amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-09 21:45:26 +00:00
Code Issues Projects Releases Wiki Activity

Fix handling of ACLs with multiple groups

Browse Source 
Fixes #1854
This commit is contained in:
Francis Lachapelle
2014-02-06 14:21:36 -05:00
parent b95362f963
commit 2c678101fc
2 changed files with 61 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
NEWS
+1
View File
@@ -39,6 +39,7 @@ Bug fixes
- respect the maximum number of bookings when viewing the freebusy information of a resource (#2560) - respect the maximum number of bookings when viewing the freebusy information of a resource (#2560)
- encode HTML entities when forwarding an HTML message inline in plain text composition mode (#2411) - encode HTML entities when forwarding an HTML message inline in plain text composition mode (#2411)
- encode HTML entities in JSON data returned by Calendar module (#2598) - encode HTML entities in JSON data returned by Calendar module (#2598)
- fixed handling of ACLs on shared calendars with multiple groups (#1854)
2.1.1b (2013-12-04) 2.1.1b (2013-12-04)
------------------- -------------------
SoObjects/Appointments/SOGoAppointmentFolder.m
+60 -14
View File
@@ -573,17 +573,27 @@ static iCalEvent *iCalEventK = nil;
} }
grantedCount = [grantedClasses count]; grantedCount = [grantedClasses count];
if (grantedCount == 3) if (grantedCount == 3)
filter = @""; {
// User have access to all three classifications
filter = @"";
}
else if (grantedCount == 2) else if (grantedCount == 2)
filter {
= [NSString stringWithFormat: @"c_classification != %@", // User has access to all but one of the classifications
[deniedClasses objectAtIndex: 0]]; filter = [NSString stringWithFormat: @"c_classification != %@",
[deniedClasses objectAtIndex: 0]];
}
else if (grantedCount == 1) else if (grantedCount == 1)
filter {
= [NSString stringWithFormat: @"c_classification = %@", // User has access to only one classification
[grantedClasses objectAtIndex: 0]]; filter = [NSString stringWithFormat: @"c_classification = %@",
[grantedClasses objectAtIndex: 0]];
}
else else
filter = nil; {
// User has access to no classification
filter = nil;
}
return filter; return filter;
} }
@@ -676,7 +686,6 @@ static iCalEvent *iCalEventK = nil;
qualifier = nil; qualifier = nil;
/* fetch non-recurrent apts first */ /* fetch non-recurrent apts first */
records = [folder fetchFields: fields matchingQualifier: qualifier]; records = [folder fetchFields: fields matchingQualifier: qualifier];
} }
else else
@@ -871,7 +880,6 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir
{ {
NSCalendarDate *recurrenceId; NSCalendarDate *recurrenceId;
NSMutableDictionary *newRecord; NSMutableDictionary *newRecord;
NSDictionary *oldRecord;
NGCalendarDateRange *newRecordRange; NGCalendarDateRange *newRecordRange;
NSComparisonResult compare; NSComparisonResult compare;
int recordIndex, secondsOffsetFromGMT; int recordIndex, secondsOffsetFromGMT;
@@ -2533,7 +2541,7 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir
unsigned int permStrIndex; unsigned int permStrIndex;
[super initializeQuickTablesAclsInContext: localContext]; [super initializeQuickTablesAclsInContext: localContext];
/* We assume "userIsOwner" will be set after calling the super method. */ /* We assume "userCanAccessAllObjects" will be set after calling the super method. */
if (!userCanAccessAllObjects) if (!userCanAccessAllObjects)
{ {
login = [[localContext activeUser] login]; login = [[localContext activeUser] login];
@@ -3123,6 +3131,7 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir
{ {
NSMutableArray *aclsForUser; NSMutableArray *aclsForUser;
NSArray *superAcls; NSArray *superAcls;
static NSArray *rolesClassifications = nil;
superAcls = [super aclsForUser: uid forObjectAtPath: objectPathArray]; superAcls = [super aclsForUser: uid forObjectAtPath: objectPathArray];
if ([uid isEqualToString: [self defaultUserID]]) if ([uid isEqualToString: [self defaultUserID]])
@@ -3137,14 +3146,51 @@ firstInstanceCalendarDateRange: (NGCalendarDateRange *) fir
[aclsForUser addObject: SoRole_Authenticated]; [aclsForUser addObject: SoRole_Authenticated];
} }
else else
aclsForUser = (NSMutableArray *) superAcls; {
aclsForUser = [NSMutableArray array];
if (!rolesClassifications)
{
rolesClassifications =
[NSArray arrayWithObjects:
[NSArray arrayWithObjects:
SOGoCalendarRole_PublicModifier,
SOGoCalendarRole_PublicResponder,
SOGoCalendarRole_PublicViewer,
SOGoCalendarRole_PublicDAndTViewer,
nil],
[NSArray arrayWithObjects:
SOGoCalendarRole_ConfidentialModifier,
SOGoCalendarRole_ConfidentialResponder,
SOGoCalendarRole_ConfidentialViewer,
SOGoCalendarRole_ConfidentialDAndTViewer,
nil],
[NSArray arrayWithObjects:
SOGoCalendarRole_PrivateModifier,
SOGoCalendarRole_PrivateResponder,
SOGoCalendarRole_PrivateViewer,
SOGoCalendarRole_PrivateDAndTViewer,
nil],
[NSArray arrayWithObject: SOGoRole_ObjectCreator],
[NSArray arrayWithObject: SOGoRole_ObjectEraser],
nil];
}
// When a user is a member of many groups for which there are access rights, multiple access rights
// can be returned for each classification. In this case, we only keep the highest access right.
int i, count = [rolesClassifications count];
NSString *role;
for (i = 0; i < count; i++)
{
role = [[rolesClassifications objectAtIndex: i] firstObjectCommonWithArray: superAcls];
if (role)
[aclsForUser addObject: role];
}
}
return aclsForUser; return aclsForUser;
} }
/* caldav-proxy */ /* caldav-proxy */
- (SOGoAppointmentProxyPermission) - (SOGoAppointmentProxyPermission) proxyPermissionForUserWithLogin: (NSString *) login
proxyPermissionForUserWithLogin: (NSString *) login
{ {
SOGoAppointmentProxyPermission permission; SOGoAppointmentProxyPermission permission;
NSArray *roles; NSArray *roles;