diff --git a/preferences/inc/class.uiaclprefs.inc.php b/preferences/inc/class.uiaclprefs.inc.php index f485944c31..2c71f3b5be 100644 --- a/preferences/inc/class.uiaclprefs.inc.php +++ b/preferences/inc/class.uiaclprefs.inc.php @@ -21,6 +21,11 @@ function uiaclprefs() { $GLOBALS['phpgw']->nextmatchs = CreateObject('phpgwapi.nextmatchs'); + + if (!is_object($GLOBALS['phpgw']->html)) + { + $GLOBALS['phpgw']->html = CreateObject('phpgwapi.html'); + } } function index() @@ -28,11 +33,9 @@ $acl_app = get_var('acl_app',array('POST','GET')); $start = get_var('start',array('POST','GET')); $query = get_var('query',array('POST','GET')); - $s_groups = get_var('s_groups',array('POST','GET')); - $s_users = get_var('s_users',array('POST','GET')); $owner = get_var('owner',array('POST','GET')); - if (! $acl_app) + if (!$acl_app) { $acl_app = 'preferences'; $acl_app_not_passed = True; @@ -57,39 +60,26 @@ } } - if ($GLOBALS['phpgw_info']['server']['deny_user_grants_access'] && !isset($GLOBALS['phpgw_info']['user']['apps']['admin'])) + if (($GLOBALS['phpgw_info']['server']['deny_user_grants_access'] || $owner != $GLOBALS['phpgw_info']['user']['account_id']) + && !isset($GLOBALS['phpgw_info']['user']['apps']['admin'])) { echo '
' . lang('Access not permitted') . '
'; - $GLOBALS['phpgw']->common->phpgw_exit(True); - } - - /* - if(isset($save_my_owner) && $GLOBALS['phpgw_info']['user']['apps']['admin']) - { - $owner = $save_my_owner; - unset($save_my_owner); - } - elseif(@isset($save_my_owner)) - { - echo '
'.lang('You do not have permission to set ACL\'s in this mode!').'
'; $GLOBALS['phpgw']->common->phpgw_footer(); } - */ if((!isset($owner) || empty($owner)) || !$GLOBALS['phpgw_info']['user']['apps']['admin']) { $owner = $GLOBALS['phpgw_info']['user']['account_id']; } - - $acct = CreateObject('phpgwapi.accounts',$owner); - $groups = $acct->get_list('groups'); - $users = $acct->get_list('accounts'); - $owner_name = $acct->id2name($owner); // get owner name for title - if($is_group = $acct->get_type($owner) == 'g') + $owner_name = $GLOBALS['phpgw']->accounts->id2name($owner); // get owner name for title + if($no_privat_grants = $GLOBALS['phpgw']->accounts->get_type($owner) == 'g') { $owner_name = lang('Group').' ('.$owner_name.')'; } - unset($acct); + else // admin setting acl-rights is handled as group-rights => no private grants !! + { + $no_privat_grants = $owner != $GLOBALS['phpgw_info']['user']['account_id']; + } $this->acl = CreateObject('phpgwapi.acl',(int)$owner); $this->acl->read_repository(); @@ -100,107 +90,54 @@ for($i=0;$iacl->delete($GLOBALS['phpgw_info']['flags']['currentapp'],$to_remove[$i]); + $this->acl->delete($acl_app,$to_remove[$i]); } /* Group records */ + $totalacl = array(); $group_variable = $_POST['g_'.$GLOBALS['phpgw_info']['flags']['currentapp']]; - if (!$group_variable) + if (is_array($group_variable)) { - $group_variable = array(); - } - @reset($group_variable); - $totalacl = array(); - while(list($rowinfo,$perm) = each($group_variable)) - { - list($group_id,$rights) = split('_',$rowinfo); - $totalacl[$group_id] += $rights; - } - @reset($totalacl); - while(list($group_id,$rights) = @each($totalacl)) - { - if($is_group) + foreach($group_variable as $rowinfo => $perm) { - /* Don't allow group-grants to grant private */ - $rights &= ~PHPGW_ACL_PRIVATE; + list($group_id,$rights) = explode('_',$rowinfo); + $totalacl[$group_id] += $rights; + } + foreach($totalacl as $group_id => $rights) + { + if($no_privat_grants) + { + /* Don't allow group-grants or admin to grant private */ + $rights &= ~PHPGW_ACL_PRIVATE; + } + $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$group_id,$rights); } - - $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$group_id,$rights); } /* User records */ + $totalacl = array(); $user_variable = $_POST['u_'.$GLOBALS['phpgw_info']['flags']['currentapp']]; - if (!$user_variable) + if (is_array($user_variable)) { - $user_variable = array(); - } - @reset($user_variable); - $totalacl = array(); - while(list($rowinfo,$perm) = each($user_variable)) - { - list($user_id,$rights) = split('_',$rowinfo); - $totalacl[$user_id] += $rights; - } - @reset($totalacl); - while(list($user_id,$rights) = @each($totalacl)) - { - if($is_group) + foreach($user_variable as $rowinfo => $perm) { - /* Don't allow group-grants to grant private */ - $rights &= ~ PHPGW_ACL_PRIVATE; + list($user_id,$rights) = split('_',$rowinfo); + $totalacl[$user_id] += $rights; } - - $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$user_id,$rights); - } - $this->acl->save_repository(); - } - - $processed = Array(); - - $total = 0; - - if(!isset($start)) - { - $start = 0; - } - - if(!$start) - { - $s_groups = 0; - $s_users = 0; - } - - if(!isset($s_groups)) - { - $s_groups = 0; - } - - if(!isset($s_users)) - { - $s_users = 0; - } - - if(!isset($query)) - { - $query = ""; - } - - if(!isset($maxm)) - { - $maxm = $GLOBALS['phpgw_info']['user']['preferences']['common']['maxmatchs']; - } - - if(!isset($totalentries)) - { - $totalentries = count($groups) + count($users); - if($totalentries < $maxm) - { - $maxm = $totalentries; + foreach($totalacl as $user_id => $rights) + { + if($no_privat_grants) + { + /* Don't allow group-grants or admin to grant private */ + $rights &= ~ PHPGW_ACL_PRIVATE; + } + $this->acl->add($GLOBALS['phpgw_info']['flags']['currentapp'],$user_id,$rights); + } + $this->acl->save_repository(); } } - $GLOBALS['phpgw_info']['flags']['app_header'] = lang('%1 - Preferences',$GLOBALS['phpgw_info']['apps'][$acl_app]['title']).' - '.lang('acl').': '.$owner_name; $GLOBALS['phpgw']->common->phpgw_header(); echo parse_navbar(); @@ -219,36 +156,24 @@ $this->template->set_var('errors',lang('ACL grants have been updated')); } - $common_hidden_vars = - ' '."\n" - . ' '."\n" - . ' '."\n" - . ' '."\n" - . ' '."\n" - . ' '."\n" - . ' '."\n" - . ' '."\n"; - + $common_hidden_vars = array( + 'start' => $start, + 'query' => $query, + 'owner' => $owner, + 'acl_app' => $acl_app, + ); $var = Array( 'errors' => '', 'title' => '
', 'action_url' => $GLOBALS['phpgw']->link('/index.php','menuaction=preferences.uiaclprefs.index&acl_app=' . $acl_app), 'bg_color' => $GLOBALS['phpgw_info']['theme']['th_bg'], 'submit_lang' => lang('Save'), - 'common_hidden_vars_form' => $common_hidden_vars + 'common_hidden_vars_form' => $GLOBALS['phpgw']->html->input_hidden($common_hidden_vars) ); - $this->template->set_var($var); - if(isset($query_result) && $query_result) - { - $common_hidden_vars .= ''."\n"; - } - - $this->template->set_var('common_hidden_vars',$common_hidden_vars); - $vars = $this->template->get_undefined('row_colspan'); - while (list(,$var) = each($vars)) + foreach($vars as $var) { if(strstr($var,'lang_')) { @@ -259,95 +184,50 @@ } } - if ((int)$s_groups <> count($groups)) + $accounts = $GLOBALS['phpgw']->accounts->search(array( + 'type' => 'both', + 'start' => $start, + 'query' => $query, + 'order' => 'account_type,account_lid', + 'sort' => 'ASC', + )); + $totalentries = $GLOBALS['phpgw']->accounts->total; + + $header_type = ''; + $processed = Array(); + foreach($accounts as $uid => $data) { - $this->template->set_var('string',lang('Groups')); - $this->template->parse('row','row_colspan',True); + if ($uid == $owner) continue; // no need to grant to self - reset($groups); - for($k=0;$knextmatchs->alternate_row_color($tr_color); - $this->display_row($tr_color,'g_',$group['account_id'],$group['account_lid'],$is_group); - $s_groups++; - $processed[] = $group['account_id']; - $total++; - if($total == $maxm) - { - break; - } - } - } - } - - if($total <> $maxm) - { - if($users) - { - $this->template->set_var('string',ucfirst(lang('Users'))); + $this->template->set_var('string',$data['account_type'] == 'g' ? lang('Groups') : lang('Users')); $this->template->parse('row','row_colspan',True); - $tr_color = $GLOBALS['phpgw']->nextmatchs->alternate_row_color($tr_color); - for($k=$s_users;$k<$totalentries || $k==count($users);$k++) - { - $user = $users[$k]; - //echo '
acctid: '.$user['account_id']; - if ($user['account_id']) - { - $go = True; - } - else - { - $go = False; - } - if($query) - { - $name = ' '.$user['account_firstname'].' '.$user['account_lastname'].' '.$user['account_lid'].' '; - if(!strpos($name,$query)) - { - $go = False; - } - } - - if($go && $user['account_id'] != $owner) // Need to be $owner not $GLOBALS['phpgw_info']['user']['account_id'] - { - // or the admin can't get special grants from a group - $tr_color = $GLOBALS['phpgw']->nextmatchs->alternate_row_color($tr_color); - $this->display_row($tr_color,'u_',$user['account_id'],$GLOBALS['phpgw']->common->display_fullname($user['account_lid'],$user['account_firstname'],$user['account_lastname']),$is_group); - $s_users++; - $processed[] = $user['account_id']; - $total++; - if($total == $maxm) - { - break; - } - } - } + $header_type = $data['account_type']; } + $tr_color = $GLOBALS['phpgw']->nextmatchs->alternate_row_color($tr_color); + + if ($data['account_type'] == 'g') + { + $this->display_row($tr_color,'g_',$data['account_id'],$data['account_lid'],$no_privat_grants); + } + else + { + $this->display_row($tr_color,'u_',$data['account_id'],$GLOBALS['phpgw']->common->display_fullname($data['account_lid'],$data['account_firstname'],$data['account_lastname']),$no_privat_grants); + } + $processed[] = $uid; } - $extra_parms = 'menuaction=preferences.uiaclprefs.index' - . '&acl_app=' . $acl_app - . '&s_users='.$s_users.'&s_groups='.$s_groups - . '&maxm=' . $maxm . '&totalentries=' . $totalentries - . '&total=' . ($start + $total) . '&owner='.$owner; + $extra_parms = array( + 'menuaction' => 'preferences.uiaclprefs.index', + 'acl_app' => $acl_app, + 'owner' => $owner, + ); $var = Array( 'nml' => $GLOBALS['phpgw']->nextmatchs->left('/index.php',$start,$totalentries,$extra_parms), 'nmr' => $GLOBALS['phpgw']->nextmatchs->right('/index.php',$start,$totalentries,$extra_parms), - 'search_value' => (isset($query) && $query?$query:''), + 'search_value' => isset($query) && $query ? $GLOBALS['phpgw']->html->htmlspecialchars($query) : '', 'search' => lang('search'), 'processed' => urlencode(serialize($processed)) ); @@ -357,44 +237,46 @@ $this->template->pfp('out','preferences'); } - function check_acl($label,$id,$acl,$rights,$right,$is_group=False) + function check_acl($label,$id,$acl,$rights,$right,$disabled=False) { $this->template->set_var($acl,$label.$GLOBALS['phpgw_info']['flags']['currentapp'].'['.$id.'_'.$right.']'); - $rights_set = (($rights & $right)?' checked':''); - if ($is_group) + $rights_set = ($rights & $right) ? ' checked="1"' : ''; + if ($disabled) { // This is so you can't select it in the GUI - $rights_set .= ' disabled'; + $rights_set .= ' disabled="1"'; } $this->template->set_var($acl.'_selected',$rights_set); } - function display_row($bg_color,$label,$id,$name,$is_group) + function display_row($bg_color,$label,$id,$name,$no_privat_grants) { $this->template->set_var('row_color',$bg_color); $this->template->set_var('user',$name); $rights = $this->acl->get_rights($id,$GLOBALS['phpgw_info']['flags']['currentapp']); - // vv This is new + $grantors = $this->acl->get_ids_for_location($id,$rights,$GLOBALS['phpgw_info']['flags']['currentapp']); $is_group_set = False; - while(@$grantors && list($key,$grantor) = each($grantors)) + if (is_array($grantors)) { - if($GLOBALS['phpgw']->accounts->get_type($grantor) == 'g') + foreach($grantors as $grantor) { - $is_group_set = True; + if($GLOBALS['phpgw']->accounts->get_type($grantor) == 'g') + { + $is_group_set = True; + } } } - // ^^ This is new - $this->check_acl($label,$id,'read',$rights,PHPGW_ACL_READ,($is_group_set && ($rights & PHPGW_ACL_READ) && !$is_group?$is_group_set:False)); - $this->check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD,($is_group_set && ($rights & PHPGW_ACL_ADD && !$is_group)?$is_group_set:False)); - $this->check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT,($is_group_set && ($rights & PHPGW_ACL_EDIT && !$is_group)?$is_group_set:False)); - $this->check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE,($is_group_set && ($rights & PHPGW_ACL_DELETE && !$is_group)?$is_group_set:False)); - $this->check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE,$is_group); + $this->check_acl($label,$id,'read',$rights,PHPGW_ACL_READ,$is_group_set && $rights & PHPGW_ACL_READ); + $this->check_acl($label,$id,'add',$rights,PHPGW_ACL_ADD,$is_group_set && $rights & PHPGW_ACL_ADD); + $this->check_acl($label,$id,'edit',$rights,PHPGW_ACL_EDIT,$is_group_set && $rights & PHPGW_ACL_EDIT); + $this->check_acl($label,$id,'delete',$rights,PHPGW_ACL_DELETE,$is_group_set && $rights & PHPGW_ACL_DELETE); + $this->check_acl($label,$id,'private',$rights,PHPGW_ACL_PRIVATE,$no_privat_grants); - $this->check_acl($label,$id,'custom_1',$rights,PHPGW_ACL_CUSTOM_1,($is_group_set && ($rights & PHPGW_ACL_CUSTOM_1) && !$is_group?$is_group_set:False)); - $this->check_acl($label,$id,'custom_2',$rights,PHPGW_ACL_CUSTOM_2,($is_group_set && ($rights & PHPGW_ACL_CUSTOM_2) && !$is_group?$is_group_set:False)); - $this->check_acl($label,$id,'custom_3',$rights,PHPGW_ACL_CUSTOM_3,($is_group_set && ($rights & PHPGW_ACL_CUSTOM_3) && !$is_group?$is_group_set:False)); + $this->check_acl($label,$id,'custom_1',$rights,PHPGW_ACL_CUSTOM_1,$is_group_set && $rights & PHPGW_ACL_CUSTOM_1); + $this->check_acl($label,$id,'custom_2',$rights,PHPGW_ACL_CUSTOM_2,$is_group_set && $rights & PHPGW_ACL_CUSTOM_2); + $this->check_acl($label,$id,'custom_3',$rights,PHPGW_ACL_CUSTOM_3,$is_group_set && $rights & PHPGW_ACL_CUSTOM_3); $this->template->parse('row','acl_row',True); } }