[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc class.acl.inc.php
|
From: |
Sigurd Nes |
|
Subject: |
[Phpgroupware-cvs] phpgwapi/inc class.acl.inc.php |
|
Date: |
Mon, 13 Mar 2006 13:44:48 +0000 |
CVSROOT: /sources/phpgwapi
Module name: phpgwapi
Branch:
Changes by: Sigurd Nes <address@hidden> 06/03/13 13:44:48
Modified files:
inc : class.acl.inc.php
Log message:
Introducing ACL2
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/phpgwapi/phpgwapi/inc/class.acl.inc.php.diff?tr1=1.70&tr2=1.71&r1=text&r2=text
Patches:
Index: phpgwapi/inc/class.acl.inc.php
diff -u phpgwapi/inc/class.acl.inc.php:1.70 phpgwapi/inc/class.acl.inc.php:1.71
--- phpgwapi/inc/class.acl.inc.php:1.70 Sat Apr 23 21:45:17 2005
+++ phpgwapi/inc/class.acl.inc.php Mon Mar 13 13:44:47 2006
@@ -2,11 +2,11 @@
/**
* Access Control List - Security scheme based on ACL design
* @author Dan Kuykendall <address@hidden>
- * @copyright Copyright (C) 2000-2005 Free Software Foundation, Inc.
http://www.fsf.org/
+ * @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
* @license http://www.gnu.org/licenses/lgpl.html GNU Lesser General
Public License
* @package phpgwapi
* @subpackage accounts
- * @version $Id: class.acl.inc.php,v 1.70 2005/04/23 21:45:17 ceb Exp $
+ * @version $Id: class.acl.inc.php,v 1.71 2006/03/13 13:44:47 sigurdne
Exp $
*/
/**
@@ -54,7 +54,20 @@
*/
function acl($account_id = '')
{
- $this->db = $GLOBALS['phpgw']->db;
+ // $this->db = $GLOBALS['phpgw']->db;
+ $this->db = CreateObject('phpgwapi.db');
+ $this->db->Host =
$GLOBALS['phpgw_info']['server']['db_host'];
+ $this->db->Type =
$GLOBALS['phpgw_info']['server']['db_type'];
+ $this->db->Database =
$GLOBALS['phpgw_info']['server']['db_name'];
+ $this->db->User =
$GLOBALS['phpgw_info']['server']['db_user'];
+ $this->db->Password =
$GLOBALS['phpgw_info']['server']['db_pass'];
+
+ $this->db2 = CreateObject('phpgwapi.db');
+ $this->db2->Host =
$GLOBALS['phpgw_info']['server']['db_host'];
+ $this->db2->Type =
$GLOBALS['phpgw_info']['server']['db_type'];
+ $this->db2->Database =
$GLOBALS['phpgw_info']['server']['db_name'];
+ $this->db2->User =
$GLOBALS['phpgw_info']['server']['db_user'];
+ $this->db2->Password =
$GLOBALS['phpgw_info']['server']['db_pass'];
if (!($this->account_id = intval($account_id)))
{
@@ -117,7 +130,7 @@
* @return array Array with ACL records
* @access private
*/
- function read_repository()
+ function read_repository($account_type=False)
{
// For some reason, calling this via XML-RPC doesn't
call the constructor.
// Here is yet another work around(tm) (jengo)
@@ -126,14 +139,31 @@
$this->acl();
}
- $sql = 'select * from phpgw_acl where (acl_account in
(' . $this->account_id . ', 0';
+ $sql = 'select * from phpgw_acl join phpgw_accounts on
phpgw_acl.acl_account = phpgw_accounts.account_id where (acl_account in (';
- $groups =
$this->get_location_list_for_id('phpgw_group',1,$this->account_id);
+ if(!$account_type || $account_type == 'accounts' ||
$account_type == 'both')
+ {
+ $account_list[] = $this->account_id;
+ $account_list[] = 0;
+ }
+
+ if($account_type == 'groups' || $account_type == 'both')
+ {
+ $groups =
$this->get_location_list_for_id('phpgw_group', 1, $this->account_id);
while($groups && (list($key,$value) = each($groups)))
{
- $sql .= ','.$value;
+ $account_list[] = $value;
+ }
}
- $sql .= '))';
+
+ if(!is_array($account_list))
+ {
+ return;
+ }
+
+ $account_list = implode(",",$account_list);
+
+ $sql .= $account_list . '))';
$this->db->query($sql ,__LINE__,__FILE__);
$count = $this->db->num_rows();
$this->data = Array();
@@ -142,12 +172,14 @@
//reset ($this->data);
//while(list($idx,$value) = each($this->data)){
$this->db->next_record();
- $this->data[] = array
- (
+ $this->data[] = array(
'appname' =>
$this->db->f('acl_appname'),
'location' =>
$this->db->f('acl_location'),
'account' =>
$this->db->f('acl_account'),
- 'rights' =>
$this->db->f('acl_rights')
+ 'rights' => $this->db->f('acl_rights'),
+ 'grantor' =>
$this->db->f('acl_grantor'),
+ 'type' => $this->db->f('acl_type'),
+ 'account_type' =>
$this->db->f('account_type')
);
}
reset ($this->data);
@@ -177,14 +209,14 @@
* @param integer $rights Access rights in bitmask form
* @return array Array with ACL records
*/
- function add($appname = False, $location, $rights)
+ function add($appname = False, $location, $rights, $grantor =
False, $type = False)
{
if ($appname == False)
{
settype($appname,'string');
$appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
}
- $this->data[] = array('appname' => $appname, 'location'
=> $location, 'account' => $this->account_id, 'rights' => $rights);
+ $this->data[] = array('appname' => $appname, 'location'
=> $location, 'account' => $this->account_id, 'rights' => $rights, 'grantor' =>
$grantor, 'type' => $type);
reset($this->data);
return $this->data;
}
@@ -196,7 +228,7 @@
* @param string $location Application location
* @return array Array with ACL records
*/
- function delete($appname = False, $location)
+ function delete($appname = False, $location, $grantor = False,
$type = False)
{
if ($appname == False)
{
@@ -207,7 +239,7 @@
reset ($this->data);
while(list($idx,$value) = each($this->data))
{
- if ($this->data[$idx]['appname'] == $appname &&
$this->data[$idx]['location'] == $location && $this->data[$idx]['account'] ==
$this->account_id)
+ if ($this->data[$idx]['appname'] == $appname &&
$this->data[$idx]['location'] == $location && $this->data[$idx]['account'] ==
$this->account_id && $this->data[$idx]['grantor'] == $grantor &&
$this->data[$idx]['type'] == $type)
{
$this->data[$idx] = Array();
}
@@ -224,29 +256,103 @@
function save_repository()
{
- reset($this->data);
+ $this->db->transaction_begin();
$sql = 'delete from phpgw_acl where acl_account = '.
intval($this->account_id);
$this->db->query($sql ,__LINE__,__FILE__);
- $count = count($this->data);
reset ($this->data);
+
+ while(list($idx,$value) = each($this->data))
+ {
+ if(is_array($this->data[$idx]))
+ {
+ $sql = "SELECT id as location FROM
phpgw_acl_location WHERE id like '".$this->data[$idx]['location']."%' AND
appname='" . $this->data[$idx]['appname'] . "' AND id !=
'".$this->data[$idx]['location'] . "'";
+
$this->db->query($sql,__LINE__,__FILE__);
+ while($this->db->next_record())
+ {
+ $inherit_data[]= array(
+ 'appname' =>
$this->data[$idx]['appname'],
+ 'location' =>
$this->db->f('location'),
+ 'account' =>
$this->account_id,
+ 'rights' =>
$this->data[$idx]['rights'],
+ 'grantor' =>
$this->data[$idx]['grantor'],
+ 'type' =>
$this->data[$idx]['type'],
+ 'account_type' =>
$this->data[$idx]['account_type'],
+ );
+ }
+ }
+ }
+
+ reset ($this->data);
+ if(is_array($inherit_data))
+ {
+ $this->data = array_merge($this->data,
$inherit_data);
+ }
+
+ array_unique($this->data);
+
while(list($idx,$value) = each($this->data))
{
if ($this->data[$idx]['account'] ==
$this->account_id)
{
- $sql = 'insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights)';
+ $sql = 'insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights,acl_grantor,acl_type)';
$sql .= "
values('".$this->data[$idx]['appname']."', '"
- .
$this->data[$idx]['location']."', ".$this->account_id.', '.
intval($this->data[$idx]['rights']).')';
+ .
$this->data[$idx]['location']."', "
+ .$this->account_id.', '
+ .
intval($this->data[$idx]['rights']) . ', '
+ .
($this->data[$idx]['grantor']?$this->data[$idx]['grantor']:'NULL') . ', '
+ .
intval($this->data[$idx]['type'])
+ .')';
+
$this->db->query($sql
,__LINE__,__FILE__);
}
}
- reset($this->data);
- return $this->data;
+
+ /*remove duplicates*/
+
+ $sql = "SELECT * FROM phpgw_acl WHERE acl_account='" .
$this->account_id . "' GROUP BY acl_appname, acl_location, acl_account,
acl_rights,acl_grantor,acl_type";
+ $this->db->query($sql,__LINE__,__FILE__);
+ while($this->db->next_record())
+ {
+ $unique_data[]= array(
+ 'appname' =>
$this->db->f('acl_appname'),
+ 'location' =>
$this->db->f('acl_location'),
+ 'account' => $this->account_id,
+ 'rights' => $this->db->f('acl_rights'),
+ 'grantor' =>
$this->db->f('acl_grantor'),
+ 'type' => $this->db->f('acl_type')
+ );
}
+ if(is_array($unique_data))
+ {
+ $sql = 'delete from phpgw_acl where acl_account
= '. intval($this->account_id);
+ $this->db->query($sql ,__LINE__,__FILE__);
+
+ while(list($idx,$value) = each($unique_data))
+ {
+ $sql = 'insert into phpgw_acl
(acl_appname, acl_location, acl_account, acl_rights,acl_grantor,acl_type)';
+ $sql .= "
values('".$unique_data[$idx]['appname']."', '"
+ .
$unique_data[$idx]['location']."', "
+ .$this->account_id.', '
+ .
intval($unique_data[$idx]['rights']) . ', '
+ .
($unique_data[$idx]['grantor']?$unique_data[$idx]['grantor']:'NULL') . ', '
+ .
intval($unique_data[$idx]['type'])
+ .')';
+
+ $this->db->query($sql
,__LINE__,__FILE__);
+ }
+ }
+
+ $this->db->transaction_commit();
+ return $unique_data;
+ }
+
+
// These are the non-standard $account_id specific functions
+
/**
* Get rights from the repository not specific to this object
*
@@ -254,7 +360,7 @@
* @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
* @return integer Access rights in bitmask form
*/
- function get_rights($location,$appname = False)
+ function get_rights($location,$appname =
False,$grantor=False,$type=False,$account_type=False)
{
// For XML-RPC, change this once its working correctly
for passing parameters (jengo)
if (is_array($location))
@@ -262,11 +368,13 @@
$a = $location;
$location = $a['location'];
$appname = $a['appname'];
+ $grantor = $a['grantor'];
+ $type = $a['type'];
}
if (count($this->data) == 0)
{
- $this->read_repository();
+ $this->read_repository($account_type);
}
reset ($this->data);
if ($appname == False)
@@ -277,7 +385,7 @@
$count = count($this->data);
if ($count == 0 &&
$GLOBALS['phpgw_info']['server']['acl_default'] != 'deny')
{
- return True;
+// return True;
}
$rights = 0;
//for ($idx = 0; $idx < $count; ++$idx){
@@ -288,18 +396,35 @@
{
if ($this->data[$idx]['location'] ==
$location || $this->data[$idx]['location'] == 'everywhere')
{
+ if ($this->data[$idx]['type']
== $type)
+ {
+ if($grantor)
+ {
+ if
($this->data[$idx]['grantor'] == $grantor)
+ {
+ if
($this->data[$idx]['rights'] == 0)
+ {
+
return False;
+ }
+ $rights
|= $this->data[$idx]['rights'];
+
$this->account_type = $this->data[$idx]['account_type'];
+ }
+ }
+ else
+ {
if ($this->data[$idx]['rights']
== 0)
{
return False;
}
-
$rights |=
$this->data[$idx]['rights'];
+
$this->account_type = $this->data[$idx]['account_type'];
+ }
+ }
}
}
}
return $rights;
}
-
/**
* Check required rights (not specific to this object)
*
@@ -310,7 +435,47 @@
*/
function check($location, $required, $appname = False)
{
- $rights = $this->get_rights($location,$appname);
+ $rights =
$this->check_brutto($location,$required,$appname,$grantor=False,$type=0,$account_type);
+ $mask =
$this->check_brutto($location,$required,$appname,$grantor=False,$type=1,$account_type);
+
+ if($mask > 0 && $rights > 0)
+ {
+ unset($rights);
+ }
+
+ return $rights;
+ }
+
+ /**
+ * Check required rights
+ *
+ * @param string $location Application location
+ * @param integer $required Required right (bitmask) to check
against
+ * @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
+ * @param integer $grantor useraccount to check against
+ * @param integer $type mask or right (1 means mask , 0 means
right) to check against
+ * @param array $account_type to check for righst given by
groups and accounts separately
+ * @return boolean True when $required bitmap matched otherwise
false
+ */
+ function check_brutto($location, $required, $appname =
False,$grantor=False,$type=false,$account_type='')
+ {
+ if(is_array($account_type))
+ {
+ $continue = true;
+ while ($continue && list(,$entry) =
each($account_type))
+ {
+ $this->data=array();
+ $rights =
$this->get_rights($location,$appname,$grantor,$type,$entry);
+ if(!!($rights & $required)>0)
+ {
+ $continue = False;
+ }
+ }
+ }
+ else
+ {
+ $rights =
$this->get_rights($location,$appname,$grantor,$type,'both');
+ }
return !!($rights & $required);
}
@@ -319,10 +484,9 @@
*
* @param string $location Application location
* @param string|boolean $appname Application name, defaults to
false which means $phpgw_info['flags']['currentapp']
- * @param $checkgroups optional defaults to False
* @return integer Access rights in bitmask form
*/
- function get_specific_rights($location, $appname = False,
$checkgroups = False)
+ function get_specific_rights($location, $appname = False)
{
if ($appname == False)
{
@@ -337,27 +501,13 @@
}
$rights = 0;
- $account_list[0] = $this->account_id;
-
- if($checkgroups)
- {
- $user_groups =
$GLOBALS['phpgw']->accounts->membership($this->account_id);
- $user_groups =
is_array($user_groups)?$user_groups:array();
- //_debug_array($user_groups);
-
- foreach($user_groups as $null => $ad_account)
- {
-
$account_list[$i]=$ad_account['account_id'];
- ++$i;
- }
- }
-
reset ($this->data);
while(list($idx,$value) = each($this->data))
{
- if ($this->data[$idx]['appname'] == $appname &&
($this->data[$idx]['location'] == $location || $this->data[$idx]['location'] ==
'everywhere') &&
- //$this->data[$idx]['account'] ==
$this->account_id)
-
in_array($this->data[$idx]['account'],$account_list))
+ if ($this->data[$idx]['appname'] == $appname &&
+ ($this->data[$idx]['location'] ==
$location ||
+ $this->data[$idx]['location'] ==
'everywhere') &&
+ $this->data[$idx]['account'] ==
$this->account_id)
{
if ($this->data[$idx]['rights'] == 0)
{
@@ -430,40 +580,6 @@
return $locations;
}
-/*
- This is kinda how the function SHOULD work, so that it doesnt
need to do its own sql query.
- It should use the values in the $this->data
-
- function get_location_list($app, $required)
- {
- if ($appname == False)
- {
- $appname =
$GLOBALS['phpgw_info']['flags']['currentapp'];
- }
-
- $count = count($this->data);
- if ($count == 0 &&
$GLOBALS['phpgw_info']['server']['acl_default'] != 'deny'){ return True; }
- $rights = 0;
-
- reset ($this->data);
- while(list($idx,$value) = each($this->data))
- {
- if ($this->data[$idx]['appname'] == $appname &&
$this->data[$idx]['rights'] != 0)
- {
-
$location_rights[$this->data[$idx]['location']] |= $this->data[$idx]['rights'];
- }
- }
- reset($location_rights);
- for ($idx = 0; $idx < count($location_rights); ++$idx)
- {
- if (!!($location_rights[$idx] & $required) ==
True)
- {
- $location_rights[] =
$this->data[$idx]['location'];
- }
- }
- return $locations;
- }
-*/
// These are the generic functions. Not specific to $account_id
@@ -479,10 +595,24 @@
*/
function add_repository($app, $location, $account_id, $rights)
{
+
$this->delete_repository($app, $location, $account_id);
- $sql = 'insert into phpgw_acl (acl_appname,
acl_location, acl_account, acl_rights)';
- $sql .= " values ('" . $app . "','" . $location . "','"
. $account_id . "','" . $rights . "')";
+
+ $inherit_location[] = $location; // in case the
location is not found in the location table
+
+ $sql = "SELECT id as location FROM phpgw_acl_location
WHERE id like '".$location."%' AND appname='" . $app . "' AND id != '"
.$location . "'";
+ $this->db->query($sql,__LINE__,__FILE__);
+ while($this->db->next_record())
+ {
+ $inherit_location[] = $this->db->f('location');
+ }
+
+ foreach($inherit_location as $acl_location)
+ {
+ $sql = 'insert into phpgw_acl (acl_appname,
acl_location, acl_account, acl_rights,acl_grantor,acl_type)';
+ $sql .= " values ('" . $app . "','" .
$acl_location . "','" . $account_id . "','" . $rights . "', NULL ,'0')";
$this->db->query($sql ,__LINE__,__FILE__);
+ }
return True;
}
@@ -513,7 +643,7 @@
$account_sel = ' and acl_account=' .
$account_id;
}
- $sql = "delete from phpgw_acl where acl_appname like '"
. $app . "' and acl_location like '" . $location . "'" . $account_sel;
+ $sql = "delete from phpgw_acl where acl_appname like '"
. $app . "' and acl_location like '" . $location . "%'" . $account_sel;
$this->db->query($sql ,__LINE__,__FILE__);
return $this->db->num_rows();
}
@@ -568,7 +698,7 @@
*
* @param string $app Application name
* @param integer $required Required access rights in bitmap form
- * @param integer $account_id Account id
+ * @param integer $account_id Account id defaults to
$phpgw_info['user']['account_id'];
* @return array|boolean Array with location list or false
*/
function get_location_list_for_id($app, $required, $accountid =
'')
@@ -584,21 +714,22 @@
$account_id =
get_account_id($accountid,$this->account_id);
$cache_accountid[$accountid] = $account_id;
}
- $sql = "SELECT acl_location, acl_rights FROM phpgw_acl
where acl_appname='" . $this->db->db_addslashes($app)
- . "' AND acl_account=" .
intval($account_id);
+ $sql = 'SELECT acl_location, acl_rights ';
+ $sql .= "FROM phpgw_acl where acl_appname = '" .
$this->db->db_addslashes($app) . "' ";
+ $sql .= 'AND acl_account =' . intval($account_id);
$this->db->query($sql ,__LINE__,__FILE__);
$rights = 0;
- if($this->db->num_rows() == 0)
+ if ($this->db->num_rows() == 0 )
{
return False;
}
- while($this->db->next_record())
+ while ($this->db->next_record())
{
- if($this->db->f('acl_rights'))
+ if ($this->db->f('acl_rights'))
{
$rights |= $this->db->f('acl_rights');
- if(!!($rights & $required) == True)
+ if (!!($rights & $required) == True)
{
$locations[] =
$this->db->f('acl_location');
}
@@ -621,7 +752,8 @@
{
$app =
$GLOBALS['phpgw_info']['flags']['currentapp'];
}
- $sql = "SELECT acl_account, acl_rights from phpgw_acl
where acl_appname='" . $app . "' and acl_location ='" . $location . "'";
+ $sql = "select acl_account, acl_rights from phpgw_acl
where acl_appname = '$app' and ";
+ $sql .= "acl_location = '".$location."'";
$this->db->query($sql ,__LINE__,__FILE__);
$rights = 0;
if ($this->db->num_rows() == 0 )
@@ -660,7 +792,9 @@
$account_id =
get_account_id($accountid,$this->account_id);
$cache_accountid[$accountid] = $account_id;
}
- $db2 = $this->db;
+
+
+ // $db2 = $this->db;
$memberships =
$GLOBALS['phpgw']->accounts->membership($account_id);
$sql = "select acl_appname, acl_rights from phpgw_acl
where acl_location = 'run' and "
. 'acl_account in ';
@@ -671,46 +805,73 @@
$security .= ','.$group[1]['account_id'];
}
$security .= ')';
- $db2->query($sql . $security ,__LINE__,__FILE__);
+ $this->db2->query($sql . $security ,__LINE__,__FILE__);
- if ($db2->num_rows() == 0)
+ if ($this->db2->num_rows() == 0)
{
return False;
}
- while ($db2->next_record())
+ while ($this->db2->next_record())
{
- if(isset($apps[$db2->f('acl_appname')]))
+ if(isset($apps[$this->db2->f('acl_appname')]))
{
- $rights = $apps[$db2->f('acl_appname')];
+ $rights =
$apps[$this->db2->f('acl_appname')];
}
else
{
$rights = 0;
- $apps[$db2->f('acl_appname')] = 0;
+ $apps[$this->db2->f('acl_appname')] = 0;
}
- $rights |= $db2->f('acl_rights');
- $apps[$db2->f('acl_appname')] |= $rights;
+ $rights |= $this->db2->f('acl_rights');
+ $apps[$this->db2->f('acl_appname')] |= $rights;
}
return $apps;
}
+ function get_grants($app='',$location='')
+ {
+ $grant_rights =
$this->get_grants_type($app,$location,0);
+ $grant_mask = $this->get_grants_type($app,$location,1);
+ if(is_array($grant_mask))
+ {
+ while($grant_mask && (list($user_id,$mask) =
each($grant_mask)))
+ {
+ if($grant_rights[$user_id])
+ {
+ $grant_rights[$user_id] &= (~
$mask);
+ if($grant_rights[$user_id]<=0)
+ {
+ unset
($grant_rights[$user_id]);
+ }
+ }
+ }
+ }
+ return $grant_rights;
+ }
/**
* Get application specific account based granted rights list
*
* @param string $app Application name, defaults to
$phpgw_info['flags']['currentapp']
+ * @param string $location location within Application name
+ * @param integer $type mask or right (1 means mask , 0 means
right) to check against
* @return array Assoziativ array with granted access rights for
accounts
*/
- function get_grants($app='')
+ function get_grants_type($app='',$location='',$type = '')
{
- $db2 = $this->db;
+
+// $db2 = $this->db;
if ($app=='')
{
$app =
$GLOBALS['phpgw_info']['flags']['currentapp'];
}
+ if ($location)
+ {
+ $at_location = " AND acl_location =
'$location'";
+ }
- $sql = "select acl_account, acl_rights from phpgw_acl
where acl_appname = '$app' and "
- . "acl_location in ";
+ $sql = "SELECT acl_account,acl_grantor, acl_rights FROM
phpgw_acl WHERE acl_appname = '$app' $at_location AND acl_grantor IS NOT NULL
AND acl_type = $type AND "
+ . "acl_account in ";
$security = "('". $this->account_id ."'";
$myaccounts = CreateObject('phpgwapi.accounts');
$my_memberships =
$myaccounts->membership($this->account_id);
@@ -721,24 +882,24 @@
$security .= ",'" . $group['account_id'] . "'";
}
$security .= ')';
- $db2->query($sql . $security ,__LINE__,__FILE__);
+ $this->db2->query($sql . $security ,__LINE__,__FILE__);
$rights = 0;
$accounts = Array();
- if ($db2->num_rows() == 0)
+ if ($this->db2->num_rows() == 0 && $type==0)
{
$grants[$GLOBALS['phpgw_info']['user']['account_id']] = 31;
return $grants;
}
- while ($db2->next_record())
+ while ($this->db2->next_record())
{
- $grantor = $db2->f('acl_account');
- $rights = $db2->f('acl_rights');
-
+ $grantor = $this->db2->f('acl_grantor');
+ $rights = $this->db2->f('acl_rights');
if(!isset($accounts[$grantor]))
// cache the group-members for performance
{
// if $grantor is a group, get its
members
$members =
$this->get_ids_for_location($grantor,1,'phpgw_group');
+
if(!$members)
{
$accounts[$grantor] =
Array($grantor);
@@ -774,8 +935,15 @@
}
reset($accounts[$grantor]);
}
+ if($type==0)
+ {
$grants[$GLOBALS['phpgw_info']['user']['account_id']] =
31;
+ }
+ else
+ {
+ unset
($grants[$GLOBALS['phpgw_info']['user']['account_id']]);
+ }
+
return $grants;
}
}
-?>
- [Phpgroupware-cvs] phpgwapi/inc class.acl.inc.php,
Sigurd Nes <=