holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* read access to groupmembers for account-selection "groupmembers" (only for account_repository sql!)

Browse Source 
fixes not shown users in "grant access" for non-admin users
This commit is contained in:
Ralf Becker 2010-11-05 08:56:41 +00:00
parent a272e11330
commit de9689e928
2 changed files with 38 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
addressbook/inc/class.addressbook_bo.inc.php
View File

@ -316,7 +316,10 @@ class addressbook_bo extends addressbook_so
asort($to_sort); asort($to_sort);
$addressbooks += $to_sort; $addressbooks += $to_sort;
} }
if (($this->grants[0] & $required) == $required && !$GLOBALS['egw_info']['user']['preferences']['addressbook']['hide_accounts']) if (!$GLOBALS['egw_info']['user']['preferences']['addressbook']['hide_accounts'] && (
($this->grants[0] & $required) == $required ||
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
$this->account_repository != 'ldap' && ($required & EGW_ACL_READ)))
{ {
$addressbooks[0] = lang('Accounts'); $addressbooks[0] = lang('Accounts');
} }
@ -338,7 +341,7 @@ class addressbook_bo extends addressbook_so
{ {
$addressbooks[$this->user.'p'] = lang('Private'); $addressbooks[$this->user.'p'] = lang('Private');
} }
//_debug_array($addressbooks); //echo "<p>".__METHOD__."($required,'$extra_label')"; _debug_array($addressbooks);
return $addressbooks; return $addressbooks;
} }
@ -1001,6 +1004,13 @@ class addressbook_bo extends addressbook_so
{ {
return false; return false;
} }
// for reading accounts (owner == 0) and account_selection == groupmembers, check if current user and contact are groupmembers
if ($owner == 0 && $needed == EGW_ACL_READ &&
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers')
{
return !!array_intersect($GLOBALS['egw']->accounts->memberships($this->user,true),
$GLOBALS['egw']->accounts->memberships($contact['account_id'],true));
}
return ($this->grants[$owner] & $needed) && return ($this->grants[$owner] & $needed) &&
(!$contact['private'] || ($this->grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$this->memberships)); (!$contact['private'] || ($this->grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$this->memberships));
} }

31
addressbook/inc/class.addressbook_sql.inc.php
View File

@ -273,13 +273,34 @@ class addressbook_sql extends so_sql_cf
// add filter for read ACL in sql, if user is NOT the owner of the addressbook // add filter for read ACL in sql, if user is NOT the owner of the addressbook
if (isset($this->grants) && !(isset($filter['owner']) && $filter['owner'] == $GLOBALS['egw_info']['user']['account_id'])) if (isset($this->grants) && !(isset($filter['owner']) && $filter['owner'] == $GLOBALS['egw_info']['user']['account_id']))
{ {
// add read ACL for groupmembers (they have no
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
(!isset($filter['owner']) || in_array('0',(array)$filter['owner'])))
{
$groupmembers = array();
foreach($GLOBALS['egw']->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true) as $group_id)
{
if (($members = $GLOBALS['egw']->accounts->members($group_id,true)))
{
$groupmembers = array_merge($groupmembers,$members);
}
}
$groupmember_sql = $this->db->expression($this->table_name, ' OR '.$this->table_name.'.',array(
'account_id' => array_unique($groupmembers),
));
}
// we have no private grants in addressbook at the moment, they have then to be added here too // we have no private grants in addressbook at the moment, they have then to be added here too
if (isset($filter['owner'])) if (isset($filter['owner']))
{ {
if (!($filter['owner'] = array_intersect((array)$filter['owner'],array_keys($this->grants)))) return false; // no grants for selected owner/addressbook
if (!($filter['owner'] = array_intersect((array)$filter['owner'],array_keys($this->grants))))
{
if (!isset($groupmember_sql)) return false;
$filter[] = substr($groupmember_sql,4);
unset($filter['owner']);
}
// for an owner filter, which does NOT include current user, filter out private entries // for an owner filter, which does NOT include current user, filter out private entries
if (!in_array($GLOBALS['egw_info']['user']['account_id'],$filter['owner'])) elseif (!in_array($GLOBALS['egw_info']['user']['account_id'],$filter['owner']))
{ {
$filter['private'] = 0; $filter['private'] = 0;
} }
@ -288,7 +309,7 @@ class addressbook_sql extends so_sql_cf
{ {
$filter[] = "($this->table_name.contact_owner=".(int)$GLOBALS['egw_info']['user']['account_id']. $filter[] = "($this->table_name.contact_owner=".(int)$GLOBALS['egw_info']['user']['account_id'].
" OR contact_private=0 AND $this->table_name.contact_owner IN (". " OR contact_private=0 AND $this->table_name.contact_owner IN (".
implode(',',array_keys($this->grants)).") OR $this->table_name.contact_owner IS NULL)"; implode(',',array_keys($this->grants)).") $groupmember_sql OR $this->table_name.contact_owner IS NULL)";
} }
} }
else // search all addressbooks, incl. accounts else // search all addressbooks, incl. accounts
@ -299,7 +320,7 @@ class addressbook_sql extends so_sql_cf
} }
$filter[] = "($this->table_name.contact_owner=".(int)$GLOBALS['egw_info']['user']['account_id']. $filter[] = "($this->table_name.contact_owner=".(int)$GLOBALS['egw_info']['user']['account_id'].
" OR contact_private=0 AND $this->table_name.contact_owner IN (". " OR contact_private=0 AND $this->table_name.contact_owner IN (".
implode(',',array_keys($this->grants)).") OR $this->table_name.contact_owner IS NULL)"; implode(',',array_keys($this->grants)).") $groupmember_sql OR $this->table_name.contact_owner IS NULL)";
} }
} }
if (isset($filter['list'])) if (isset($filter['list']))