nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-30 03:24:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

When listing users we should not list users that we have no access to.

Browse Source
This commit is contained in:
Andrew McMillan 2006-11-22 21:07:04 +13:00
parent e576d884a3
commit a6fccffb86
2 changed files with 4 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inc/caldav-PROPFIND.php
View File

@ -209,7 +209,8 @@ function get_collection_contents( $depth, $user_no, $collection ) {
*/
if ( $collection->dav_name == '/' ) {
$sql = "SELECT user_no, user_no, '/' || username || '/' AS dav_name, md5( '/' || username || '/') AS dav_etag, ";
$sql .= "updated AS created, to_char(updated at time zone 'GMT',?) AS modified, fullname AS dav_displayname, FALSE AS is_calendar FROM usr";
$sql .= "updated AS created, to_char(updated at time zone 'GMT',?) AS modified, fullname AS dav_displayname, FALSE AS is_calendar FROM usr ";
$sql .= "WHERE user_no=$session->user_no OR get_permissions($session->user_no,user_no) ~ 'R';";
}
else {
$sql = "SELECT user_no, dav_name, dav_etag, created, to_char(modified at time zone 'GMT',?), dav_displayname, is_calendar FROM collection WHERE parent_container=".qpg($collection->dav_name);

69
testing/tests/regression-suite/002-Mulberry-1.result
View File

@ -1,8 +1,8 @@
HTTP/1.1 207 Multi-Status
Date: Dow, 01 Jan 2000 00:00:00 GMT
Server: Apache/2.2.3 (Debian) DAV/2
ETag: "1e91289a2ef6640fadb7d5c9e6c5ebbb"
Content-Length: 3214
ETag: "c6f452525856be90cb2193abb6151a59"
Content-Length: 1790
Content-Type: text/xml;charset=UTF-8
<?xml version="1.0" encoding="UTF-8" ?>
@ -20,32 +20,6 @@ Content-Type: text/xml;charset=UTF-8
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/admin/</href>
<propstat>
<prop>
<getcontentlength/>
<getcontenttype>httpd/unix-directory</getcontenttype>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/andrew/</href>
<propstat>
<prop>
<getcontentlength/>
<getcontenttype>httpd/unix-directory</getcontenttype>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/user1/</href>
<propstat>
@ -59,19 +33,6 @@ Content-Type: text/xml;charset=UTF-8
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/user2/</href>
<propstat>
<prop>
<getcontentlength/>
<getcontenttype>httpd/unix-directory</getcontenttype>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/manager1/</href>
<propstat>
@ -124,30 +85,4 @@ Content-Type: text/xml;charset=UTF-8
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/resmgr1/</href>
<propstat>
<prop>
<getcontentlength/>
<getcontenttype>httpd/unix-directory</getcontenttype>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
<response>
<href>/caldav.php/teamclient1/</href>
<propstat>
<prop>
<getcontentlength/>
<getcontenttype>httpd/unix-directory</getcontenttype>
<resourcetype>
<collection/>
</resourcetype>
</prop>
<status>HTTP/1.1 200 OK</status>
</propstat>
</response>
</multistatus>