From 84b93929c2779abbb537e97fa34a1a1abcbd60de Mon Sep 17 00:00:00 2001
From: Wolfgang Sourdeau <wsourdeau@inverse.ca>
Date: Tue, 27 Nov 2007 21:06:11 +0000
Subject: [PATCH] Monotone-Parent: c69f7f8d6e6f9e8f9e94f61cae6ed7a39e26e747
 Monotone-Revision: b3c4fef061776cff263262f03c363766fa58d479

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2007-11-27T21:06:11
Monotone-Branch: ca.inverse.sogo
---
 SoObjects/Mailer/SOGoMailFolder.m             | 11 +--
 SoObjects/Mailer/product.plist                |  2 +-
 SoObjects/SOGo/SOGoContentObject.m            | 12 +--
 SoObjects/SOGo/SOGoGCSFolder.m                |  2 -
 SoObjects/SOGo/SOGoPermissions.m              |  1 -
 UI/Common/UIxFolderActions.m                  | 53 ++++++-----
 UI/Common/product.plist                       |  2 +-
 UI/Contacts/UIxContactsUserRightsEditor.m     | 18 ----
 UI/MailerUI/UIxMailUserRightsEditor.m         | 18 ----
 UI/MainUI/product.plist                       | 27 ++++--
 .../UIxContactsUserRightsEditor.wox           | 15 +--
 UI/WebServerResources/ContactsUI.js           | 92 +++++++++++--------
 12 files changed, 119 insertions(+), 134 deletions(-)

diff --git a/SoObjects/Mailer/SOGoMailFolder.m b/SoObjects/Mailer/SOGoMailFolder.m
index 96be31613..a0cff9ecf 100644
--- a/SoObjects/Mailer/SOGoMailFolder.m
+++ b/SoObjects/Mailer/SOGoMailFolder.m
@@ -454,10 +454,8 @@ static NSString *defaultUserID =  @"anyone";
       switch ([imapAcls characterAtIndex: count])
 	{
 	case 'l':
-	  [SOGoAcls addObjectUniquely: SOGoRole_ObjectViewer];
-	  break;
 	case 'r':
-	  [SOGoAcls addObjectUniquely: SOGoRole_ObjectReader];
+	  [SOGoAcls addObjectUniquely: SOGoRole_ObjectViewer];
 	  break;
 	case 's':
 	  [SOGoAcls addObjectUniquely: SOGoMailRole_SeenKeeper];
@@ -505,9 +503,10 @@ static NSString *defaultUserID =  @"anyone";
   while (currentAcl)
     {
       if ([currentAcl isEqualToString: SOGoRole_ObjectViewer])
-	character = 'l';
-      else if ([currentAcl isEqualToString: SOGoRole_ObjectReader])
-	character = 'r';
+	{
+	  [imapAcls appendFormat: @"lr"];
+	  character = 0;
+	}
       else if ([currentAcl isEqualToString: SOGoMailRole_SeenKeeper])
 	character = 's';
       else if ([currentAcl isEqualToString: SOGoMailRole_Writer])
diff --git a/SoObjects/Mailer/product.plist b/SoObjects/Mailer/product.plist
index 2a93d2b7a..238a62294 100644
--- a/SoObjects/Mailer/product.plist
+++ b/SoObjects/Mailer/product.plist
@@ -42,7 +42,7 @@
       superclass    = "SOGoMailBaseObject";
       defaultRoles = {
         "View" = ( "Owner", "ObjectViewer" );
-        "Access Contents Information" = ( "Owner", "ObjectReader" );
+        "Access Contents Information" = ( "Owner", "ObjectViewer" );
         "Add Documents, Images, and Files" = ( "Owner", "ObjectCreator" );
         "Delete Objects" = ( "Owner", "ObjectEraser" );
         "WebDAV Access" = ( "Owner", "ObjectViewer" );
diff --git a/SoObjects/SOGo/SOGoContentObject.m b/SoObjects/SOGo/SOGoContentObject.m
index e45b458f7..1e1d0f795 100644
--- a/SoObjects/SOGo/SOGoContentObject.m
+++ b/SoObjects/SOGo/SOGoContentObject.m
@@ -374,16 +374,14 @@
   containerAcls = [container aclsForUser: uid];
   if ([containerAcls count] > 0)
     {
-      if ([containerAcls containsObject: SOGoRole_ObjectCreator])
+      [acls addObjectsFromArray: containerAcls];
+      if (isNew)
 	{
-	  [acls addObject: SOGoRole_ObjectCreator];
-	  if (isNew)
+	  if ([containerAcls containsObject: SOGoRole_ObjectCreator])
 	    [acls addObject: SOGoRole_ObjectEditor];
+	  else
+	    [acls removeObject: SOGoRole_ObjectEditor];
 	}
-      if ([containerAcls containsObject: SOGoRole_ObjectReader])
-	[acls addObject: SOGoRole_ObjectViewer];
-      if ([containerAcls containsObject: SOGoRole_ObjectEditor])
-	[acls addObject: SOGoRole_ObjectEditor];
     }
 
   return acls;
diff --git a/SoObjects/SOGo/SOGoGCSFolder.m b/SoObjects/SOGo/SOGoGCSFolder.m
index 728d3c303..8eb59067e 100644
--- a/SoObjects/SOGo/SOGoGCSFolder.m
+++ b/SoObjects/SOGo/SOGoGCSFolder.m
@@ -596,8 +596,6 @@ static NSString *defaultUserID = @"<default>";
       containerAcls = [container aclsForUser: uid];
       if ([containerAcls count] > 0)
 	{
-	  if ([containerAcls containsObject: SOGoRole_ObjectReader])
-	    [acls addObject: SOGoRole_ObjectViewer];
 #warning this should be checked
 	  if ([containerAcls containsObject: SOGoRole_ObjectEraser])
 	    [acls addObject: SOGoRole_ObjectEraser];
diff --git a/SoObjects/SOGo/SOGoPermissions.m b/SoObjects/SOGo/SOGoPermissions.m
index 0e9769151..d6c25f3a9 100644
--- a/SoObjects/SOGo/SOGoPermissions.m
+++ b/SoObjects/SOGo/SOGoPermissions.m
@@ -26,7 +26,6 @@
 NSString *SOGoRole_ObjectCreator = @"ObjectCreator";
 NSString *SOGoRole_ObjectEraser = @"ObjectEraser";
 NSString *SOGoRole_ObjectViewer = @"ObjectViewer";
-NSString *SOGoRole_ObjectReader = @"ObjectReader";
 NSString *SOGoRole_ObjectEditor = @"ObjectEditor";
 
 NSString *SOGoRole_FolderCreator = @"FolderCreator";
diff --git a/UI/Common/UIxFolderActions.m b/UI/Common/UIxFolderActions.m
index 44d21f6d3..d8c659685 100644
--- a/UI/Common/UIxFolderActions.m
+++ b/UI/Common/UIxFolderActions.m
@@ -147,34 +147,39 @@
 
 - (WOResponse *) canAccessContentAction
 {
-#warning IMPROVEMENTS REQUIRED!
-  NSArray *acls;
-//  NSEnumerator *userAcls;
-//  NSString *currentAcl;
+  /* We want this action to be authorized managed by the SOPE's internal acl
+     handling. */
+  return [self responseWith204];
+// #warning IMPROVEMENTS REQUIRED!
+//   NSArray *acls;
+// //  NSEnumerator *userAcls;
+// //  NSString *currentAcl;
 
-  [self _setupContext];
+//   [self _setupContext];
   
-//  NSLog(@"canAccessContentAction %@, owner %@", subscriptionPointer, owner);
+// //  NSLog(@"canAccessContentAction %@, owner %@", subscriptionPointer, owner);
 
-  if ([login isEqualToString: owner] || [owner isEqualToString: @"nobody"]) {
-    return [self responseWith204];
-  }
-  else {
-    acls = [clientObject aclsForUser: login];
-//    userAcls = [acls objectEnumerator];
-//    currentAcl = [userAcls nextObject];
-//    while (currentAcl) {
-//      NSLog(@"ACL login %@, owner %@, folder %@: %@",
-//	    login, owner, baseFolder, currentAcl);
-//      currentAcl = [userAcls nextObject];
-//    }
-    if (([[clientObject folderType] isEqualToString: @"Contact"]     && [acls containsObject: SOGoRole_ObjectReader]) ||
-	([[clientObject folderType] isEqualToString: @"Appointment"] && [acls containsObject: SOGoRole_AuthorizedSubscriber])) {
-      return [self responseWith204];
-    }
-  }
+//   if ([login isEqualToString: owner] || [owner isEqualToString: @"nobody"]) {
+//     return [self responseWith204];
+//   }
+//   else {
+//     acls = [clientObject aclsForUser: login];
+// //    userAcls = [acls objectEnumerator];
+// //    currentAcl = [userAcls nextObject];
+// //    while (currentAcl) {
+// //      NSLog(@"ACL login %@, owner %@, folder %@: %@",
+// //	    login, owner, baseFolder, currentAcl);
+// //      currentAcl = [userAcls nextObject];
+// //    }
+//     if (([[clientObject folderType] isEqualToString: @"Contact"]
+// 	 && [acls containsObject: SOGoRole_ObjectViewer]) ||
+// 	([[clientObject folderType] isEqualToString: @"Appointment"]
+// 	 && [acls containsObject: SOGoRole_AuthorizedSubscriber])) {
+//       return [self responseWith204];
+//     }
+//   }
   
-  return [self responseWithStatus: 403];
+//   return [self responseWithStatus: 403];
 }
 
 - (WOResponse *) _realFolderActivation: (BOOL) makeActive
diff --git a/UI/Common/product.plist b/UI/Common/product.plist
index ea75a393f..16cf11bf6 100644
--- a/UI/Common/product.plist
+++ b/UI/Common/product.plist
@@ -84,7 +84,7 @@
 	  actionName = "unsubscribe";
 	};
 	canAccessContent = {
-	  protectedBy = "<public>";
+	  protectedBy = "Access Object";
 	  actionClass = "UIxFolderActions";
 	  actionName = "canAccessContent";
 	};
diff --git a/UI/Contacts/UIxContactsUserRightsEditor.m b/UI/Contacts/UIxContactsUserRightsEditor.m
index 65cb1d118..a6d43ee01 100644
--- a/UI/Contacts/UIxContactsUserRightsEditor.m
+++ b/UI/Contacts/UIxContactsUserRightsEditor.m
@@ -81,19 +81,6 @@
   return [userRights containsObject: SOGoRole_ObjectViewer];
 }
 
-- (void) setUserCanReadObjects: (BOOL) userCanReadObjects
-{
-  if (userCanReadObjects)
-    [self appendRight: SOGoRole_ObjectReader];
-  else
-    [self removeRight: SOGoRole_ObjectReader];
-}
-
-- (BOOL) userCanReadObjects
-{
-  return [userRights containsObject: SOGoRole_ObjectReader];
-}
-
 - (void) updateRights
 {
   WORequest *request;
@@ -115,11 +102,6 @@
   else
     [self removeRight: SOGoRole_ObjectViewer];
 
-  if ([[request formValueForKey: @"ObjectReader"] length] > 0)
-    [self appendRight: SOGoRole_ObjectReader];
-  else
-    [self removeRight: SOGoRole_ObjectReader];
-
   if ([[request formValueForKey: @"ObjectEraser"] length] > 0)
     [self appendRight: SOGoRole_ObjectEraser];
   else
diff --git a/UI/MailerUI/UIxMailUserRightsEditor.m b/UI/MailerUI/UIxMailUserRightsEditor.m
index 08942a3ef..c9d3853cb 100644
--- a/UI/MailerUI/UIxMailUserRightsEditor.m
+++ b/UI/MailerUI/UIxMailUserRightsEditor.m
@@ -42,19 +42,6 @@
   return [userRights containsObject: SOGoRole_ObjectViewer];
 }
 
-- (void) setUserCanReadMails: (BOOL) userCanReadMails
-{
-  if (userCanReadMails)
-    [self appendRight: SOGoRole_ObjectReader];
-  else
-    [self removeRight: SOGoRole_ObjectReader];
-}
-
-- (BOOL) userCanReadMails
-{
-  return [userRights containsObject: SOGoRole_ObjectReader];
-}
-
 - (void) setUserCanMarkMailsRead: (BOOL) userCanMarkMailsRead
 {
   if (userCanMarkMailsRead)
@@ -183,11 +170,6 @@
   else
     [self removeRight: SOGoRole_ObjectViewer];
 
-  if ([[request formValueForKey: SOGoRole_ObjectReader] length] > 0)
-    [self appendRight: SOGoRole_ObjectReader];
-  else
-    [self removeRight: SOGoRole_ObjectReader];
-
   if ([[request formValueForKey: SOGoMailRole_SeenKeeper] length] > 0)
     [self appendRight: SOGoMailRole_SeenKeeper];
   else
diff --git a/UI/MainUI/product.plist b/UI/MainUI/product.plist
index 3eb0a70d5..05ffd1464 100644
--- a/UI/MainUI/product.plist
+++ b/UI/MainUI/product.plist
@@ -21,31 +21,44 @@
       defaultRoles = {
 	"View" = ( "Owner", "ObjectViewer" );
 	"Change Images And Files"  = ( "Owner", "ObjectEditor" );
-	"Access Contents Information" = ( "Owner", "ObjectReader" );
+	"Access Object" = ( "Owner", "ObjectViewer", "ObjectEditor", "ObjectCreator", "ObjectEraser" );
+	"Access Contents Information" = ( "Owner", "ObjectViewer" );
         "Add Documents, Images, and Files" = ( "Owner", "ObjectCreator" );
 	"Add Folders" = ( "Owner", "FolderCreator" );
         "ReadAcls" = ( "Owner" );
         "SaveAcls" = ( "Owner" );
         "Delete Objects" = ( "Owner", "ObjectEraser" );
+        "WebDAV Access" = ( "Owner", "ObjectViewer", "ObjectEditor", "ObjectCreator", "ObjectEraser" );
       };
     };
     SOGoContentObject = {
       superclass = "SOGoObject";
+      defaultAccess = "Access Contents Information";
       protectedBy = "Access Object";
       defaultRoles = {
-	"Access Object" = ( "Owner", "ObjectViewer" );
-	"Access Contents Information" = ( "Owner", "ObjectViewer" );
-	"Change Images And Files"  = ( "Owner", "ObjectEditor" );
+      	"Access Contents Information" = ( "Owner", "ObjectViewer", "ObjectEditor" );
+	"Change Images And Files" = ( "Owner", "ObjectEditor" );
+      };
+      methods = {
+        DELETE = { 
+          protectedBy = "Delete Objects";
+        };
+	GET = {
+          protectedBy = "Access Contents Information";
+	};
+	PUT = {
+	  protectedBy = "Change Images And Files";
+	};
       };
     };
+
     SOGoFolder = {
       superclass = "SOGoObject";
       protectedBy = "Access Object";
       defaultRoles = {
 	"Change Images And Files"  = ( "Owner", "ObjectEditor" );
-        "WebDAV Access" = ( "Owner", "AuthorizedSubscriber" );
-	"Access Object" = ( "Owner", "ObjectViewer" );
-	"Access Contents Information" = ( "Owner", "ObjectViewer" );
+	"View" = ( "Owner", "ObjectViewer", "ObjectEditor" );
+	"Access Contents Information" = ( "Owner", "ObjectViewer", "ObjectEditor" );
       };
     };
     SOGoParentFolder = {
diff --git a/UI/Templates/ContactsUI/UIxContactsUserRightsEditor.wox b/UI/Templates/ContactsUI/UIxContactsUserRightsEditor.wox
index 620cfd20a..5ed6a6b19 100644
--- a/UI/Templates/ContactsUI/UIxContactsUserRightsEditor.wox
+++ b/UI/Templates/ContactsUI/UIxContactsUserRightsEditor.wox
@@ -27,21 +27,16 @@
 	  var:checked="userCanCreateObjects"/><var:string
 	  label:value="This person can add cards to this addressbook."/></label>
       <br/>
+      <label><input type="checkbox" class="checkBox"
+	  const:name="ObjectViewer"
+	  var:checked="userCanViewObjects"/><var:string
+	  label:value="This person can read the cards of this addressbook."/></label>
+      <br/>
       <label><input type="checkbox" class="checkBox"
 	  const:name="ObjectEditor"
 	  var:checked="userCanEditObjects"/><var:string
 	  label:value="This person can edit the cards of this addressbook."/></label>
       <br/>
-      <label><input type="checkbox" class="checkBox"
-	  const:name="ObjectViewer"
-	  var:checked="userCanViewObjects"/><var:string
-	  label:value="This person can list the content of this addressbook."/></label>
-      <br/>
-      <label><input type="checkbox" class="checkBox"
-	  const:name="ObjectReader"
-	  var:checked="userCanReadObjects"/><var:string
-	  label:value="This person can read the cards of this addressbook."/></label>
-      <br/>
       <label><input type="checkbox" class="checkBox"
 	  const:name="ObjectEraser"
 	  var:checked="userCanEraseObjects"/><var:string
diff --git a/UI/WebServerResources/ContactsUI.js b/UI/WebServerResources/ContactsUI.js
index 293a98302..8b449799c 100644
--- a/UI/WebServerResources/ContactsUI.js
+++ b/UI/WebServerResources/ContactsUI.js
@@ -74,45 +74,45 @@ function openContactsFolderAtIndex(element) {
 }
 
 function contactsListCallback(http) {
-  if (http.readyState == 4
-      && http.status == 200) {
-    document.contactsListAjaxRequest = null;
+  if (http.readyState == 4) {
+    if (http.status == 200) {
+      document.contactsListAjaxRequest = null;
 
-    var table = $("contactsList");
-    if (table) {
-      // Update table
-      var data = http.responseText;
-      var html = data.replace(/^(.*\n)*.*(<table(.*\n)*)$/, "$2");
-      var tbody = table.tBodies[0]; 
-      var tmp = document.createElement('div');
-      $(tmp).update(html);
-      table.replaceChild(tmp.firstChild.tBodies[0], tbody);
-    }
-    else {
-      // Add table (doesn't happen .. yet)
-      var div = $("contactsListContent");
-      div.update(http.responseText);
-      table = $("contactsList");
-      configureSortableTableHeaders(table);
-      TableKit.Resizable.init(table, {'trueResize' : true, 'keepWidth' : true});
-    }
+      var table = $("contactsList");
+      if (table) {
+	// Update table
+	var data = http.responseText;
+	var html = data.replace(/^(.*\n)*.*(<table(.*\n)*)$/, "$2");
+	var tbody = table.tBodies[0]; 
+	var tmp = document.createElement('div');
+	$(tmp).update(html);
+	table.replaceChild(tmp.firstChild.tBodies[0], tbody);
+      }
+      else {
+	// Add table (doesn't happen .. yet)
+	var div = $("contactsListContent");
+	div.update(http.responseText);
+	table = $("contactsList");
+	configureSortableTableHeaders(table);
+	TableKit.Resizable.init(table, {'trueResize' : true, 'keepWidth' : true});
+      }
     
-    if (sorting["attribute"] && sorting["attribute"].length > 0) {
-       var sortHeader;
-       if (sorting["attribute"] == "displayName")
+      if (sorting["attribute"] && sorting["attribute"].length > 0) {
+	var sortHeader;
+	if (sorting["attribute"] == "displayName")
 	  sortHeader = $("nameHeader");
-       else if (sorting["attribute"] == "mail")
+	else if (sorting["attribute"] == "mail")
 	  sortHeader = $("mailHeader");
-       else if (sorting["attribute"] == "screenName")
+	else if (sorting["attribute"] == "screenName")
 	  sortHeader = $("screenNameHeader");
-       else if (sorting["attribute"] == "org")
+	else if (sorting["attribute"] == "org")
 	  sortHeader = $("orgHeader");
-       else if (sorting["attribute"] == "phone")
+	else if (sorting["attribute"] == "phone")
 	  sortHeader = $("phoneHeader");
-       else
+	else
 	  sortHeader = null;
        
-       if (sortHeader) {
+	if (sortHeader) {
 	  var sortImages = $(table.tHead).getElementsByClassName("sortImage");
 	  $(sortImages).each(function(item) {
 	      item.remove();
@@ -121,19 +121,33 @@ function contactsListCallback(http) {
 	  var sortImage = createElement("img", "messageSortImage", "sortImage");
 	  sortHeader.insertBefore(sortImage, sortHeader.firstChild);
 	  if (sorting["ascending"])
-	     sortImage.src = ResourcesURL + "/title_sortdown_12x12.png";
+	    sortImage.src = ResourcesURL + "/title_sortdown_12x12.png";
 	  else
-	     sortImage.src = ResourcesURL + "/title_sortup_12x12.png";
-       }
-    }
+	    sortImage.src = ResourcesURL + "/title_sortup_12x12.png";
+	}
+      }
 
-    var selected = http.callbackData;
-    if (selected) {
-       for (var i = 0; i < selected.length; i++) {
+      var selected = http.callbackData;
+      if (selected) {
+	for (var i = 0; i < selected.length; i++) {
 	  var row = $(selected[i]);
 	  if (row)
-	     row.select();
-       }
+	    row.select();
+	}
+      }
+    }
+    else {
+      var table = $("contactsList");
+      if (table) {
+	var sortImages = $(table.tHead).getElementsByClassName("sortImage");
+	$(sortImages).each(function(item) {
+	    item.remove();
+	  });
+	var tBody = $(table.tBodies[0]);
+	var length = tBody.rows.length;
+	for (var i = length - 1; i > -1; i--)
+	  tBody.removeChild(tBody.rows[i]);
+      }
     }
   }
   else