From 042ce5f076b723e8489ee48efe4976519775cd85 Mon Sep 17 00:00:00 2001 From: Klaus M Pfeiffer Date: Tue, 5 May 2020 23:20:02 +0200 Subject: [PATCH] add feature list_everyone (fixes #59) --- config/example-config.php | 8 ++++++++ htdocs/always.php | 1 + inc/always.php.in | 1 + inc/ui/collection-edit.php | 8 +++++++- inc/ui/principal-browse.php | 10 ++++++++++ inc/ui/principal-edit.php | 10 ++++++++-- 6 files changed, 35 insertions(+), 3 deletions(-) diff --git a/config/example-config.php b/config/example-config.php index cc4bdefa..8827e6b0 100644 --- a/config/example-config.php +++ b/config/example-config.php @@ -113,6 +113,14 @@ $c->admin_email ='calendar-admin@example.com'; // $c->local_styles = array(); // $c->print_styles = array(); +/** +* Allow users to see all accounts listed, or only their account and +* the accounts they have a relationship to in the web interface. +* Admins will still be able to see all accounts. +* Default: true +*/ +// $c->list_everyone = false; + /*************************************************************************** * * diff --git a/htdocs/always.php b/htdocs/always.php index eeba14dc..d2d3f100 100644 --- a/htdocs/always.php +++ b/htdocs/always.php @@ -134,6 +134,7 @@ $c->locale_path = '../locale'; $c->base_url = preg_replace('#/[^/]+\.php.*$#', '', $_SERVER['SCRIPT_NAME']); $c->base_directory = preg_replace('#/[^/]*$#', '', $_SERVER['DOCUMENT_ROOT']); $c->default_privileges = array('read-free-busy', 'schedule-deliver'); +$c->list_everyone = true; $c->enable_auto_schedule = true; diff --git a/inc/always.php.in b/inc/always.php.in index 10f07753..cffdb7bb 100644 --- a/inc/always.php.in +++ b/inc/always.php.in @@ -134,6 +134,7 @@ $c->locale_path = '../locale'; $c->base_url = preg_replace('#/[^/]+\.php.*$#', '', $_SERVER['SCRIPT_NAME']); $c->base_directory = preg_replace('#/[^/]*$#', '', $_SERVER['DOCUMENT_ROOT']); $c->default_privileges = array('read-free-busy', 'schedule-deliver'); +$c->list_everyone = true; $c->enable_auto_schedule = true; diff --git a/inc/ui/collection-edit.php b/inc/ui/collection-edit.php index 81bffb0b..1096839a 100644 --- a/inc/ui/collection-edit.php +++ b/inc/ui/collection-edit.php @@ -416,7 +416,13 @@ if ( $editor->Available() ) { $grantrow = new Editor("Grants", "grants"); $grantrow->SetSubmitName( 'savegrantrow' ); - $grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.') ORDER BY displayname' ); + $limit_grantrow = ''; + if ( ! $c->list_everyone ) { + if ( ! $session->AllowedTo( "Admin" ) ) { + $limit_grantrow = 'AND (principal_id = \''.$session->principal_id.'\' or principal_id in (select member_id from group_member where group_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\')) or principal_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\'))'; + } + } + $grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.') '.$limit_grantrow.' ORDER BY displayname' ); if ( $can_write_collection ) { if ( $grantrow->IsSubmit() ) { $_POST['by_collection'] = $id; diff --git a/inc/ui/principal-browse.php b/inc/ui/principal-browse.php index 28ad917b..4aa251e3 100644 --- a/inc/ui/principal-browse.php +++ b/inc/ui/principal-browse.php @@ -35,6 +35,16 @@ if ( isset($principal_type) ) { $browser->AndWhere( 'type_id = '.$principal_type ); } +if ( ! $c->list_everyone ) { + if ( ! $session->AllowedTo( "Admin" ) ) { + if ( isset($principal_type) && ( $principal_type == 1 || $principal_type == 2 ) ) { + $browser->AndWhere( '(principal_id = \''.$session->principal_id.'\' or principal_id in (select member_id from group_member where group_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\')))' ); + } + if ( isset($principal_type) && $principal_type == 3 ) { + $browser->AndWhere( '(principal_id = \''.$session->principal_id.'\' or principal_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\'))' ); + } + } +} $c->page_title = $browser->Title(); diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php index 6646b7c2..b6983d79 100644 --- a/inc/ui/principal-edit.php +++ b/inc/ui/principal-edit.php @@ -615,7 +615,7 @@ function group_members_browser() { function grant_row_editor() { - global $c, $id, $editor, $can_write_principal, $privilege_names; + global $c, $id, $editor, $can_write_principal, $privilege_names, $session; $grantrow = new Editor("Grants", "grants"); $grantrow->SetSubmitName( 'savegrantrow' ); @@ -623,7 +623,13 @@ function grant_row_editor() { if ( isset($_GET['edit_grant']) ) { $edit_grant_clause = ' AND to_principal != '.intval($_GET['edit_grant']); } - $grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE user_active AND principal_id NOT IN (SELECT to_principal FROM grants WHERE by_principal = '.$id.$edit_grant_clause.') ORDER BY fullname' ); + $limit_grantrow = ''; + if ( ! $c->list_everyone ) { + if ( ! $session->AllowedTo( "Admin" ) ) { + $limit_grantrow = 'AND (principal_id = \''.$session->principal_id.'\' or principal_id in (select member_id from group_member where group_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\')) or principal_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\'))'; + } + } + $grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE user_active AND principal_id NOT IN (SELECT to_principal FROM grants WHERE by_principal = '.$id.$edit_grant_clause.') '.$limit_grantrow.' ORDER BY fullname' ); if ( $can_write_principal ) { if ( $grantrow->IsSubmit() ) { if ( $grantrow->IsUpdate() )