From fdf5122383f438f1e4b8fe2995e5dfdfb6208f89 Mon Sep 17 00:00:00 2001 From: wolfgang Date: Thu, 6 Dec 2007 23:10:47 +0000 Subject: [PATCH] git-svn-id: http://svn.opengroupware.org/SOGo/inverse/trunk@1293 d1b88da0-ebda-0310-925b-ed51d893ca5b --- ChangeLog | 4 ++++ SoObjects/Mailer/product.plist | 2 ++ SoObjects/SOGo/SOGoPermissions.h | 1 + SoObjects/SOGo/SOGoPermissions.m | 1 + UI/Common/UIxAclEditor.m | 22 +++++++++------------- UI/Templates/UIxAclEditor.wox | 2 +- 6 files changed, 18 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 419b641c..7094a392 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2007-12-06 Wolfgang Sourdeau + * UI/Common/UIxAclEditor.m ([-currentUserIsOwner]): replaced + method with -canModifyAcls that invokes the security manager + instead for the permission "SaveAcls" on the client object. + * SoObjects/Appointments/SOGoCalendarComponent.m ([SOGoCalendarComponent -contentAsString]): securize the returned content. ([SOGoCalendarComponent -aclsForUser:uid]): check whether the user diff --git a/SoObjects/Mailer/product.plist b/SoObjects/Mailer/product.plist index 88954481..dccd8726 100644 --- a/SoObjects/Mailer/product.plist +++ b/SoObjects/Mailer/product.plist @@ -42,6 +42,8 @@ "Add Documents, Images, and Files" = ( "Owner", "ObjectCreator" ); "Delete Objects" = ( "Owner", "ObjectEraser" ); "WebDAV Access" = ( "Owner", "ObjectViewer" ); + "ReadAcls" = ( "Owner", "MailAdministrator" ); + "SaveAcls" = ( "Owner", "MailAdministrator" ); }; }; SOGoSharedInboxFolder = { diff --git a/SoObjects/SOGo/SOGoPermissions.h b/SoObjects/SOGo/SOGoPermissions.h index 53ed0e96..b300a1cc 100644 --- a/SoObjects/SOGo/SOGoPermissions.h +++ b/SoObjects/SOGo/SOGoPermissions.h @@ -72,6 +72,7 @@ extern NSString *SOGoCalendarRole_ComponentResponder; extern NSString *SOGoPerm_AccessObject; extern NSString *SOGoPerm_ReadAcls; +extern NSString *SOGoPerm_SaveAcls; extern NSString *SOGoPerm_FreeBusyLookup; extern NSString *SOGoCalendarPerm_ViewWholePublicRecords; diff --git a/SoObjects/SOGo/SOGoPermissions.m b/SoObjects/SOGo/SOGoPermissions.m index d6c25f3a..fc98f0d1 100644 --- a/SoObjects/SOGo/SOGoPermissions.m +++ b/SoObjects/SOGo/SOGoPermissions.m @@ -76,6 +76,7 @@ NSString *SOGoPerm_AccessObject= @"Access Object"; NSString *SOGoPerm_ReadAcls = @"ReadAcls"; /* the equivalent of "read-acl" in the WebDAV acls spec, which is currently missing from SOPE */ +NSString *SOGoPerm_SaveAcls = @"SaveAcls"; NSString *SOGoPerm_FreeBusyLookup = @"FreeBusyLookup"; NSString *SOGoCalendarPerm_ViewWholePublicRecords = @"ViewWholePublicRecords"; diff --git a/UI/Common/UIxAclEditor.m b/UI/Common/UIxAclEditor.m index 7d7936c4..1d0a430e 100644 --- a/UI/Common/UIxAclEditor.m +++ b/UI/Common/UIxAclEditor.m @@ -25,6 +25,7 @@ #import #import #import +#import #import #import #import @@ -186,20 +187,15 @@ return [self jsCloseWithRefreshMethod: nil]; } -- (BOOL) currentUserIsOwner +- (BOOL) canModifyAcls { - SOGoObject *clientObject; - SOGoUser *user; - NSString *currentUserLogin, *ownerLogin; - - clientObject = [self clientObject]; - ownerLogin = [clientObject ownerInContext: context]; - user = [context activeUser]; - currentUserLogin = [user login]; - - return ([ownerLogin isEqualToString: currentUserLogin] - || ([user respondsToSelector: @selector (isSuperUser)] - && [user isSuperUser])); + SoSecurityManager *mgr; + + mgr = [SoSecurityManager sharedSecurityManager]; + + return (![mgr validatePermission: SOGoPerm_SaveAcls + onObject: [self clientObject] + inContext: context]); } // - (id ) addUserInAcls diff --git a/UI/Templates/UIxAclEditor.wox b/UI/Templates/UIxAclEditor.wox index 85ec9456..396a0e42 100644 --- a/UI/Templates/UIxAclEditor.wox +++ b/UI/Templates/UIxAclEditor.wox @@ -27,7 +27,7 @@
- +