nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-01-27 00:33:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

DAVPrincipal->FetchProxyGroups(): disable grants_proxy_access_from_p()

Browse Source 
I just don't get how it's supposed to work, but it doesn't seem to
return the expected proxy delegates. This SQL doesn't expand groups,
which is a feature, and in general we only look at the grants table and
completely disregard any default privileges the principal might have
set.
This commit is contained in:
Florian Schlichting 2018-01-09 00:58:45 +01:00
parent 7181e466eb
commit ded783a603
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inc/DAVPrincipal.php
View File

@ -220,7 +220,10 @@ class DAVPrincipal extends Principal
}
}
/* grants_proxy_access_from_p() is too clever and doesn't return any results, so do it on foot
$sql = 'SELECT principal_id, username, pprivs(principal_id,:request_principal::int8,:scan_depth::int) FROM principal JOIN usr USING(user_no) WHERE usr.active=true AND principal_id IN (SELECT * from grants_proxy_access_from_p(:request_principal,:scan_depth))';
*/
$sql = 'SELECT principal_id, username, pprivs(principal_id,:request_principal::int8,:scan_depth::int) FROM principal JOIN usr USING(user_no) WHERE usr.active=true AND principal_id IN (SELECT to_principal FROM grants WHERE by_principal = :request_principal AND (privileges & 5::BIT(24)) != 0::BIT(24) AND by_collection IS NULL AND to_principal != :request_principal )';
$qry = new AwlQuery($sql, $params ); // reuse $params assigned for earlier query
if ( $qry->Exec('DAVPrincipal') && $qry->rows() > 0 ) {
while( $relationship = $qry->Fetch() ) {