Monotone-Parent: 581e13f64111105e0bce624d9e6267f5eb79f46d

Monotone-Revision: 7a02739cae6babfe41777a34b6d6949a9385d396 Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2008-04-22T14:50:40 Monotone-Branch: ca.inverse.sogo
2026-04-11 00:08:51 +00:00 · 2008-04-22 14:50:40 +00:00
parent 9b5bac6d26
commit 52098ec649
3 changed files with 40 additions and 39 deletions
--- a/10
+++ b/10
@@ -1,3 +1,13 @@
+2008-04-22  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
+
+	* SoObjects/SOGo/SOGoGCSFolder.m ([SOGoGCSFolder
+	-setDavDisplayName:newName]): deny the renaming of the folder if
+	not owner.
+
+	* SoObjects/SOGo/SOGoObject.m ([SOGoObject
+	-davSetProperties:setPropsremovePropertiesNamed:removedPropsinContext:localContext]):
+	certain properties should be authorized when not owner.
+
 2008-04-21  Wolfgang Sourdeau  <wsourdeau@inverse.ca>

 	* UI/Scheduler/UIxColorPicker.[hm]: new class module that
--- a/SoObjects/SOGo/SOGoGCSFolder.m
+++ b/SoObjects/SOGo/SOGoGCSFolder.m
@@ -260,16 +260,25 @@ static BOOL sendFolderAdvisories = NO;
 - (NSException *) setDavDisplayName: (NSString *) newName
 {
  NSException *error;
+  NSArray *currentRoles;

-  if ([newName length])
+  currentRoles = [[context activeUser] rolesForObject: self
+				       inContext: context];
+  if ([currentRoles containsObject: SoRole_Owner])
    {
-      [self renameTo: newName];
-      error = nil;
+      if ([newName length])
+	{
+	  [self renameTo: newName];
+	  error = nil;
+	}
+      else
+	error = [NSException exceptionWithHTTPStatus: 400
+			     reason: [NSString stringWithFormat:
+						 @"Empty string"]];
    }
  else
-    error = [NSException exceptionWithHTTPStatus: 400
-			 reason: [NSString stringWithFormat:
-					     @"Empty string"]];
+    error = [NSException exceptionWithHTTPStatus: 403
+			 reason: @"Modification denied."];

  return error;
 }
--- a/SoObjects/SOGo/SOGoObject.m
+++ b/SoObjects/SOGo/SOGoObject.m
@@ -1342,53 +1342,35 @@ static BOOL sendACLAdvisories = NO;
  return r;
 }

- (NSException *) _setDavProperty: (NSString *) property
-			  toValue: (id) newValue
-{
-  NSException *exception;
-  SEL methodSel;
-
-  methodSel = NSSelectorFromString ([property davSetterName]);
-  if ([self respondsToSelector: methodSel])
-    exception = [self performSelector: methodSel
-		      withObject: newValue];
-  else
-    exception
-      = [NSException exceptionWithHTTPStatus: 404
-		     reason: [NSString stringWithFormat:
-					 @"Property '%@' cannot be set.",
-				       property]];
-
-  return exception;
-}
-
 - (NSException *) davSetProperties: (NSDictionary *) setProps
 	     removePropertiesNamed: (NSDictionary *) removedProps
 			 inContext: (WOContext *) localContext
 {
  NSString *currentProp;
  NSException *exception;
-  NSArray *currentRoles;
  NSEnumerator *properties;
  id currentValue;
+  SEL methodSel;

-  currentRoles = [[localContext activeUser] rolesForObject: self
-					    inContext: localContext];
-  if ([currentRoles containsObject: SoRole_Owner])
+  properties = [[setProps allKeys] objectEnumerator];
+  exception = nil;
+  while (!exception
+	 && (currentProp = [properties nextObject]))
    {
-      properties = [[setProps allKeys] objectEnumerator];
-      exception = nil;
-      while (!exception
-	     && (currentProp = [properties nextObject]))
+      methodSel = NSSelectorFromString ([currentProp davSetterName]);
+      if ([self respondsToSelector: methodSel])
 	{
 	  currentValue = [setProps objectForKey: currentProp];
-	  exception = [self _setDavProperty: currentProp
-			    toValue: currentValue];
+	  exception = [self performSelector: methodSel
+			    withObject: currentValue];
 	}
+      else
+	exception
+	  = [NSException exceptionWithHTTPStatus: 404
+			 reason: [NSString stringWithFormat:
+					     @"Property '%@' cannot be set.",
+					   currentProp]];
    }
-  else
-    exception = [NSException exceptionWithHTTPStatus: 403
-			     reason: @"Modification denied."];

  return exception;
 }