holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add acl check to view, and reinsert access field display

Browse Source
This commit is contained in:
Miles Lott 2001-03-24 14:55:33 +00:00
parent 72b4870a4c
commit ab0c85c467
1 changed files with 38 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
addressbook/view.php
View File

@ -12,29 +12,37 @@
/* $Id$ */ /* $Id$ */
if ($submit || ! $ab_id) {
$phpgw_info["flags"] = array(
"noheader" => True,
"nonavbar" => True
);
}
$phpgw_info["flags"] = array( $phpgw_info["flags"] = array(
"noheader" => True,
"nonavbar" => True,
"currentapp" => "addressbook", "currentapp" => "addressbook",
"enable_contacts_class" => True, "enable_contacts_class" => True,
"enable_nextmatchs_class" => True); "enable_nextmatchs_class" => True
);
include("../header.inc.php"); include("../header.inc.php");
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
$t->set_file(array( "view" => "view.tpl"));
$this = CreateObject("phpgwapi.contacts"); $this = CreateObject("phpgwapi.contacts");
if (! $ab_id) { // First, make sure they have permission to this entry
Header("Location: " . $phpgw->link("/addressbook/index.php")); $check = addressbook_read_entry($ab_id,array('owner' => 'owner'));
if (! $this->check_perms($this->grants[$check[0]['owner']],PHPGW_ACL_PRIVATE) && $check[0]['owner'] != $phpgw_info['user']['account_id'])
{
Header("Location: " . $phpgw->link('/addressbook/index.php',"cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
$phpgw->common->phpgw_exit();
} }
if (!$ab_id) {
Header("Location: " . $phpgw->link("/addressbook/index.php"));
} elseif (!$submit && $ab_id) {
$phpgw->common->phpgw_header();
echo parse_navbar();
}
$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
$t->set_file(array( "view" => "view.tpl"));
while ($column = each($this->stock_contact_fields)) { while ($column = each($this->stock_contact_fields)) {
if (isset($phpgw_info["user"]["preferences"]["addressbook"][$column[0]]) && if (isset($phpgw_info["user"]["preferences"]["addressbook"][$column[0]]) &&
$phpgw_info["user"]["preferences"]["addressbook"][$column[0]]) { $phpgw_info["user"]["preferences"]["addressbook"][$column[0]]) {
@ -46,9 +54,13 @@
// No prefs? // No prefs?
if (!$columns_to_display ) { if (!$columns_to_display ) {
$columns_to_display = array( $columns_to_display = array(
"n_given" => "n_given", "n_given" => "n_given",
"n_family" => "n_family", "n_family" => "n_family",
"org_name" => "org_name" "org_name" => "org_name",
"tel_work" => "tel_work",
"tel_home" => "tel_home",
"email" => "email",
"email_home" => "email_home"
); );
while ($column = each($columns_to_display)) { while ($column = each($columns_to_display)) {
$colname[$column[0]] = $column[1]; $colname[$column[0]] = $column[1];
@ -68,6 +80,12 @@
$record_owner = $fields[0]["owner"]; $record_owner = $fields[0]["owner"];
if ($fields[0]["access"] == 'private') {
$access_check = lang('private');
} else {
$access_check = lang('public');
}
$view_header = "<p>&nbsp;<b>" . lang("Address book - view") . $noprefs . "</b><hr><p>"; $view_header = "<p>&nbsp;<b>" . lang("Address book - view") . $noprefs . "</b><hr><p>";
$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">'; $view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';
@ -95,8 +113,10 @@
$columns_html .= '<tr><td colspan="4">&nbsp;</td></tr>' $columns_html .= '<tr><td colspan="4">&nbsp;</td></tr>'
. '<tr><td><b>' . lang("Record owner") . '</b></td><td>' . '<tr><td><b>' . lang("Record owner") . '</b></td><td>'
. $phpgw->common->grab_owner_name($record_owner) . '</td><td><b>' . $phpgw->common->grab_owner_name($record_owner) . '</td></tr>'
. $access_link . '</b></td><td></table>'; . '<tr><td><b>' . lang("Record access") . '</b></td><td>'
. $access_check . '</b></td></tr>'
. '</td></td></table>';
$sfields = rawurlencode(serialize($fields[0])); $sfields = rawurlencode(serialize($fields[0]));