diff --git a/ChangeLog b/ChangeLog index 95b18639c..d960475d5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2008-03-28 Wolfgang Sourdeau + + * SoObjects/Appointments/SOGoAppointmentFolder.m + ([SOGoAppointmentFolder + -appendObject:objectproperties:propertieswithBaseURL:baseURLtoComplexResponse:r]): + check whether the current user has access to the objects returned + before including their properties. + 2008-03-27 Wolfgang Sourdeau * SoObjects/SOGo/AgenorUserDefaults.m ([AgenorUserDefaults diff --git a/SoObjects/Appointments/SOGoAppointmentFolder.m b/SoObjects/Appointments/SOGoAppointmentFolder.m index 173b9c0f9..7824aca9d 100644 --- a/SoObjects/Appointments/SOGoAppointmentFolder.m +++ b/SoObjects/Appointments/SOGoAppointmentFolder.m @@ -246,26 +246,32 @@ static NSNumber *sharedYes = nil; NSMutableDictionary *currentValue; SOGoObject *sogoObject; NSString *content; + SoSecurityManager *mgr; values = [NSMutableArray array]; -// if ([[object objectForKey: @"c_name"] isEqualToString: @"176A-4E8BDE62-5-B73ECD10"]) -// NSLog(@"breajpoint"); +#warning this check should be done directly in the query... we should fix this sometime + mgr = [SoSecurityManager sharedSecurityManager]; sogoObject = [self lookupName: [object objectForKey: @"c_name"] inContext: context acquire: NO]; - list = [properties objectEnumerator]; - while ((currentProperty = [list nextObject])) + if (!([mgr validatePermission: SOGoPerm_AccessObject + onObject: sogoObject + inContext: context])) { - currentValue = [NSMutableDictionary dictionary]; - [currentValue setObject: currentProperty - forKey: @"property"]; - content = [self _property: currentProperty - ofObject: sogoObject]; - if (content) - [currentValue setObject: content - forKey: @"content"]; - [values addObject: currentValue]; + list = [properties objectEnumerator]; + while ((currentProperty = [list nextObject])) + { + currentValue = [NSMutableDictionary dictionary]; + [currentValue setObject: currentProperty + forKey: @"property"]; + content = [self _property: currentProperty + ofObject: sogoObject]; + if (content) + [currentValue setObject: content + forKey: @"content"]; + [values addObject: currentValue]; + } } return values;