Monotone-Parent: 1177d62264e0298bfd5cbd6e9d2911cba9eb17b8

Monotone-Revision: 13d6fc38849c4767d50f1ff94f4a5704748c9dd6 Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2010-07-14T23:11:37 Monotone-Branch: ca.inverse.sogo
2026-04-20 04:19:35 +00:00 · 2010-07-14 23:11:37 +00:00
parent 636f3766c6
commit ada00ef9f0
2 changed files with 17 additions and 7 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 2010-07-14  Wolfgang Sourdeau  <wsourdeau@inverse.ca>

+	* SoObjects/SOGo/SOGoGCSFolder.m (-aclSQLListingFilter): return an
+	empty string when the active user is a super user.
+
 	* Tests/Integration/test-davacl.py
 	(DAVCalendarAclTest._testEventIsSecureVersion): accept a differing
 	SUMMARY since it will always change depending on the user's
--- a/SoObjects/SOGo/SOGoGCSFolder.m
+++ b/SoObjects/SOGo/SOGoGCSFolder.m
@@ -594,14 +594,20 @@ static NSArray *childRecordFields = nil;
    [self _subscriberRenameTo: newName];
 }

+/* Returns an empty string to indicate that the filter is empty and nil when
+   the query should not even be performed. */
 - (NSString *) aclSQLListingFilter
 {
  NSString *filter, *login;
  NSArray *roles;
+  SOGoUser *activeUser;

-  login = [[context activeUser] login];
+  activeUser = [context activeUser];
+  login = [activeUser login];
  if (activeUserIsOwner
-      || [[self ownerInContext: nil] isEqualToString: login])
+      || [[self ownerInContext: nil] isEqualToString: login]
+      || ([activeUser respondsToSelector: @selector (isSuperUser)]
+          && [activeUser isSuperUser]))
    filter = @"";
  else
    {
@@ -613,9 +619,6 @@ static NSArray *childRecordFields = nil;
        filter = nil;
    }

-  /* An empty string indicates that the filter is empty while a return value
-     of nil indicates that the query should not even be performed. */
-
  return filter;
 }

@@ -1349,17 +1352,21 @@ static NSArray *childRecordFields = nil;
 - (void) initializeQuickTablesAclsInContext: (WOContext *) localContext
 {
  NSString *login;
+  SOGoUser *activeUser;

+  activeUser = [localContext activeUser];
  if (activeUserIsOwner)
    userCanAccessAllObjects = activeUserIsOwner;
  else
    {
-      login = [[localContext activeUser] login];
+      login = [activeUser login];
      /* we only grant "userCanAccessAllObjects" for role "ObjectEraser" and
         not "ObjectCreator" because the latter doesn't imply we can read
         properties from subobjects or even know their existence. */
      userCanAccessAllObjects
-        = [[self ownerInContext: localContext] isEqualToString: login];
+        = ([[self ownerInContext: localContext] isEqualToString: login]
+           || ([activeUser respondsToSelector: @selector (isSuperUser)]
+               && [activeUser isSuperUser]));
    }
 }