git-svn-id: http://svn.opengroupware.org/SOGo/inverse/trunk@1293 d1b88da0-ebda-0310...

author wolfgang <wolfgang@d1b88da0-ebda-0310-925b-ed51d893ca5b>

Thu, 6 Dec 2007 23:10:47 +0000 (23:10 +0000)

committer wolfgang <wolfgang@d1b88da0-ebda-0310-925b-ed51d893ca5b>

Thu, 6 Dec 2007 23:10:47 +0000 (23:10 +0000)
author wolfgang <wolfgang@d1b88da0-ebda-0310-925b-ed51d893ca5b>
Thu, 6 Dec 2007 23:10:47 +0000 (23:10 +0000)
committer wolfgang <wolfgang@d1b88da0-ebda-0310-925b-ed51d893ca5b>
Thu, 6 Dec 2007 23:10:47 +0000 (23:10 +0000)
diff --git a/ChangeLog b/ChangeLog

index 419b641c02af64d4f2065e6d3400ea43149467e9..7094a39221a9fd96370cafd9a9fff29012701be2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
  2007-12-06  Wolfgang Sourdeau  <wsourdeau@inverse.ca>
  
+       * UI/Common/UIxAclEditor.m ([-currentUserIsOwner]): replaced
+       method with -canModifyAcls that invokes the security manager
+       instead for the permission "SaveAcls" on the client object.
+
         * SoObjects/Appointments/SOGoCalendarComponent.m
         ([SOGoCalendarComponent -contentAsString]): securize the returned content.
         ([SOGoCalendarComponent -aclsForUser:uid]): check whether the user
diff --git a/SoObjects/Mailer/product.plist b/SoObjects/Mailer/product.plist

index 88954481c42a4a093f2210063c82444520fa7757..dccd8726ff8f3f8eea83f4079a077563ddd88807 100644 (file)
--- a/SoObjects/Mailer/product.plist
+++ b/SoObjects/Mailer/product.plist
@@ -42,6 +42,8 @@
          "Add Documents, Images, and Files" = ( "Owner", "ObjectCreator" );
          "Delete Objects" = ( "Owner", "ObjectEraser" );
          "WebDAV Access" = ( "Owner", "ObjectViewer" );
+        "ReadAcls" = ( "Owner", "MailAdministrator" );
+        "SaveAcls" = ( "Owner", "MailAdministrator" );
        };
      };
      SOGoSharedInboxFolder = {
diff --git a/SoObjects/SOGo/SOGoPermissions.h b/SoObjects/SOGo/SOGoPermissions.h

index 53ed0e96552e9f6020592e858e83f60ef9d60536..b300a1ccca10fe4416ef81e2a29c67528d0032c9 100644 (file)
--- a/SoObjects/SOGo/SOGoPermissions.h
+++ b/SoObjects/SOGo/SOGoPermissions.h
@@ -72,6 +72,7 @@ extern NSString *SOGoCalendarRole_ComponentResponder;
  
  extern NSString *SOGoPerm_AccessObject;
  extern NSString *SOGoPerm_ReadAcls;
+extern NSString *SOGoPerm_SaveAcls;
  extern NSString *SOGoPerm_FreeBusyLookup;
  
  extern NSString *SOGoCalendarPerm_ViewWholePublicRecords;
diff --git a/SoObjects/SOGo/SOGoPermissions.m b/SoObjects/SOGo/SOGoPermissions.m

index d6c25f3a9835e790f18e85a9375c790af11bd22f..fc98f0d1a9635c277f1fc06866256e2c5c552305 100644 (file)
--- a/SoObjects/SOGo/SOGoPermissions.m
+++ b/SoObjects/SOGo/SOGoPermissions.m
@@ -76,6 +76,7 @@ NSString *SOGoPerm_AccessObject= @"Access Object";
  NSString *SOGoPerm_ReadAcls = @"ReadAcls"; /* the equivalent of "read-acl" in
                                                the WebDAV acls spec, which is
                                                currently missing from SOPE */
+NSString *SOGoPerm_SaveAcls = @"SaveAcls";
  NSString *SOGoPerm_FreeBusyLookup = @"FreeBusyLookup";
  
  NSString *SOGoCalendarPerm_ViewWholePublicRecords = @"ViewWholePublicRecords";
diff --git a/UI/Common/UIxAclEditor.m b/UI/Common/UIxAclEditor.m

index 7d7936c4a998f01512066eda247ff6fcf4085202..1d0a430e46ddc1c7b7add313cbc3579721d73764 100644 (file)
--- a/UI/Common/UIxAclEditor.m
+++ b/UI/Common/UIxAclEditor.m
@@ -25,6 +25,7 @@
  #import <Foundation/NSKeyValueCoding.h>
  #import <NGObjWeb/SoUser.h>
  #import <NGObjWeb/WORequest.h>
+#import <NGObjWeb/SoSecurityManager.h>
  #import <NGCards/iCalPerson.h>
  #import <SoObjects/SOGo/LDAPUserManager.h>
  #import <SoObjects/SOGo/SOGoContentObject.h>
@@ -186,20 +187,15 @@
    return [self jsCloseWithRefreshMethod: nil];
  }
  
-- (BOOL) currentUserIsOwner
+- (BOOL) canModifyAcls
  {
-  SOGoObject *clientObject;
-  SOGoUser *user;
-  NSString *currentUserLogin, *ownerLogin;
-  
-  clientObject = [self clientObject];
-  ownerLogin = [clientObject ownerInContext: context];
-  user = [context activeUser];
-  currentUserLogin = [user login];
-  
-  return ([ownerLogin isEqualToString: currentUserLogin]
-         || ([user respondsToSelector: @selector (isSuperUser)]
-             && [user isSuperUser]));
+  SoSecurityManager *mgr;
+
+  mgr = [SoSecurityManager sharedSecurityManager];
+
+  return (![mgr validatePermission: SOGoPerm_SaveAcls
+               onObject: [self clientObject]
+               inContext: context]);
  }
  
  // - (id <WOActionResults>) addUserInAcls
diff --git a/UI/Templates/UIxAclEditor.wox b/UI/Templates/UIxAclEditor.wox

index 85ec945645e67a5092a7ed0f92fd7e92e8e005d0..396a0e4265aaa25efda05ca60f42d008b08ded00 100644 (file)
--- a/UI/Templates/UIxAclEditor.wox
+++ b/UI/Templates/UIxAclEditor.wox
@@ -27,7 +27,7 @@
        <input id="defaultRolesBtn" type="button"
         class="button" label:value="Default Roles"/>
        <div class="userSelector" id="userRoles">
-       <var:if condition="currentUserIsOwner">
+       <var:if condition="canModifyAcls">
           <span id="userSelectorButtons">
             <a href="#"
               class="button"><img rsrc:src="add-contact.gif"
author	wolfgang <wolfgang@d1b88da0-ebda-0310-925b-ed51d893ca5b>
	Thu, 6 Dec 2007 23:10:47 +0000 (23:10 +0000)
committer	wolfgang <wolfgang@d1b88da0-ebda-0310-925b-ed51d893ca5b>
	Thu, 6 Dec 2007 23:10:47 +0000 (23:10 +0000)
ChangeLog		patch \| blob \| history
SoObjects/Mailer/product.plist		patch \| blob \| history
SoObjects/SOGo/SOGoPermissions.h		patch \| blob \| history
SoObjects/SOGo/SOGoPermissions.m		patch \| blob \| history
UI/Common/UIxAclEditor.m		patch \| blob \| history
UI/Templates/UIxAclEditor.wox		patch \| blob \| history