From e960b79570cc0d82b4cd2ce76421b788988c3ef6 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Fri, 24 Jun 2011 13:35:39 +0000 Subject: [PATCH] fixed not working access to all non-private user categories (ACL was priviously allways taken into account) --- admin/inc/class.admin_categories.inc.php | 13 +++++-------- phpgwapi/inc/class.categories.inc.php | 22 ++++++++++++++++------ 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/admin/inc/class.admin_categories.inc.php b/admin/inc/class.admin_categories.inc.php index d2e306310b..7106f7d062 100644 --- a/admin/inc/class.admin_categories.inc.php +++ b/admin/inc/class.admin_categories.inc.php @@ -198,7 +198,7 @@ class admin_categories $sel_options['icon'] = self::get_icons(); $sel_options['owner'] = array(); - + // User's category - add current value to be able to preserve owner if(!$content['id'] && $this->appname != 'admin') $content['owner'] = $GLOBALS['egw_info']['user']['account_id']; @@ -215,7 +215,7 @@ class admin_categories { $sel_options['owner'][0] = lang('All users'); $accs = $GLOBALS['egw']->accounts->get_list('groups'); - foreach($accs as $acc) + foreach($accs as $acc) { if ($acc['account_type'] == 'g') { @@ -299,7 +299,7 @@ class admin_categories { $globalcat = false; } - if($globalcat) $filter['access'] = 'public'; + if ($globalcat) $filter['access'] = 'public'; egw_cache::setSession(__CLASS__.$query['appname'],'nm',$query); if($query['filter'] > 0 || $query['col_filter']['owner']) { @@ -311,10 +311,7 @@ class admin_categories } $cats = new categories($filter['owner'],$query['appname']); - -$globalcat=1; -$parent = 0; - $rows = $cats->return_sorted_array($query['start'],false,$query['search'],$query['sort'],$query['order'],$globalcat,$parent,true,$filter); + $rows = $cats->return_sorted_array($query['start'],false,$query['search'],$query['sort'],$query['order'],'all_no_acl',$parent=0,true,$filter); $count = $cats->total_records; foreach($rows as $key => &$row) { @@ -367,7 +364,7 @@ $parent = 0; $appname = categories::GLOBAL_APPNAME; foreach(array($content['nm']['appname'], $_GET['cats_app'], $_GET['appname']) as $field) { - if($field) + if($field) { $appname = $field; break; diff --git a/phpgwapi/inc/class.categories.inc.php b/phpgwapi/inc/class.categories.inc.php index 09fd1927a8..84135f0c8e 100644 --- a/phpgwapi/inc/class.categories.inc.php +++ b/phpgwapi/inc/class.categories.inc.php @@ -171,7 +171,8 @@ class categories * @param string $query='' query-pattern * @param string $sort='ASC' sort order, defaults to 'ASC' * @param string $order='' order by, default cat_main, cat_level, cat_name ASC - * @param boolean $globals include the global egroupware categories or not + * @param boolean|string $globals includes the global egroupware categories or not, + * 'all_no_acl' to return global and all non-private user categories independent of ACL * @param array|int $parent_id=null return only subcats of $parent_id(s) * @param int $lastmod = -1 if > 0 return only cats modified since then * @param string $column='' if column-name given only that column is returned, not the full array with all cat-data @@ -234,7 +235,7 @@ class categories } // check for read permission - if(!$this->check_perms(EGW_ACL_READ, $cat)) + if(!$this->check_perms(EGW_ACL_READ, $cat, $globals === 'all_no_acl')) { continue; } @@ -316,7 +317,8 @@ class categories * @param string $query='' query-pattern * @param string $sort='ASC' sort order, either defaults to 'ASC' * @param string $order='cat_name' order by - * @param boolean $globals includes the global egroupware categories or not + * @param boolean|string $globals includes the global egroupware categories or not, + * 'all_no_acl' to return global and all non-private user categories independent of ACL * @param array|int $parent_id=0 return only subcats of $parent_id(s) * @param boolean $unserialize_data=false return $cat['data'] as array (not serialized array) * @return array with cats @@ -479,9 +481,10 @@ class categories * * @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE} * @param mixed $category category as array or the category_id + * @param boolean $no_acl_check=false if true, grants are NOT checked, gives access to all non-private categories of all users * @return boolean true permission granted, false for permission denied, null for category does not exist */ - public function check_perms($needed,$category) + public function check_perms($needed, $category, $no_acl_check=false) { if (!is_array($category) && !($category = self::read($category))) { @@ -510,6 +513,12 @@ class categories return true; } + // if $no_acl_check is set, allow access to all public (non-private) categories + if ($no_acl_check && $category['access'] == 'public' && $this->account_id != self::GLOBAL_ACCOUNT && $category['appname'] == $this->app_name) + { + return true; + } + // Load the application grants if ($category['appname'] == $this->app_name && is_null($this->grants)) { @@ -517,8 +526,9 @@ class categories } // Check for ACL granted access, the self::GLOBAL_ACCOUNT user must not get access by ACL to keep old behaviour - return ($this->account_id != self::GLOBAL_ACCOUNT && $category['appname'] == $this->app_name && ($this->grants[$category['owner']] & $needed) && - ($category['access'] == 'public' || ($this->grants[$category['owner']] & EGW_ACL_PRIVATE))); + return $this->account_id != self::GLOBAL_ACCOUNT && $category['appname'] == $this->app_name && + ($this->grants[$category['owner']] & $needed) && + ($category['access'] == 'public' || ($this->grants[$category['owner']] & EGW_ACL_PRIVATE)); } /**