Add acl to delete and fix bad refs to account_id

addressbook/delete.php

@@ -30,26 +30,31 @@
 	$t = new Template($phpgw->common->get_tpl_dir("addressbook"));
 	$t->set_file(array("delete" => "delete.tpl"));
 
+	$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
+	if ( ($rights & PHPGW_ACL_DELETE) || ($owner == $phpgw_info["user"]["account_id"]) ) {
+		if ($confirm != "true") {
+			$fields = $this->read($ab_id, array("owner" => $owner));
 
-	if ($confirm != "true") {
-		$fields = $this->read($ab_id, array("owner" => $owner));
+			if ($fields["owner"] != $phpgw_info["user"]["account_id"]) {
+				@Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/addressbook/"));
+			}
 
-		if ($fielfs["owner"] != $phpgw_info["user"]["account_id"]) {
-			@Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] . "/addressbook/"));
-		}
+			$t->set_var(lang_sure,lang("Are you sure you want to delete this entry ?"));
+			$t->set_var(no_link,$phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
+			$t->set_var(lang_no,lang("NO"));
+			$t->set_var(yes_link,$phpgw->link("delete.php","ab_id=$ab_id&confirm=true&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
+			$t->set_var(lang_yes,lang("YES"));
+			$t->pparse("out","delete");
 
-		$t->set_var(lang_sure,lang("Are you sure you want to delete this entry ?"));
-		$t->set_var(no_link,$phpgw->link("view.php","&ab_id=$ab_id&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
-		$t->set_var(lang_no,lang("NO"));
-		$t->set_var(yes_link,$phpgw->link("delete.php","ab_id=$ab_id&confirm=true&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
-		$t->set_var(lang_yes,lang("YES"));
-		$t->pparse("out","delete");
-
-		$phpgw->common->phpgw_footer(); 
-	} else {
+			$phpgw->common->phpgw_footer(); 
+		} else {
 			$this->account_id=$phpgw_info["user"]["account_id"];
 			$this->delete($ab_id);
-
-			@Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
+			$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
+		}
+	} else {
+		$phpgw->redirect($phpgw->session->link($phpgw_info["server"]["webserver_url"]. "/addressbook/","cd=16&order=$order&sort=$sort&filter=$filter&start=$start&query=$query"));
+		$phpgw->common->phpgw_exit();
 	}
+
 ?>

addressbook/edit.php

@@ -48,7 +48,7 @@
 	} else {
 		//verify edit capabilities
 		$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
-		if ( ($rights & PHPGW_ACL_EDIT) || ($owner == $account_id) ) {
+		if ( ($rights & PHPGW_ACL_EDIT) || ($owner == $phpgw_info["user"]["account_id"]) ) {
 			if ($url == "http://") {
 				$url = "";
 			}

addressbook/index.php

@@ -109,7 +109,7 @@
 	// Show the entries
 	for ($i=0;$i<count($entries);$i++) { // each entry
 		$rights = $phpgw->acl->get_rights('u_'.$entries[$i]["owner"],$phpgw_info["flags"]["currentapp"]);
-		if ( ($rights & PHPGW_ACL_READ) || ($entries[$i]["owner"] == $account_id) ) {
+		if ( ($rights & PHPGW_ACL_READ) || ($entries[$i]["owner"] == $phpgw_info["user"]["account_id"]) ) {
 		//if ( ($entries[$i]["access"] == $filter) ||
 		//	($entries[$i]["access"] == "," . $filter . ",") ||
 		//	($filter == "") || ($filter == "none")) {

addressbook/view.php

@@ -54,7 +54,7 @@
 	$owner  = $fields[0]["owner"];
 
 	$rights = $phpgw->acl->get_rights('u_'.$owner,$phpgw_info["flags"]["currentapp"]);
-	if ( ($rights & PHPGW_ACL_READ) || ($owner == $account_id) ) {
+	if ( ($rights & PHPGW_ACL_READ) || ($owner == $phpgw_info["user"]["account_id"]) ) {
 
 		$view_header  = "<p>&nbsp;<b>" . lang("Address book - view") . "</b><hr><p>";
 		$view_header .= '<table border="0" cellspacing="2" cellpadding="2" width="80%" align="center">';