forked from extern/egroupware
* read access to groupmembers for account-selection "groupmembers" (only for account_repository sql!)
fixes not shown users in "grant access" for non-admin users
This commit is contained in:
Ralf Becker
parent
a272e11330
commit
de9689e928
@ -316,7 +316,10 @@ class addressbook_bo extends addressbook_so
|
||||
asort($to_sort);
|
||||
$addressbooks += $to_sort;
|
||||
}
|
||||
if (($this->grants[0] & $required) == $required && !$GLOBALS['egw_info']['user']['preferences']['addressbook']['hide_accounts'])
|
||||
if (!$GLOBALS['egw_info']['user']['preferences']['addressbook']['hide_accounts'] && (
|
||||
($this->grants[0] & $required) == $required ||
|
||||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||
$this->account_repository != 'ldap' && ($required & EGW_ACL_READ)))
|
||||
{
|
||||
$addressbooks[0] = lang('Accounts');
|
||||
}
|
||||
@ -338,7 +341,7 @@ class addressbook_bo extends addressbook_so
|
||||
{
|
||||
$addressbooks[$this->user.'p'] = lang('Private');
|
||||
}
|
||||
//_debug_array($addressbooks);
|
||||
//echo "<p>".__METHOD__."($required,'$extra_label')"; _debug_array($addressbooks);
|
||||
return $addressbooks;
|
||||
}
|
||||
|
||||
@ -1001,6 +1004,13 @@ class addressbook_bo extends addressbook_so
|
||||
{
|
||||
return false;
|
||||
}
|
||||
// for reading accounts (owner == 0) and account_selection == groupmembers, check if current user and contact are groupmembers
|
||||
if ($owner == 0 && $needed == EGW_ACL_READ &&
|
||||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers')
|
||||
{
|
||||
return !!array_intersect($GLOBALS['egw']->accounts->memberships($this->user,true),
|
||||
$GLOBALS['egw']->accounts->memberships($contact['account_id'],true));
|
||||
}
|
||||
return ($this->grants[$owner] & $needed) &&
|
||||
(!$contact['private'] || ($this->grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$this->memberships));
|
||||
}
|
||||
|
||||
@ -273,13 +273,34 @@ class addressbook_sql extends so_sql_cf
|
||||
// add filter for read ACL in sql, if user is NOT the owner of the addressbook
|
||||
if (isset($this->grants) && !(isset($filter['owner']) && $filter['owner'] == $GLOBALS['egw_info']['user']['account_id']))
|
||||
{
|
||||
// add read ACL for groupmembers (they have no
|
||||
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
|
||||
(!isset($filter['owner']) || in_array('0',(array)$filter['owner'])))
|
||||
{
|
||||
$groupmembers = array();
|
||||
foreach($GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true) as $group_id)
|
||||
{
|
||||
if (($members = $GLOBALS['egw']->accounts->members($group_id,true)))
|
||||
{
|
||||
$groupmembers = array_merge($groupmembers,$members);
|
||||
}
|
||||
}
|
||||
$groupmember_sql = $this->db->expression($this->table_name, ' OR '.$this->table_name.'.',array(
|
||||
'account_id' => array_unique($groupmembers),
|
||||
));
|
||||
}
|
||||
// we have no private grants in addressbook at the moment, they have then to be added here too
|
||||
if (isset($filter['owner']))
|
||||
{
|
||||
if (!($filter['owner'] = array_intersect((array)$filter['owner'],array_keys($this->grants)))) return false;
|
||||
|
||||
// no grants for selected owner/addressbook
|
||||
if (!($filter['owner'] = array_intersect((array)$filter['owner'],array_keys($this->grants))))
|
||||
{
|
||||
if (!isset($groupmember_sql)) return false;
|
||||
$filter[] = substr($groupmember_sql,4);
|
||||
unset($filter['owner']);
|
||||
}
|
||||
// for an owner filter, which does NOT include current user, filter out private entries
|
||||
if (!in_array($GLOBALS['egw_info']['user']['account_id'],$filter['owner']))
|
||||
elseif (!in_array($GLOBALS['egw_info']['user']['account_id'],$filter['owner']))
|
||||
{
|
||||
$filter['private'] = 0;
|
||||
}
|
||||
@ -288,7 +309,7 @@ class addressbook_sql extends so_sql_cf
|
||||
{
|
||||
$filter[] = "($this->table_name.contact_owner=".(int)$GLOBALS['egw_info']['user']['account_id'].
|
||||
" OR contact_private=0 AND $this->table_name.contact_owner IN (".
|
||||
implode(',',array_keys($this->grants)).") OR $this->table_name.contact_owner IS NULL)";
|
||||
implode(',',array_keys($this->grants)).") $groupmember_sql OR $this->table_name.contact_owner IS NULL)";
|
||||
}
|
||||
}
|
||||
else // search all addressbooks, incl. accounts
|
||||
@ -299,7 +320,7 @@ class addressbook_sql extends so_sql_cf
|
||||
}
|
||||
$filter[] = "($this->table_name.contact_owner=".(int)$GLOBALS['egw_info']['user']['account_id'].
|
||||
" OR contact_private=0 AND $this->table_name.contact_owner IN (".
|
||||
implode(',',array_keys($this->grants)).") OR $this->table_name.contact_owner IS NULL)";
|
||||
implode(',',array_keys($this->grants)).") $groupmember_sql OR $this->table_name.contact_owner IS NULL)";
|
||||
}
|
||||
}
|
||||
if (isset($filter['list']))
|
||||
|
||||
Loading…
Reference in New Issue
Block a user