From 1ca1a273d9729edbeb6a76d0ae282c603bffbabb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enrique=20J=2E=20Hern=C3=A1ndez=20Blasco?= Date: Sun, 7 Feb 2016 00:38:07 +0100 Subject: [PATCH] oc-notes: Implement edit own and delete own permissions By storing the PidTagCreatorName on creation and checking when trying to edit or delete an specific message. --- OpenChange/MAPIStoreDBFolder.h | 10 ++++ OpenChange/MAPIStoreDBFolder.m | 24 +++++----- OpenChange/MAPIStoreDBMessage.m | 84 ++++++++++++++++++++++++++++++--- 3 files changed, 98 insertions(+), 20 deletions(-) diff --git a/OpenChange/MAPIStoreDBFolder.h b/OpenChange/MAPIStoreDBFolder.h index 2415af934..1da4d1bd9 100644 --- a/OpenChange/MAPIStoreDBFolder.h +++ b/OpenChange/MAPIStoreDBFolder.h @@ -25,6 +25,16 @@ #import "MAPIStoreFolder.h" +extern NSString *MAPIStoreRightReadItems; +extern NSString *MAPIStoreRightCreateItems; +extern NSString *MAPIStoreRightEditOwn; +extern NSString *MAPIStoreRightEditAll; +extern NSString *MAPIStoreRightDeleteOwn; +extern NSString *MAPIStoreRightDeleteAll; +extern NSString *MAPIStoreRightCreateSubfolders; +extern NSString *MAPIStoreRightFolderOwner; +extern NSString *MAPIStoreRightFolderContact; + @interface MAPIStoreDBFolder : MAPIStoreFolder @end diff --git a/OpenChange/MAPIStoreDBFolder.m b/OpenChange/MAPIStoreDBFolder.m index a7c49b72d..6aea4dd9b 100644 --- a/OpenChange/MAPIStoreDBFolder.m +++ b/OpenChange/MAPIStoreDBFolder.m @@ -51,15 +51,15 @@ static Class EOKeyValueQualifierK, SOGoCacheGCSFolderK, MAPIStoreDBFolderK; -static NSString *MAPIStoreRightReadItems = @"RightsReadItems"; -static NSString *MAPIStoreRightCreateItems = @"RightsCreateItems"; -static NSString *MAPIStoreRightEditOwn = @"RightsEditOwn"; -static NSString *MAPIStoreRightEditAll = @"RightsEditAll"; -static NSString *MAPIStoreRightDeleteOwn = @"RightsDeleteOwn"; -static NSString *MAPIStoreRightDeleteAll = @"RightsDeleteAll"; -static NSString *MAPIStoreRightCreateSubfolders = @"RightsCreateSubfolders"; -static NSString *MAPIStoreRightFolderOwner = @"RightsFolderOwner"; -static NSString *MAPIStoreRightFolderContact = @"RightsFolderContact"; +NSString *MAPIStoreRightReadItems = @"RightsReadItems"; +NSString *MAPIStoreRightCreateItems = @"RightsCreateItems"; +NSString *MAPIStoreRightEditOwn = @"RightsEditOwn"; +NSString *MAPIStoreRightEditAll = @"RightsEditAll"; +NSString *MAPIStoreRightDeleteOwn = @"RightsDeleteOwn"; +NSString *MAPIStoreRightDeleteAll = @"RightsDeleteAll"; +NSString *MAPIStoreRightCreateSubfolders = @"RightsCreateSubfolders"; +NSString *MAPIStoreRightFolderOwner = @"RightsFolderOwner"; +NSString *MAPIStoreRightFolderContact = @"RightsFolderContact"; @implementation MAPIStoreDBFolder @@ -355,8 +355,7 @@ static NSString *MAPIStoreRightFolderContact = @"RightsFolderContact"; - (BOOL) subscriberCanModifyMessages { - return ([self _testRoleForActiveUser: MAPIStoreRightEditAll] - || [self _testRoleForActiveUser: MAPIStoreRightEditOwn]); + return [self _testRoleForActiveUser: MAPIStoreRightEditAll]; } - (BOOL) subscriberCanReadMessages @@ -377,8 +376,7 @@ static NSString *MAPIStoreRightFolderContact = @"RightsFolderContact"; - (BOOL) subscriberCanDeleteMessages { - return ([self _testRoleForActiveUser: MAPIStoreRightDeleteAll] - || [self _testRoleForActiveUser: MAPIStoreRightDeleteOwn]); + return [self _testRoleForActiveUser: MAPIStoreRightDeleteAll]; } - (BOOL) subscriberCanCreateSubFolders diff --git a/OpenChange/MAPIStoreDBMessage.m b/OpenChange/MAPIStoreDBMessage.m index a397f7521..ca2b772d0 100644 --- a/OpenChange/MAPIStoreDBMessage.m +++ b/OpenChange/MAPIStoreDBMessage.m @@ -27,6 +27,9 @@ #import #import #import +#import +#import +#import #import "MAPIStoreContext.h" #import "MAPIStorePropertySelectors.h" @@ -346,6 +349,16 @@ /* Update PredecessorChangeList accordingly */ [self _updatePredecessorChangeList]; + if (isNew) + { + NSString *lastModifierName; + + lastModifierName = (NSString *)[properties objectForKey: MAPIPropertyKey (PidTagLastModifierName)]; + if ([lastModifierName length] > 0) + [properties setObject: lastModifierName + forKey: MAPIPropertyKey (PidTagCreatorName)]; + } + // [self logWithFormat: @"Saving %@", [self description]]; // [self logWithFormat: @"%d props in dict", [properties count]]; @@ -364,20 +377,77 @@ return [msgClass isEqualToString: @"IPM.Microsoft.ScheduleData.FreeBusy"]; } -/* TODO: differentiate between the "Own" and "All" cases */ +//----------------------------- +// Permissions +//----------------------------- + - (BOOL) subscriberCanReadMessage { return [(MAPIStoreFolder *) container subscriberCanReadMessages]; - // || [self _messageIsFreeBusy]); +} + +- (SOGoUser *) _ownerUser +{ + NSString *ownerName; + SOGoUser *ownerUser = nil; + + ownerName = [properties objectForKey: MAPIPropertyKey (PidTagCreatorName)]; + if ([ownerName length] > 0) + ownerUser = [SOGoUser userWithLogin: ownerName]; + + return ownerUser; +} + +- (NSArray *) activeUserRoles +{ + /* Override because of this exception: NSInvalidArgumentException, + reason: [SOGoMAPIDBMessage-aclsForUser:] should be overridden by + subclass */ + if (!activeUserRoles) + { + SOGoUser *activeUser; + + activeUser = [[self context] activeUser]; + activeUserRoles = [[container aclFolder] aclsForUser: [activeUser login]]; + [activeUserRoles retain]; + } + + return activeUserRoles; } - (BOOL) subscriberCanModifyMessage { - return ((isNew - && [(MAPIStoreFolder *) container subscriberCanCreateMessages]) - || (!isNew - && [(MAPIStoreFolder *) container subscriberCanModifyMessages])); - // || [self _messageIsFreeBusy]); + BOOL rc; + NSArray *roles; + + roles = [self activeUserRoles]; + + if (isNew) + rc = [(MAPIStoreFolder *) container subscriberCanCreateMessages]; + else + rc = [roles containsObject: MAPIStoreRightEditAll]; + + /* Check if the message is owned and it has permission to edit it */ + if (!rc && [roles containsObject: MAPIStoreRightEditOwn]) + rc = [[[container context] activeUser] isEqual: [self _ownerUser]]; + + return rc; +} + +- (BOOL) subscriberCanDeleteMessage +{ + BOOL rc; + NSArray *roles; + + roles = [self activeUserRoles]; + + rc = [roles containsObject: MAPIStoreRightDeleteAll]; + + /* Check if the message is owned and it has permission to delete it */ + if (!rc && [roles containsObject: MAPIStoreRightDeleteOwn]) + rc = [[[container context] activeUser] isEqual: [self _ownerUser]]; + + return rc; } - (NSDate *) creationTime