerated!
|
* if an array of group-id's is given, that id's will NOT be enumerated!
|
||||||
|
* @param int $user=null user whos grants to return, default current user
|
||||||
* @return array with account-ids (of owners) and granted rights as values
|
* @return array with account-ids (of owners) and granted rights as values
|
||||||
*/
|
*/
|
||||||
function get_grants($app='',$enum_group_acls=true)
|
function get_grants($app='',$enum_group_acls=true,$user=null)
|
||||||
{
|
{
|
||||||
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
|
if (!$app) $app = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||||
|
if (!$user) $user = $this->account_id;
|
||||||
|
|
||||||
$memberships = array($this->account_id);
|
static $cache = array(); // some caching withing the request
|
||||||
foreach((array)$GLOBALS['egw']->accounts->membership($this->account_id) as $group)
|
|
||||||
{
|
|
||||||
$memberships[] = $group['account_id'];
|
|
||||||
}
|
|
||||||
$grants = $accounts = Array();
|
|
||||||
foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights','acl_location'),array(
|
|
||||||
'acl_appname' => $app,
|
|
||||||
'acl_location' => $memberships,
|
|
||||||
),__LINE__,__FILE__) as $row)
|
|
||||||
{
|
|
||||||
$grantor = $row['acl_account'];
|
|
||||||
$rights = $row['acl_rights'];
|
|
||||||
$granted_to = (int) $row['acl_location'];
|
|
||||||
|
|
||||||
if(!isset($grants[$grantor]))
|
$grants =& $cache[$app][$user];
|
||||||
|
if (!isset($grants))
|
||||||
|
{
|
||||||
|
$memberships = array($user);
|
||||||
|
foreach((array)$GLOBALS['egw']->accounts->membership($user) as $group)
|
||||||
{
|
{
|
||||||
$grants[$grantor] = 0;
|
$memberships[] = $group['account_id'];
|
||||||
}
|
}
|
||||||
$grants[$grantor] |= $rights;
|
$grants = $accounts = Array();
|
||||||
|
foreach($this->db->select(acl::TABLE,array('acl_account','acl_rights','acl_location'),array(
|
||||||
// if the right is granted from a group and we enummerated group ACL's
|
'acl_appname' => $app,
|
||||||
if ($GLOBALS['egw']->accounts->get_type($grantor) == 'g' && $enum_group_acls &&
|
'acl_location' => $memberships,
|
||||||
(!is_array($enum_group_acls) || !in_array($grantor,$enum_group_acls)))
|
),__LINE__,__FILE__) as $row)
|
||||||
{
|
{
|
||||||
// return the grant for each member of the group
|
$grantor = $row['acl_account'];
|
||||||
foreach((array)$GLOBALS['egw']->accounts->member($grantor) as $member)
|
$rights = $row['acl_rights'];
|
||||||
|
$granted_to = (int) $row['acl_location'];
|
||||||
|
|
||||||
|
if(!isset($grants[$grantor]))
|
||||||
{
|
{
|
||||||
if (!$member) continue; // can happen if group has no members
|
$grants[$grantor] = 0;
|
||||||
|
}
|
||||||
|
$grants[$grantor] |= $rights;
|
||||||
|
|
||||||
// Don't allow to override private with group ACL's!
|
// if the right is granted from a group and we enummerated group ACL's
|
||||||
$rights &= ~EGW_ACL_PRIVATE;
|
if ($GLOBALS['egw']->accounts->get_type($grantor) == 'g' && $enum_group_acls &&
|
||||||
|
(!is_array($enum_group_acls) || !in_array($grantor,$enum_group_acls)))
|
||||||
$grantor = $member['account_id'];
|
{
|
||||||
|
// return the grant for each member of the group
|
||||||
if(!isset($grants[$grantor]))
|
foreach((array)$GLOBALS['egw']->accounts->member($grantor) as $member)
|
||||||
{
|
{
|
||||||
$grants[$grantor] = 0;
|
if (!$member) continue; // can happen if group has no members
|
||||||
|
|
||||||
|
// Don't allow to override private with group ACL's!
|
||||||
|
$rights &= ~EGW_ACL_PRIVATE;
|
||||||
|
|
||||||
|
$grantor = $member['account_id'];
|
||||||
|
|
||||||
|
if(!isset($grants[$grantor]))
|
||||||
|
{
|
||||||
|
$grants[$grantor] = 0;
|
||||||
|
}
|
||||||
|
$grants[$grantor] |= $rights;
|
||||||
}
|
}
|
||||||
$grants[$grantor] |= $rights;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// user has implizit all rights on own data
|
||||||
|
$grants[$user] = ~0;
|
||||||
}
|
}
|
||||||
// user has implizit all rights on own data
|
|
||||||
$grants[$GLOBALS['egw_info']['user']['account_id']] = ~0;
|
|
||||||
|
|
||||||
//echo "acl::get_grants('$app',$enum_group_acls) ".function_backtrace(); _debug_array($grants);
|
//echo "acl::get_grants('$app',$enum_group_acls) ".function_backtrace(); _debug_array($grants);
|
||||||
return $grants;
|
return $grants;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user