From 52098ec6496d1138884bdf8f36baa4cfd415cff8 Mon Sep 17 00:00:00 2001 From: Wolfgang Sourdeau Date: Tue, 22 Apr 2008 14:50:40 +0000 Subject: [PATCH] Monotone-Parent: 581e13f64111105e0bce624d9e6267f5eb79f46d Monotone-Revision: 7a02739cae6babfe41777a34b6d6949a9385d396 Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2008-04-22T14:50:40 Monotone-Branch: ca.inverse.sogo --- ChangeLog | 10 +++++++ SoObjects/SOGo/SOGoGCSFolder.m | 21 ++++++++++----- SoObjects/SOGo/SOGoObject.m | 48 +++++++++++----------------------- 3 files changed, 40 insertions(+), 39 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7e3b47380..ef99e9b12 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +2008-04-22 Wolfgang Sourdeau + + * SoObjects/SOGo/SOGoGCSFolder.m ([SOGoGCSFolder + -setDavDisplayName:newName]): deny the renaming of the folder if + not owner. + + * SoObjects/SOGo/SOGoObject.m ([SOGoObject + -davSetProperties:setPropsremovePropertiesNamed:removedPropsinContext:localContext]): + certain properties should be authorized when not owner. + 2008-04-21 Wolfgang Sourdeau * UI/Scheduler/UIxColorPicker.[hm]: new class module that diff --git a/SoObjects/SOGo/SOGoGCSFolder.m b/SoObjects/SOGo/SOGoGCSFolder.m index 4222515f9..e3d7c56ce 100644 --- a/SoObjects/SOGo/SOGoGCSFolder.m +++ b/SoObjects/SOGo/SOGoGCSFolder.m @@ -260,16 +260,25 @@ static BOOL sendFolderAdvisories = NO; - (NSException *) setDavDisplayName: (NSString *) newName { NSException *error; + NSArray *currentRoles; - if ([newName length]) + currentRoles = [[context activeUser] rolesForObject: self + inContext: context]; + if ([currentRoles containsObject: SoRole_Owner]) { - [self renameTo: newName]; - error = nil; + if ([newName length]) + { + [self renameTo: newName]; + error = nil; + } + else + error = [NSException exceptionWithHTTPStatus: 400 + reason: [NSString stringWithFormat: + @"Empty string"]]; } else - error = [NSException exceptionWithHTTPStatus: 400 - reason: [NSString stringWithFormat: - @"Empty string"]]; + error = [NSException exceptionWithHTTPStatus: 403 + reason: @"Modification denied."]; return error; } diff --git a/SoObjects/SOGo/SOGoObject.m b/SoObjects/SOGo/SOGoObject.m index 381d8302a..678f6a3c1 100644 --- a/SoObjects/SOGo/SOGoObject.m +++ b/SoObjects/SOGo/SOGoObject.m @@ -1342,53 +1342,35 @@ static BOOL sendACLAdvisories = NO; return r; } -- (NSException *) _setDavProperty: (NSString *) property - toValue: (id) newValue -{ - NSException *exception; - SEL methodSel; - - methodSel = NSSelectorFromString ([property davSetterName]); - if ([self respondsToSelector: methodSel]) - exception = [self performSelector: methodSel - withObject: newValue]; - else - exception - = [NSException exceptionWithHTTPStatus: 404 - reason: [NSString stringWithFormat: - @"Property '%@' cannot be set.", - property]]; - - return exception; -} - - (NSException *) davSetProperties: (NSDictionary *) setProps removePropertiesNamed: (NSDictionary *) removedProps inContext: (WOContext *) localContext { NSString *currentProp; NSException *exception; - NSArray *currentRoles; NSEnumerator *properties; id currentValue; + SEL methodSel; - currentRoles = [[localContext activeUser] rolesForObject: self - inContext: localContext]; - if ([currentRoles containsObject: SoRole_Owner]) + properties = [[setProps allKeys] objectEnumerator]; + exception = nil; + while (!exception + && (currentProp = [properties nextObject])) { - properties = [[setProps allKeys] objectEnumerator]; - exception = nil; - while (!exception - && (currentProp = [properties nextObject])) + methodSel = NSSelectorFromString ([currentProp davSetterName]); + if ([self respondsToSelector: methodSel]) { currentValue = [setProps objectForKey: currentProp]; - exception = [self _setDavProperty: currentProp - toValue: currentValue]; + exception = [self performSelector: methodSel + withObject: currentValue]; } + else + exception + = [NSException exceptionWithHTTPStatus: 404 + reason: [NSString stringWithFormat: + @"Property '%@' cannot be set.", + currentProp]]; } - else - exception = [NSException exceptionWithHTTPStatus: 403 - reason: @"Modification denied."]; return exception; }