holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Addressbook: storing of account-contact-data did not work for non-admins which are in groups allowed to edit accounts (defined in Addressbook configuration)

Browse Source
This commit is contained in:
Ralf Becker 2015-08-19 11:21:50 +00:00
parent 95553f514c
commit 98d874e048
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
addressbook/inc/class.addressbook_bo.inc.php
View File

@ -931,7 +931,7 @@ class addressbook_bo extends addressbook_so
}
$to_write = $contact;
// (non-admin) user editing his own account, make sure he does not change fields he is not allowed to (eg. via SyncML or xmlrpc)
if (!$ignore_acl && !$contact['owner'] && !$this->is_admin($contact))
if (!$ignore_acl && !$contact['owner'] && !($this->is_admin($contact) || $this->allow_account_edit()))
{
foreach($contact as $field => $value)
{
@ -940,7 +940,7 @@ class addressbook_bo extends addressbook_so
// user is not allowed to change that
if ($old)
{
$to_write[$field] = $old[$field];
$to_write[$field] = $contact[$field] = $old[$field];
}
else
{

17
addressbook/inc/class.addressbook_so.inc.php
View File

@ -351,9 +351,7 @@ class addressbook_so
if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= EGW_ACL_DELETE;
}
// allow certain groups to edit contact-data of accounts
if ($GLOBALS['egw_info']['server']['allow_account_edit'] &&
array_intersect($GLOBALS['egw_info']['server']['allow_account_edit'],
$GLOBALS['egw']->accounts->memberships($user, true)))
if (self::allow_account_edit($user))
{
$grants[0] |= EGW_ACL_READ|EGW_ACL_EDIT;
}
@ -379,6 +377,19 @@ class addressbook_so
return isset($GLOBALS['egw_info']['user']['apps']['admin']) && !$GLOBALS['egw']->acl->check('account_access',16,'admin');
}
/**
* Check if current user is in a group, which is allowed to edit accounts
*
* @param int $user =null default $this->user
* @return boolean
*/
function allow_account_edit($user=null)
{
return $GLOBALS['egw_info']['server']['allow_account_edit'] &&
array_intersect($GLOBALS['egw_info']['server']['allow_account_edit'],
$GLOBALS['egw']->accounts->memberships($user ? $user : $this->user, true));
}
/**
* Read all customfields of the given id's
*