diff --git a/SoObjects/SOGo/SOGoGCSFolder.m b/SoObjects/SOGo/SOGoGCSFolder.m index 19f114691..b36ba1477 100644 --- a/SoObjects/SOGo/SOGoGCSFolder.m +++ b/SoObjects/SOGo/SOGoGCSFolder.m @@ -1859,27 +1859,77 @@ static NSArray *childRecordFields = nil; EOAdaptorChannel *channel; GCSFolder *folder; NSEnumerator *userRoles; - NSString *SQL, *currentRole; + NSString *SQL, *currentRole, *sqlstr; + NSString *fieldName, *value; + EOAdaptorContext *adaptorCtx; + EOAdaptor *adaptor; + EOAttribute *attribute; folder = [self ocsFolder]; channel = [folder acquireAclChannel]; - [[channel adaptorContext] beginTransaction]; + adaptorCtx = [channel adaptorContext]; + + [adaptorCtx beginTransaction]; userRoles = [roles objectEnumerator]; while ((currentRole = [userRoles nextObject])) { + int i = 0; + int count = 0; + adaptor = [adaptorCtx adaptor]; + attribute = [EOAttribute new]; + [attribute autorelease]; + objectPath = [NSString stringWithFormat: @"/%@", objectPath]; if ([GCSFolderManager singleStoreMode]) - SQL = [NSString stringWithFormat: @"INSERT INTO %@" - @" (c_object, c_uid, c_role, c_folder_id)" - @" VALUES ('/%@', '%@', '%@', %@)", - [folder aclTableName], - objectPath, uid, currentRole, [folder folderId]]; + { + sqlstr = [NSMutableString stringWithFormat: @"INSERT INTO %@" + @" (c_object, c_uid, c_role, c_folder_id)" + @" VALUES (", + [folder aclTableName]]; + NSArray *keys = [NSArray arrayWithObjects: @"c_object", @"c_uid", @"c_role", @"c_folder_id", nil]; + NSArray *values = [NSArray arrayWithObjects: objectPath, uid, currentRole, [folder folderId], nil]; + + for (i = 0, count = [keys count]; i < count; i++) { + fieldName = [keys objectAtIndex: i]; + if(i < 3) + [attribute setExternalType: @"varchar"]; + else + [attribute setExternalType: @"int"]; + value = [values objectAtIndex: i]; + if (attribute) + { + value = [adaptor formatValue: value forAttribute: attribute]; + [sqlstr appendString: value]; + if(i < 3) + [sqlstr appendString:@", "]; + } + } + [sqlstr appendString:@")"]; + } else - SQL = [NSString stringWithFormat: @"INSERT INTO %@" - @" (c_object, c_uid, c_role)" - @" VALUES ('/%@', '%@', '%@')", - [folder aclTableName], - objectPath, uid, currentRole]; - [channel evaluateExpressionX: SQL]; + { + sqlstr = [NSMutableString stringWithFormat: @"INSERT INTO %@" + @" (c_object, c_uid, c_role)" + @" VALUES (", + [folder aclTableName]]; + NSArray *keys = [NSArray arrayWithObjects: @"c_object", @"c_uid", @"c_role", nil]; + NSArray *values = [NSArray arrayWithObjects: objectPath, uid, currentRole, nil]; + + for (i = 0, count = [keys count]; i < count; i++) { + fieldName = [keys objectAtIndex: i]; + [attribute setExternalType: @"varchar"]; + value = [values objectAtIndex: i]; + if (attribute) + { + value = [adaptor formatValue: value forAttribute: attribute]; + [sqlstr appendString: value]; + if(i < 2) + [sqlstr appendString:@", "]; + } + } + [sqlstr appendString:@")"]; + } + + [channel evaluateExpressionX: sqlstr]; } [[channel adaptorContext] commitTransaction]; diff --git a/SoObjects/SOGo/SQLSource.m b/SoObjects/SOGo/SQLSource.m index b24aea196..90ee641fe 100644 --- a/SoObjects/SOGo/SQLSource.m +++ b/SoObjects/SOGo/SQLSource.m @@ -228,13 +228,6 @@ NSString *pass, *passwordScheme; NSString* result; - // if ([_userPasswordAlgorithm caseInsensitiveCompare: @"none"] == NSOrderedSame || - // [_userPasswordAlgorithm caseInsensitiveCompare: @"plain"] == NSOrderedSame || - // [_userPasswordAlgorithm caseInsensitiveCompare: @"cleartext"] == NSOrderedSame) - // { - // pass = [pass stringByReplacingString: @"'" withString: @"''"]; - // } - pass = [plainPassword asCryptedPassUsingScheme: _userPasswordAlgorithm keyPath: _keyPath]; @@ -468,7 +461,6 @@ return NO; // Save new password - // login = [login stringByReplacingString: @"'" withString: @"''"]; cm = [GCSChannelManager defaultChannelManager]; channel = [cm acquireOpenChannelForURL: _viewURL]; if (channel) diff --git a/UI/Common/UIxObjectActions.m b/UI/Common/UIxObjectActions.m index 9ade2d9ee..873273d93 100644 --- a/UI/Common/UIxObjectActions.m +++ b/UI/Common/UIxObjectActions.m @@ -26,6 +26,8 @@ #import #import +#import + #import #import @@ -34,6 +36,25 @@ @implementation UIxObjectActions + +- (BOOL) _checkUid: (NSString *) newUID +{ + BOOL response; + SOGoUserManager *um; + response = NO; + + if ([newUID length] > 0) + { + um = [SOGoUserManager sharedUserManager]; + if ([[um getEmailForUID: newUID] length] > 0) + { + response = YES; + } + } + + return response; +} + /** * @api {get} /so/:username/:folderPath/addUserInAcls?uid=:uid Add user to ACLs * @apiVersion 1.0.0 @@ -49,8 +70,17 @@ WOResponse *response; NSString *uid; unsigned int code; + NSDictionary *jsonResponse; uid = [[context request] formValueForKey: @"uid"]; + if(![self _checkUid: uid]) + { + jsonResponse = [NSDictionary dictionaryWithObject: [self labelForKey: @"No such user."] + forKey: @"message"]; + response = [self responseWithStatus: 403 + andString: [jsonResponse jsonRepresentation]]; + return response; + } if ([[self clientObject] addUserInAcls: uid]) code = 204; else @@ -77,8 +107,17 @@ WOResponse *response; NSString *uid; unsigned int code; + NSDictionary *jsonResponse; uid = [[context request] formValueForKey: @"uid"]; + if(![self _checkUid: uid]) + { + jsonResponse = [NSDictionary dictionaryWithObject: [self labelForKey: @"No such user."] + forKey: @"message"]; + response = [self responseWithStatus: 403 + andString: [jsonResponse jsonRepresentation]]; + return response; + } if ([[self clientObject] removeUserFromAcls: uid]) code = 204; else