Monotone-Parent: 07066101c28f825ad99e746c40e1e3eb5c46ffd5

Monotone-Revision: 77b22cd191630300928aceb64e81d96f4a520b28

Monotone-Author: wsourdeau@inverse.ca
Monotone-Date: 2007-12-06T23:09:58
Monotone-Branch: ca.inverse.sogo

ChangeLog

@@ -1,5 +1,9 @@
 2007-12-06  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
 
+	* UI/Common/UIxAclEditor.m ([-currentUserIsOwner]): replaced
+	method with -canModifyAcls that invokes the security manager
+	instead for the permission "SaveAcls" on the client object.
+
 	* SoObjects/Appointments/SOGoCalendarComponent.m
 	([SOGoCalendarComponent -contentAsString]): securize the returned content.
 	([SOGoCalendarComponent -aclsForUser:uid]): check whether the user

SoObjects/Mailer/product.plist

@@ -42,6 +42,8 @@
         "Add Documents, Images, and Files" = ( "Owner", "ObjectCreator" );
         "Delete Objects" = ( "Owner", "ObjectEraser" );
         "WebDAV Access" = ( "Owner", "ObjectViewer" );
+        "ReadAcls" = ( "Owner", "MailAdministrator" );
+        "SaveAcls" = ( "Owner", "MailAdministrator" );
       };
     };
     SOGoSharedInboxFolder = {

SoObjects/SOGo/SOGoPermissions.h

@@ -72,6 +72,7 @@ extern NSString *SOGoCalendarRole_ComponentResponder;
 
 extern NSString *SOGoPerm_AccessObject;
 extern NSString *SOGoPerm_ReadAcls;
+extern NSString *SOGoPerm_SaveAcls;
 extern NSString *SOGoPerm_FreeBusyLookup;
 
 extern NSString *SOGoCalendarPerm_ViewWholePublicRecords;

SoObjects/SOGo/SOGoPermissions.m

@@ -76,6 +76,7 @@ NSString *SOGoPerm_AccessObject= @"Access Object";
 NSString *SOGoPerm_ReadAcls = @"ReadAcls"; /* the equivalent of "read-acl" in
                                               the WebDAV acls spec, which is
                                               currently missing from SOPE */
+NSString *SOGoPerm_SaveAcls = @"SaveAcls";
 NSString *SOGoPerm_FreeBusyLookup = @"FreeBusyLookup";
 
 NSString *SOGoCalendarPerm_ViewWholePublicRecords = @"ViewWholePublicRecords";

UI/Common/UIxAclEditor.m

@@ -25,6 +25,7 @@
 #import <Foundation/NSKeyValueCoding.h>
 #import <NGObjWeb/SoUser.h>
 #import <NGObjWeb/WORequest.h>
+#import <NGObjWeb/SoSecurityManager.h>
 #import <NGCards/iCalPerson.h>
 #import <SoObjects/SOGo/LDAPUserManager.h>
 #import <SoObjects/SOGo/SOGoContentObject.h>
@@ -186,20 +187,15 @@
   return [self jsCloseWithRefreshMethod: nil];
 }
 
-- (BOOL) currentUserIsOwner
+- (BOOL) canModifyAcls
 {
-  SOGoObject *clientObject;
-  SOGoUser *user;
-  NSString *currentUserLogin, *ownerLogin;
-  
-  clientObject = [self clientObject];
-  ownerLogin = [clientObject ownerInContext: context];
-  user = [context activeUser];
-  currentUserLogin = [user login];
-  
-  return ([ownerLogin isEqualToString: currentUserLogin]
-	  || ([user respondsToSelector: @selector (isSuperUser)]
-	      && [user isSuperUser]));
+  SoSecurityManager *mgr;
+
+  mgr = [SoSecurityManager sharedSecurityManager];
+
+  return (![mgr validatePermission: SOGoPerm_SaveAcls
+		onObject: [self clientObject]
+		inContext: context]);
 }
 
 // - (id <WOActionResults>) addUserInAcls

UI/Templates/UIxAclEditor.wox

@@ -27,7 +27,7 @@
       <input id="defaultRolesBtn" type="button"
 	class="button" label:value="Default Roles"/>
       <div class="userSelector" id="userRoles">
-	<var:if condition="currentUserIsOwner">
+	<var:if condition="canModifyAcls">
 	  <span id="userSelectorButtons">
 	    <a href="#"
 	      class="button"><img rsrc:src="add-contact.gif"