amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-05-01 09:49:27 +00:00
Code Issues Projects Releases Wiki Activity

fix(acl): only add existing uid

Browse Source
This commit is contained in:
Hivert Quentin
2026-04-15 14:28:56 +02:00
committed by QHivert
parent ee2ebbb81c
commit f9b71059f4
3 changed files with 102 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
SoObjects/SOGo/SOGoGCSFolder.m
View File

@@ -1859,27 +1859,77 @@ static NSArray *childRecordFields = nil;
EOAdaptorChannel *channel;
GCSFolder *folder;
NSEnumerator *userRoles;
NSString *SQL, *currentRole;
NSString *SQL, *currentRole, *sqlstr;
NSString *fieldName, *value;
EOAdaptorContext *adaptorCtx;
EOAdaptor *adaptor;
EOAttribute *attribute;
folder = [self ocsFolder];
channel = [folder acquireAclChannel];
[[channel adaptorContext] beginTransaction];
adaptorCtx = [channel adaptorContext];
[adaptorCtx beginTransaction];
userRoles = [roles objectEnumerator];
while ((currentRole = [userRoles nextObject]))
{
int i = 0;
int count = 0;
adaptor = [adaptorCtx adaptor];
attribute = [EOAttribute new];
[attribute autorelease];
objectPath = [NSString stringWithFormat: @"/%@", objectPath];
if ([GCSFolderManager singleStoreMode])
SQL = [NSString stringWithFormat: @"INSERT INTO %@"
@" (c_object, c_uid, c_role, c_folder_id)"
@" VALUES ('/%@', '%@', '%@', %@)",
[folder aclTableName],
objectPath, uid, currentRole, [folder folderId]];
{
sqlstr = [NSMutableString stringWithFormat: @"INSERT INTO %@"
@" (c_object, c_uid, c_role, c_folder_id)"
@" VALUES (",
[folder aclTableName]];
NSArray *keys = [NSArray arrayWithObjects: @"c_object", @"c_uid", @"c_role", @"c_folder_id", nil];
NSArray *values = [NSArray arrayWithObjects: objectPath, uid, currentRole, [folder folderId], nil];
for (i = 0, count = [keys count]; i < count; i++) {
fieldName = [keys objectAtIndex: i];
if(i < 3)
[attribute setExternalType: @"varchar"];
else
[attribute setExternalType: @"int"];
value = [values objectAtIndex: i];
if (attribute)
{
value = [adaptor formatValue: value forAttribute: attribute];
[sqlstr appendString: value];
if(i < 3)
[sqlstr appendString:@", "];
}
}
[sqlstr appendString:@")"];
}
else
SQL = [NSString stringWithFormat: @"INSERT INTO %@"
@" (c_object, c_uid, c_role)"
@" VALUES ('/%@', '%@', '%@')",
[folder aclTableName],
objectPath, uid, currentRole];
[channel evaluateExpressionX: SQL];
{
sqlstr = [NSMutableString stringWithFormat: @"INSERT INTO %@"
@" (c_object, c_uid, c_role)"
@" VALUES (",
[folder aclTableName]];
NSArray *keys = [NSArray arrayWithObjects: @"c_object", @"c_uid", @"c_role", nil];
NSArray *values = [NSArray arrayWithObjects: objectPath, uid, currentRole, nil];
for (i = 0, count = [keys count]; i < count; i++) {
fieldName = [keys objectAtIndex: i];
[attribute setExternalType: @"varchar"];
value = [values objectAtIndex: i];
if (attribute)
{
value = [adaptor formatValue: value forAttribute: attribute];
[sqlstr appendString: value];
if(i < 2)
[sqlstr appendString:@", "];
}
}
[sqlstr appendString:@")"];
}
[channel evaluateExpressionX: sqlstr];
}
[[channel adaptorContext] commitTransaction];

8
SoObjects/SOGo/SQLSource.m
View File

@@ -228,13 +228,6 @@
NSString *pass, *passwordScheme;
NSString* result;
// if ([_userPasswordAlgorithm caseInsensitiveCompare: @"none"] == NSOrderedSame ||
// [_userPasswordAlgorithm caseInsensitiveCompare: @"plain"] == NSOrderedSame ||
// [_userPasswordAlgorithm caseInsensitiveCompare: @"cleartext"] == NSOrderedSame)
// {
// pass = [pass stringByReplacingString: @"'" withString: @"''"];
// }
pass = [plainPassword asCryptedPassUsingScheme: _userPasswordAlgorithm
keyPath: _keyPath];
@@ -468,7 +461,6 @@
return NO;
// Save new password
// login = [login stringByReplacingString: @"'" withString: @"''"];
cm = [GCSChannelManager defaultChannelManager];
channel = [cm acquireOpenChannelForURL: _viewURL];
if (channel)

39
UI/Common/UIxObjectActions.m
View File

@@ -26,6 +26,8 @@
#import <NGObjWeb/WORequest.h>
#import <NGObjWeb/WOResponse.h>
#import <SOGo/SOGoUserManager.h>
#import <SoObjects/SOGo/SOGoContentObject.h>
#import <SOGo/NSDictionary+Utilities.h>
@@ -34,6 +36,25 @@
@implementation UIxObjectActions
- (BOOL) _checkUid: (NSString *) newUID
{
BOOL response;
SOGoUserManager *um;
response = NO;
if ([newUID length] > 0)
{
um = [SOGoUserManager sharedUserManager];
if ([[um getEmailForUID: newUID] length] > 0)
{
response = YES;
}
}
return response;
}
/**
* @api {get} /so/:username/:folderPath/addUserInAcls?uid=:uid Add user to ACLs
* @apiVersion 1.0.0
@@ -49,8 +70,17 @@
WOResponse *response;
NSString *uid;
unsigned int code;
NSDictionary *jsonResponse;
uid = [[context request] formValueForKey: @"uid"];
if(![self _checkUid: uid])
{
jsonResponse = [NSDictionary dictionaryWithObject: [self labelForKey: @"No such user."]
forKey: @"message"];
response = [self responseWithStatus: 403
andString: [jsonResponse jsonRepresentation]];
return response;
}
if ([[self clientObject] addUserInAcls: uid])
code = 204;
else
@@ -77,8 +107,17 @@
WOResponse *response;
NSString *uid;
unsigned int code;
NSDictionary *jsonResponse;
uid = [[context request] formValueForKey: @"uid"];
if(![self _checkUid: uid])
{
jsonResponse = [NSDictionary dictionaryWithObject: [self labelForKey: @"No such user."]
forKey: @"message"];
response = [self responseWithStatus: 403
andString: [jsonResponse jsonRepresentation]];
return response;
}
if ([[self clientObject] removeUserFromAcls: uid])
code = 204;
else