oc-notes: Implement edit own and delete own permissions

By storing the PidTagCreatorName on creation and checking when trying to edit or delete an specific message.
2026-03-25 16:12:44 +00:00 · 2016-02-07 00:38:07 +01:00
parent 76e586deca
commit 1ca1a273d9
3 changed files with 98 additions and 20 deletions
--- a/OpenChange/MAPIStoreDBMessage.m
+++ b/OpenChange/MAPIStoreDBMessage.m
@@ -27,6 +27,9 @@
 #import <Foundation/NSString.h>
 #import <Foundation/NSValue.h>
 #import <NGExtensions/NSObject+Logs.h>
+#import <NGObjWeb/WOContext+SoObjects.h>
+#import <SOGo/SOGoFolder.h>
+#import <SOGo/SOGoUser.h>

 #import "MAPIStoreContext.h"
 #import "MAPIStorePropertySelectors.h"
@@ -346,6 +349,16 @@
  /* Update PredecessorChangeList accordingly */
  [self _updatePredecessorChangeList];

+  if (isNew)
+    {
+      NSString *lastModifierName;
+
+      lastModifierName = (NSString *)[properties objectForKey: MAPIPropertyKey (PidTagLastModifierName)];
+      if ([lastModifierName length] > 0)
+        [properties setObject: lastModifierName
+                       forKey: MAPIPropertyKey (PidTagCreatorName)];
+    }
+
  // [self logWithFormat: @"Saving %@", [self description]];
  // [self logWithFormat: @"%d props in dict", [properties count]];

@@ -364,20 +377,77 @@
  return [msgClass isEqualToString: @"IPM.Microsoft.ScheduleData.FreeBusy"];
 }

-/* TODO: differentiate between the "Own" and "All" cases */
+//-----------------------------
+// Permissions
+//-----------------------------
+
 - (BOOL) subscriberCanReadMessage
 {
  return [(MAPIStoreFolder *) container subscriberCanReadMessages];
-          // || [self _messageIsFreeBusy]);
+}
+
+- (SOGoUser *) _ownerUser
+{
+  NSString *ownerName;
+  SOGoUser *ownerUser = nil;
+
+  ownerName = [properties objectForKey: MAPIPropertyKey (PidTagCreatorName)];
+  if ([ownerName length] > 0)
+    ownerUser = [SOGoUser userWithLogin: ownerName];
+
+  return ownerUser;
+}
+
+- (NSArray *) activeUserRoles
+{
+  /* Override because of this exception: NSInvalidArgumentException,
+     reason: [SOGoMAPIDBMessage-aclsForUser:] should be overridden by
+     subclass */
+  if (!activeUserRoles)
+    {
+      SOGoUser *activeUser;
+
+      activeUser = [[self context] activeUser];
+      activeUserRoles = [[container aclFolder] aclsForUser: [activeUser login]];
+      [activeUserRoles retain];
+    }
+
+  return activeUserRoles;
 }

 - (BOOL) subscriberCanModifyMessage
 {
-  return ((isNew
-           && [(MAPIStoreFolder *) container subscriberCanCreateMessages])
-          || (!isNew
-              && [(MAPIStoreFolder *) container subscriberCanModifyMessages]));
-          // || [self _messageIsFreeBusy]);
+  BOOL rc;
+  NSArray *roles;
+
+  roles = [self activeUserRoles];
+
+  if (isNew)
+    rc = [(MAPIStoreFolder *) container subscriberCanCreateMessages];
+  else
+    rc = [roles containsObject: MAPIStoreRightEditAll];
+
+  /* Check if the message is owned and it has permission to edit it */
+  if (!rc && [roles containsObject: MAPIStoreRightEditOwn])
+    rc = [[[container context] activeUser] isEqual: [self _ownerUser]];
+
+  return rc;
+}
+
+- (BOOL) subscriberCanDeleteMessage
+{
+  BOOL rc;
+  NSArray *roles;
+
+  roles = [self activeUserRoles];
+
+  rc = [roles containsObject: MAPIStoreRightDeleteAll];
+
+  /* Check if the message is owned and it has permission to delete it */
+  if (!rc && [roles containsObject: MAPIStoreRightDeleteOwn])
+    rc = [[[container context] activeUser] isEqual: [self _ownerUser]];
+
+  return rc;
 }

 - (NSDate *) creationTime