diff --git a/preferences/inc/class.uiaclprefs.inc.php b/preferences/inc/class.uiaclprefs.inc.php
index f485944c31..2c71f3b5be 100644
--- a/preferences/inc/class.uiaclprefs.inc.php
+++ b/preferences/inc/class.uiaclprefs.inc.php
@@ -21,6 +21,11 @@
function uiaclprefs()
{
$GLOBALS['phpgw']->nextmatchs = CreateObject('phpgwapi.nextmatchs');
+
+ if (!is_object($GLOBALS['phpgw']->html))
+ {
+ $GLOBALS['phpgw']->html = CreateObject('phpgwapi.html');
+ }
}
function index()
@@ -28,11 +33,9 @@
$acl_app = get_var('acl_app',array('POST','GET'));
$start = get_var('start',array('POST','GET'));
$query = get_var('query',array('POST','GET'));
- $s_groups = get_var('s_groups',array('POST','GET'));
- $s_users = get_var('s_users',array('POST','GET'));
$owner = get_var('owner',array('POST','GET'));
- if (! $acl_app)
+ if (!$acl_app)
{
$acl_app = 'preferences';
$acl_app_not_passed = True;
@@ -57,39 +60,26 @@
}
}
- if ($GLOBALS['phpgw_info']['server']['deny_user_grants_access'] && !isset($GLOBALS['phpgw_info']['user']['apps']['admin']))
+ if (($GLOBALS['phpgw_info']['server']['deny_user_grants_access'] || $owner != $GLOBALS['phpgw_info']['user']['account_id'])
+ && !isset($GLOBALS['phpgw_info']['user']['apps']['admin']))
{
echo '
' . lang('Access not permitted') . '';
- $GLOBALS['phpgw']->common->phpgw_exit(True);
- }
-
- /*
- if(isset($save_my_owner) && $GLOBALS['phpgw_info']['user']['apps']['admin'])
- {
- $owner = $save_my_owner;
- unset($save_my_owner);
- }
- elseif(@isset($save_my_owner))
- {
- echo ''.lang('You do not have permission to set ACL\'s in this mode!').'';
$GLOBALS['phpgw']->common->phpgw_footer();
}
- */
if((!isset($owner) || empty($owner)) || !$GLOBALS['phpgw_info']['user']['apps']['admin'])
{
$owner = $GLOBALS['phpgw_info']['user']['account_id'];
}
-
- $acct = CreateObject('phpgwapi.accounts',$owner);
- $groups = $acct->get_list('groups');
- $users = $acct->get_list('accounts');
- $owner_name = $acct->id2name($owner); // get owner name for title
- if($is_group = $acct->get_type($owner) == 'g')
+ $owner_name = $GLOBALS['phpgw']->accounts->id2name($owner); // get owner name for title
+ if($no_privat_grants = $GLOBALS['phpgw']->accounts->get_type($owner) == 'g')
{
$owner_name = lang('Group').' ('.$owner_name.')';
}
- unset($acct);
+ else // admin setting acl-rights is handled as group-rights => no private grants !!
+ {
+ $no_privat_grants = $owner != $GLOBALS['phpgw_info']['user']['account_id'];
+ }
$this->acl = CreateObject('phpgwapi.acl',(int)$owner);
$this->acl->read_repository();
@@ -100,107 +90,54 @@
for($i=0;$iacl->delete($GLOBALS['phpgw_info']['flags']['currentapp'],$to_remove[$i]);
+ $this->acl->delete($acl_app,$to_remove[$i]);
}
/* Group records */
+ $totalacl = array();
$group_variable = $_POST['g_'.$GLOBALS['phpgw_info']['flags']['currentapp']];
- if (!$group_variable)
+ if (is_array($group_variable))
{
- $group_variable = array();
- }
- @reset($group_variable);
- $totalacl = array();
- while(list($rowinfo,$perm) = each($group_variable))
- {
- list($group_id,$rights) = split('_',$rowinfo);
- $totalacl[$group_id] += $rights;
- }
- @reset($totalacl);
- while(list($group_id,$rights) = @each($totalacl))
- {
- if($is_group)
+ foreach($group_variable as $rowinfo => $perm)
{
- /* Don't allow group-grants to grant private */
- $rights &= ~PHPGW_ACL_PRIVATE;
+ list($group_id,$rights) = explode('_',$rowinfo);
+ $totalacl[$group_id] += $rights;
+ }
+ foreach($totalacl as $group_id => $rights)
+ {
+ if($no_privat_grants)
+ {
+ /* Don't allow group-grants or admin to grant private */
+ $rights &= ~PHPGW_ACL_PRIVATE;
+ }
+ $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$group_id,$rights);
}
-
- $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$group_id,$rights);
}
/* User records */
+ $totalacl = array();
$user_variable = $_POST['u_'.$GLOBALS['phpgw_info']['flags']['currentapp']];
- if (!$user_variable)
+ if (is_array($user_variable))
{
- $user_variable = array();
- }
- @reset($user_variable);
- $totalacl = array();
- while(list($rowinfo,$perm) = each($user_variable))
- {
- list($user_id,$rights) = split('_',$rowinfo);
- $totalacl[$user_id] += $rights;
- }
- @reset($totalacl);
- while(list($user_id,$rights) = @each($totalacl))
- {
- if($is_group)
+ foreach($user_variable as $rowinfo => $perm)
{
- /* Don't allow group-grants to grant private */
- $rights &= ~ PHPGW_ACL_PRIVATE;
+ list($user_id,$rights) = split('_',$rowinfo);
+ $totalacl[$user_id] += $rights;
}
-
- $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$user_id,$rights);
- }
- $this->acl->save_repository();
- }
-
- $processed = Array();
-
- $total = 0;
-
- if(!isset($start))
- {
- $start = 0;
- }
-
- if(!$start)
- {
- $s_groups = 0;
- $s_users = 0;
- }
-
- if(!isset($s_groups))
- {
- $s_groups = 0;
- }
-
- if(!isset($s_users))
- {
- $s_users = 0;
- }
-
- if(!isset($query))
- {
- $query = "";
- }
-
- if(!isset($maxm))
- {
- $maxm = $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs'];
- }
-
- if(!isset($totalentries))
- {
- $totalentries = count($groups) + count($users);
- if($totalentries < $maxm)
- {
- $maxm = $totalentries;
+ foreach($totalacl as $user_id => $rights)
+ {
+ if($no_privat_grants)
+ {
+ /* Don't allow group-grants or admin to grant private */
+ $rights &= ~ PHPGW_ACL_PRIVATE;
+ }
+ $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$user_id,$rights);
+ }
+ $this->acl->save_repository();
}
}
-
$GLOBALS['phpgw_info']['flags']['app_header'] = lang('%1 - Preferences',$GLOBALS['phpgw_info']['apps'][$acl_app]['title']).' - '.lang('acl').': '.$owner_name;
$GLOBALS['phpgw']->common->phpgw_header();
echo parse_navbar();
@@ -219,36 +156,24 @@
$this->template->set_var('errors',lang('ACL grants have been updated'));
}
- $common_hidden_vars =
- ' '."\n"
- . ' '."\n"
- . ' '."\n"
- . ' '."\n"
- . ' '."\n"
- . ' '."\n"
- . ' '."\n"
- . ' '."\n";
-
+ $common_hidden_vars = array(
+ 'start' => $start,
+ 'query' => $query,
+ 'owner' => $owner,
+ 'acl_app' => $acl_app,
+ );
$var = Array(
'errors' => '',
'title' => '
',
'action_url' => $GLOBALS['phpgw']->link('/index.php','menuaction=preferences.uiaclprefs.index&acl_app=' . $acl_app),
'bg_color' => $GLOBALS['phpgw_info']['theme']['th_bg'],
'submit_lang' => lang('Save'),
- 'common_hidden_vars_form' => $common_hidden_vars
+ 'common_hidden_vars_form' => $GLOBALS['phpgw']->html->input_hidden($common_hidden_vars)
);
-
$this->template->set_var($var);
- if(isset($query_result) && $query_result)
- {
- $common_hidden_vars .= ''."\n";
- }
-
- $this->template->set_var('common_hidden_vars',$common_hidden_vars);
-
$vars = $this->template->get_undefined('row_colspan');
- while (list(,$var) = each($vars))
+ foreach($vars as $var)
{
if(strstr($var,'lang_'))
{
@@ -259,95 +184,50 @@
}
}
- if ((int)$s_groups <> count($groups))
+ $accounts = $GLOBALS['phpgw']->accounts->search(array(
+ 'type' => 'both',
+ 'start' => $start,
+ 'query' => $query,
+ 'order' => 'account_type,account_lid',
+ 'sort' => 'ASC',
+ ));
+ $totalentries = $GLOBALS['phpgw']->accounts->total;
+
+ $header_type = '';
+ $processed = Array();
+ foreach($accounts as $uid => $data)
{
- $this->template->set_var('string',lang('Groups'));
- $this->template->parse('row','row_colspan',True);
+ if ($uid == $owner) continue; // no need to grant to self
- reset($groups);
- for($k=0;$knextmatchs->alternate_row_color($tr_color);
- $this->display_row($tr_color,'g_',$group['account_id'],$group['account_lid'],$is_group);
- $s_groups++;
- $processed[] = $group['account_id'];
- $total++;
- if($total == $maxm)
- {
- break;
- }
- }
- }
- }
-
- if($total <> $maxm)
- {
- if($users)
- {
- $this->template->set_var('string',ucfirst(lang('Users')));
+ $this->template->set_var('string',$data['account_type'] == 'g' ? lang('Groups') : lang('Users'));
$this->template->parse('row','row_colspan',True);
- $tr_color = $GLOBALS['phpgw']->nextmatchs->alternate_row_color($tr_color);
- for($k=$s_users;$k<$totalentries || $k==count($users);$k++)
- {
- $user = $users[$k];
- //echo '
acctid: '.$user['account_id'];
- if ($user['account_id'])
- {
- $go = True;
- }
- else
- {
- $go = False;
- }
- if($query)
- {
- $name = ' '.$user['account_firstname'].' '.$user['account_lastname'].' '.$user['account_lid'].' ';
- if(!strpos($name,$query))
- {
- $go = False;
- }
- }
-
- if($go && $user['account_id'] != $owner) // Need to be $owner not $GLOBALS['phpgw_info']['user']['account_id']
- {
- // or the admin can't get special grants from a group
- $tr_color = $GLOBALS['phpgw']->nextmatchs->alternate_row_color($tr_color);
- $this->display_row($tr_color,'u_',$user['account_id'],$GLOBALS['phpgw']->common->display_fullname($user['account_lid'],$user['account_firstname'],$user['account_lastname']),$is_group);
- $s_users++;
- $processed[] = $user['account_id'];
- $total++;
- if($total == $maxm)
- {
- break;
- }
- }
- }
+ $header_type = $data['account_type'];
}
+ $tr_color = $GLOBALS['phpgw']->nextmatchs->alternate_row_color($tr_color);
+
+ if ($data['account_type'] == 'g')
+ {
+ $this->display_row($tr_color,'g_',$data['account_id'],$data['account_lid'],$no_privat_grants);
+ }
+ else
+ {
+ $this->display_row($tr_color,'u_',$data['account_id'],$GLOBALS['phpgw']->common->display_fullname($data['account_lid'],$data['account_firstname'],$data['account_lastname']),$no_privat_grants);
+ }
+ $processed[] = $uid;
}
- $extra_parms = 'menuaction=preferences.uiaclprefs.index'
- . '&acl_app=' . $acl_app
- . '&s_users='.$s_users.'&s_groups='.$s_groups
- . '&maxm=' . $maxm . '&totalentries=' . $totalentries
- . '&total=' . ($start + $total) . '&owner='.$owner;
+ $extra_parms = array(
+ 'menuaction' => 'preferences.uiaclprefs.index',
+ 'acl_app' => $acl_app,
+ 'owner' => $owner,
+ );
$var = Array(
'nml' => $GLOBALS['phpgw']->nextmatchs->left('/index.php',$start,$totalentries,$extra_parms),
'nmr' => $GLOBALS['phpgw']->nextmatchs->right('/index.php',$start,$totalentries,$extra_parms),
- 'search_value' => (isset($query) && $query?$query:''),
+ 'search_value' => isset($query) && $query ? $GLOBALS['phpgw']->html->htmlspecialchars($query) : '',
'search' => lang('search'),
'processed' => urlencode(serialize($processed))
);
@@ -357,44 +237,46 @@
$this->template->pfp('out','preferences');
}
- function check_acl($label,$id,$acl,$rights,$right,$is_group=False)
+ function check_acl($label,$id,$acl,$rights,$right,$disabled=False)
{
$this->template->set_var($acl,$label.$GLOBALS['phpgw_info']['flags']['currentapp'].'['.$id.'_'.$right.']');
- $rights_set = (($rights & $right)?' checked':'');
- if ($is_group)
+ $rights_set = ($rights & $right) ? ' checked="1"' : '';
+ if ($disabled)
{
// This is so you can't select it in the GUI
- $rights_set .= ' disabled';
+ $rights_set .= ' disabled="1"';
}
$this->template->set_var($acl.'_selected',$rights_set);
}
- function display_row($bg_color,$label,$id,$name,$is_group)
+ function display_row($bg_color,$label,$id,$name,$no_privat_grants)
{
$this->template->set_var('row_color',$bg_color);
$this->template->set_var('user',$name);
$rights = $this->acl->get_rights($id,$GLOBALS['phpgw_info']['flags']['currentapp']);
- // vv This is new
+
$grantors = $this->acl->get_ids_for_location($id,$rights,$GLOBALS['phpgw_info']['flags']['currentapp']);
$is_group_set = False;
- while(@$grantors && list($key,$grantor) = each($grantors))
+ if (is_array($grantors))
{
- if($GLOBALS['phpgw']->accounts->get_type($grantor) == 'g')
+ foreach($grantors as $grantor)
{
- $is_group_set = True;
+ if($GLOBALS['phpgw']->accounts->get_type($grantor) == 'g')
+ {
+ $is_group_set = True;
+ }
}
}
- // ^^ This is new
- $this->check_acl($label,$id,'read',$rights,PHPGW_ACL_READ,($is_group_set && ($rights & PHPGW_ACL_READ) && !$is_group?$is_group_set:False));
- $this->check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD,($is_group_set && ($rights & PHPGW_ACL_ADD && !$is_group)?$is_group_set:False));
- $this->check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT,($is_group_set && ($rights & PHPGW_ACL_EDIT && !$is_group)?$is_group_set:False));
- $this->check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE,($is_group_set && ($rights & PHPGW_ACL_DELETE && !$is_group)?$is_group_set:False));
- $this->check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE,$is_group);
+ $this->check_acl($label,$id,'read',$rights,PHPGW_ACL_READ,$is_group_set && $rights & PHPGW_ACL_READ);
+ $this->check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD,$is_group_set && $rights & PHPGW_ACL_ADD);
+ $this->check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT,$is_group_set && $rights & PHPGW_ACL_EDIT);
+ $this->check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE,$is_group_set && $rights & PHPGW_ACL_DELETE);
+ $this->check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE,$no_privat_grants);
- $this->check_acl($label,$id,'custom_1',$rights,PHPGW_ACL_CUSTOM_1,($is_group_set && ($rights & PHPGW_ACL_CUSTOM_1) && !$is_group?$is_group_set:False));
- $this->check_acl($label,$id,'custom_2',$rights,PHPGW_ACL_CUSTOM_2,($is_group_set && ($rights & PHPGW_ACL_CUSTOM_2) && !$is_group?$is_group_set:False));
- $this->check_acl($label,$id,'custom_3',$rights,PHPGW_ACL_CUSTOM_3,($is_group_set && ($rights & PHPGW_ACL_CUSTOM_3) && !$is_group?$is_group_set:False));
+ $this->check_acl($label,$id,'custom_1',$rights,PHPGW_ACL_CUSTOM_1,$is_group_set && $rights & PHPGW_ACL_CUSTOM_1);
+ $this->check_acl($label,$id,'custom_2',$rights,PHPGW_ACL_CUSTOM_2,$is_group_set && $rights & PHPGW_ACL_CUSTOM_2);
+ $this->check_acl($label,$id,'custom_3',$rights,PHPGW_ACL_CUSTOM_3,$is_group_set && $rights & PHPGW_ACL_CUSTOM_3);
$this->template->parse('row','acl_row',True);
}
}