From: znek Date: Tue, 12 Jul 2005 16:33:18 +0000 (+0000) Subject: forbid access to group folders if request is not from the intranet X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=70210da16052e86dbdbdaa61d3cc8ba5f2f89943;p=scalable-opengroupware.org forbid access to group folders if request is not from the intranet git-svn-id: http://svn.opengroupware.org/SOGo/trunk@731 d1b88da0-ebda-0310-925b-ed51d893ca5b --- diff --git a/SOGo/SoObjects/SOGo/ChangeLog b/SOGo/SoObjects/SOGo/ChangeLog index e13e503e..f43cfb15 100644 --- a/SOGo/SoObjects/SOGo/ChangeLog +++ b/SOGo/SoObjects/SOGo/ChangeLog @@ -1,3 +1,8 @@ +2005-07-12 Marcus Mueller + + * SOGoUserFolder.m: forbid access (403) to SOGoGroupFolders if access + is not from the Intranet (v0.9.49) + 2005-07-12 Helge Hess * AgenorUserDefaults.m: added automagic profile row creation (v0.9.48) diff --git a/SOGo/SoObjects/SOGo/SOGoUserFolder.m b/SOGo/SoObjects/SOGo/SOGoUserFolder.m index 4156e6b8..66057cc4 100644 --- a/SOGo/SoObjects/SOGo/SOGoUserFolder.m +++ b/SOGo/SoObjects/SOGo/SOGoUserFolder.m @@ -21,6 +21,7 @@ // $Id$ #include "SOGoUserFolder.h" +#include "WOContext+Agenor.h" #include "common.h" @implementation SOGoUserFolder @@ -182,8 +183,13 @@ if ([_key isEqualToString:@"Contacts"]) return [self privateContacts:_key inContext:_ctx]; - if ([_key isEqualToString:@"Groups"]) + if ([_key isEqualToString:@"Groups"]) { + /* Agenor requirement, return 403 to stop acquisition */ + if (![_ctx isAccessFromIntranet]) { + return [NSException exceptionWithHTTPStatus:403 /* Forbidden */]; + } return [self groupsFolder:_key inContext:_ctx]; + } if ([_key isEqualToString:@"Mail"]) return [self mailAccountsFolder:_key inContext:_ctx]; diff --git a/SOGo/SoObjects/SOGo/Version b/SOGo/SoObjects/SOGo/Version index e2cd11d2..dd43a42a 100644 --- a/SOGo/SoObjects/SOGo/Version +++ b/SOGo/SoObjects/SOGo/Version @@ -1,6 +1,6 @@ # version file -SUBMINOR_VERSION:=48 +SUBMINOR_VERSION:=49 # v0.9.34 requires libGDLContentStore v4.5.26 # v0.9.26 requires libOGoContentStore v0.9.13