From d1c2179bbbe1792c997f44b748845ca6b258ee87 Mon Sep 17 00:00:00 2001 From: Andrew McMillan Date: Mon, 11 Jun 2012 19:43:05 +1200 Subject: [PATCH] Allow a user delegated write access to the principal to maintain it. --- inc/DAVResource.php | 2 +- inc/DAViCalSession.php | 23 +++++++++++++++++++++++ inc/ui/principal-edit.php | 7 ++++--- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/inc/DAVResource.php b/inc/DAVResource.php index fbdbcdf4..7d4713f3 100644 --- a/inc/DAVResource.php +++ b/inc/DAVResource.php @@ -755,7 +755,7 @@ EOQRY; /** - * Is the user has the privileges to do what is requested. + * Does the user have the privileges to do what is requested. * @param $do_what mixed The request privilege name, or array of privilege names, to be checked. * @param $any boolean Whether we accept any of the privileges. The default is true, unless the requested privilege is 'all', when it is false. * @return boolean Whether they do have one of those privileges against this resource. diff --git a/inc/DAViCalSession.php b/inc/DAViCalSession.php index 92dfb657..03b686c1 100644 --- a/inc/DAViCalSession.php +++ b/inc/DAViCalSession.php @@ -35,6 +35,7 @@ EOSQL; * We extend the AWL Session class. */ require('Session.php'); +include_once('DAVResource.php'); @Session::_CheckLogout(); @@ -48,6 +49,7 @@ class DAViCalSession extends Session { public $principal_id; + private $privilege_resources = array(); /** * Create a new DAViCalSession object. @@ -99,6 +101,27 @@ class DAViCalSession extends Session } + /** + * Does the user have the privileges to do what is requested. + * @param $do_what mixed The request privilege name, or array of privilege names, to be checked. + * @param $path string The path we want that permission for + * @param $any boolean Whether we accept any of the privileges. The default is true, unless the requested privilege is 'all', when it is false. + * @return boolean Whether they do have one of those privileges against the specified path. + */ + function HavePrivilegeTo( $do_what, $path, $any = null ) { + if ( $this->AllowedTo('Admin') ) return true; + if ( !isset($this->privilege_resources[$path]) ) { + $this->privilege_resources[$path] = new DAVResource($path); + } + $resource = $this->privilege_resources[$path]; + if ( isset($resource) && $resource->Exists() ) { + return $resource->HavePrivilegeTo($do_what,$any); + } + return false; + } + + + /** * Checks that this user is logged in, and presents a login screen if they aren't. * diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php index 7efe5350..2f0bf28e 100644 --- a/inc/ui/principal-edit.php +++ b/inc/ui/principal-edit.php @@ -940,12 +940,13 @@ if ( isset($_GET['subaction']) ) { } } - -$can_write_principal = ($session->AllowedTo('Admin') || $session->principal_id == $id ); - $editor = principal_editor(); $page_elements[] = $editor; +$principal_path = '/'.$editor->Value('username').'/'; +$can_write_principal = ($session->AllowedTo('Admin') || $session->principal_id == $id + || $session->HavePrivilegeTo('DAV::write', $principal_path) ); + if ( isset($id) && $id > 0 ) { $c->stylesheets[] = 'css/browse.css'; $c->scripts[] = 'js/browse.js';