From 0a09a045c5b3ae7a8851701cfae10d1d9d9de2f4 Mon Sep 17 00:00:00 2001 From: Wolfgang Sourdeau Date: Wed, 2 Jun 2010 16:42:49 +0000 Subject: [PATCH] Monotone-Parent: 0c6806493b569c14269ce32c78f49e2d8d0bd053 Monotone-Revision: 45a909a97ed4304fcd6107fccb0e129e9db8d87a Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2010-06-02T16:42:49 Monotone-Branch: ca.inverse.sogo --- ChangeLog | 11 +++++++++++ SoObjects/SOGo/SOGoParentFolder.m | 31 +++++++++++++++++++------------ SoObjects/SOGo/SOGoUserFolder.m | 26 +++++++++----------------- 3 files changed, 39 insertions(+), 29 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5d0336e8f..43aef6e57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,16 @@ 2010-06-02 Wolfgang Sourdeau + * SoObjects/SOGo/SOGoUserFolder.m (_subFoldersFromFolder:): + thanks to the change below, the ACL checking code is no longer + needed here, where we can now concentrate on returning subfolders + metadata. + + * SoObjects/SOGo/SOGoParentFolder.m + (_fetchPersonalFolders:withChannel:): if the active user is not + the owner of the current parent folder, subfolders are returned + only when he/she has permissions set on them even for the + "personal" subfolder. + * SoObjects/SOGo/SOGoGCSFolder.m (-aclsForUser:forObjectAtPath:): extracted db code into a new "_realAclsForUser:forObjectAtPath:" private method. When the "None" special role is returned, we diff --git a/SoObjects/SOGo/SOGoParentFolder.m b/SoObjects/SOGo/SOGoParentFolder.m index 0f31d89a0..2066ba3fe 100644 --- a/SoObjects/SOGo/SOGoParentFolder.m +++ b/SoObjects/SOGo/SOGoParentFolder.m @@ -175,10 +175,12 @@ static SoSecurityManager *sm = nil; { NSArray *attrs; NSDictionary *row; - BOOL hasPersonal; + BOOL hasPersonal, ignoreRights; SOGoGCSFolder *folder; - NSString *key; + NSString *key, *login; NSException *error; + SOGoUser *currentUser; + SoSecurityManager *securityManager; if (!subFolderClass) subFolderClass = [[self class] subFolderClass]; @@ -187,23 +189,33 @@ static SoSecurityManager *sm = nil; error = [fc evaluateExpressionX: sql]; if (!error) { + currentUser = [context activeUser]; + login = [currentUser login]; + ignoreRights = (activeUserIsOwner || [login isEqualToString: owner] + || [currentUser isSuperUser]); + if (!ignoreRights) + securityManager = [SoSecurityManager sharedSecurityManager]; + attrs = [fc describeResults: NO]; - row = [fc fetchAttributes: attrs withZone: NULL]; - while (row) + while ((row = [fc fetchAttributes: attrs withZone: NULL])) { key = [row objectForKey: @"c_path4"]; if ([key isKindOfClass: [NSString class]]) { folder = [subFolderClass objectWithName: key inContainer: self]; - hasPersonal = (hasPersonal || [key isEqualToString: @"personal"]); + hasPersonal = (hasPersonal + || [key isEqualToString: @"personal"]); [folder setOCSPath: [NSString stringWithFormat: @"%@/%@", OCSPath, key]]; + if (ignoreRights + || ![securityManager validatePermission: SOGoPerm_AccessObject + onObject: folder + inContext: context]) [subFolders setObject: folder forKey: key]; } - row = [fc fetchAttributes: attrs withZone: NULL]; } - if (!hasPersonal) + if (ignoreRights && !hasPersonal) [self _createPersonalFolder]; } @@ -382,11 +394,6 @@ static SoSecurityManager *sm = nil; return error; } -- (NSArray *) fetchContentObjectNames -{ - return nil; -} - - (id) lookupName: (NSString *) name inContext: (WOContext *) lookupContext acquire: (BOOL) acquire diff --git a/SoObjects/SOGo/SOGoUserFolder.m b/SoObjects/SOGo/SOGoUserFolder.m index 91c10f532..0ed2c4664 100644 --- a/SoObjects/SOGo/SOGoUserFolder.m +++ b/SoObjects/SOGo/SOGoUserFolder.m @@ -27,7 +27,6 @@ #import #import -#import #import #import #import @@ -148,35 +147,28 @@ NSMutableArray *folders; NSEnumerator *subfolders; SOGoFolder *currentFolder; - NSString *folderName, *folderOwner; + NSString *folderName; + Class subfolderClass; NSMutableDictionary *currentDictionary; - SoSecurityManager *securityManager; - - folderOwner = [parentFolder ownerInContext: context]; - securityManager = [SoSecurityManager sharedSecurityManager]; folders = [NSMutableArray array]; + subfolderClass = [[parentFolder class] subFolderClass]; + subfolders = [[parentFolder subFolders] objectEnumerator]; while ((currentFolder = [subfolders nextObject])) { - if (![securityManager validatePermission: SOGoPerm_AccessObject - onObject: currentFolder inContext: context] - && [[currentFolder ownerInContext: context] - isEqualToString: folderOwner] - && [NSStringFromClass([currentFolder class]) compare: @"SOGoWebAppointmentFolder"] != NSOrderedSame) + if ([currentFolder isMemberOfClass: subfolderClass]) { folderName = [NSString stringWithFormat: @"/%@/%@", [parentFolder nameInContainer], [currentFolder nameInContainer]]; - currentDictionary - = [NSMutableDictionary dictionaryWithCapacity: 3]; + currentDictionary = [NSMutableDictionary dictionaryWithCapacity: 4]; [currentDictionary setObject: [currentFolder displayName] - forKey: @"displayName"]; + forKey: @"displayName"]; [currentDictionary setObject: folderName forKey: @"name"]; - [currentDictionary setObject: folderOwner forKey: @"owner"]; [currentDictionary setObject: [currentFolder folderType] - forKey: @"type"]; + forKey: @"type"]; [folders addObject: currentDictionary]; } } @@ -587,7 +579,7 @@ /* WebDAV */ -- (NSArray *) fetchContentObjectNames +- (NSArray *) toOneRelationshipKeys { SOGoSystemDefaults *sd; SOGoUser *currentUser;