nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-02-08 02:33:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
davical/inc/ui/collection-edit.php
Florian Schlichting 202e2edd5a tighten $c->list_everyone to look for DAV::read privilege and actually block access to principals and collections 
Groups really only exist in the davical web interface, CALDAV clients
discover principals and collections based on GRANTs such as the
DAV::read privilege, so use that for the web interface as well.

Also, not listing users is nice, actually blocking access to those users
(which can be enumerated with the id GET parameter) is a lot better.
2021-02-09 01:54:32 +08:00

608 lines
28 KiB
PHP
Raw Blame History

<?php
require_once("csrf_tokens.php");
// Editor component for collections
$editor = new Editor(translate('Collection'), 'collection');
param_to_global('id', 'int', 'old_id', 'collection_id' );
param_to_global('user_no', 'int' );
param_to_global('principal_id', 'int' );
param_to_global('collection_name', '{^.+$}' );
if ( isset($user_no) ) $principal = new Principal('user_no',$user_no);
if ( isset($principal_id) ) $principal = new Principal('principal_id',$principal_id);
$editor->SetLookup( 'timezone', 'SELECT \'\', \'*** Unknown ***\' UNION SELECT tzid, olson_name FROM timezones WHERE tzid = olson_name AND length(vtimezone) > 100 ORDER BY 1' );
$editor->SetLookup( 'schedule_transp', 'SELECT \'opaque\', \'Opaque\' UNION SELECT \'transp\', \'Transparent\'' );
$editor->AddAttribute('timezone', 'id', 'fld_timezone' );
$editor->AddAttribute('schedule_transp', 'id', 'fld_schedule_transp' );
$editor->AddAttribute('is_calendar', 'id', 'fld_is_calendar');
$editor->AddAttribute('is_addressbook', 'id', 'fld_is_addressbook');
$editor->AddAttribute('is_calendar', 'onclick', 'toggle_enabled(\'fld_is_calendar\',\'=fld_timezone\',\'=fld_schedule_transp\',\'!fld_is_addressbook\');');
$editor->AddAttribute('is_addressbook', 'onclick', 'toggle_enabled(\'fld_is_addressbook\',\'!fld_is_calendar\');');
$editor->AddField('use_default_privs','default_privileges IS NULL');
$editor->AddAttribute('use_default_privs', 'id', 'fld_use_default_privs');
$editor->AddAttribute('use_default_privs', 'onclick', 'toggle_visible(\'fld_use_default_privs\',\'!privileges_settings\');');
$editor->AddField('ics_file', "''");
$editor->AddAttribute('ics_file', 'title', translate('Upload an iCalendar file or VCard file to replace this collection.'));
$editor->AddAttribute('ics_file', 'id', 'fld_ics_file');
$editor->AddField('mode', 'FALSE');
$editor->AddAttribute('mode', 'title', translate('Should the uploaded entries be appended to the collection?'));
$editor->AddAttribute('mode', '_label', translate('Append'));
$editor->AddAttribute('mode', 'id', 'fld_mode');
$editor->SetWhere( 'collection_id='.$id );
$privilege_names = array( 'read', 'write-properties', 'write-content', 'unlock', 'read-acl', 'read-current-user-privilege-set',
'bind', 'unbind', 'write-acl', 'read-free-busy' );
$params = array(
':session_principal' => $session->principal_id,
':scan_depth' => $c->permission_scan_depth
);
$is_update = ( $_POST['_editor_action'][$editor->Id] == 'update' );
if ( isset($collection_name) ) $collection_name = trim(str_replace( '/', '', $collection_name));
if ( !$is_update && isset($collection_name) && $collection_name != '' && is_object($principal) ) {
$_POST['dav_name'] = sprintf('/%s/%s/', $principal->username(), $collection_name );
$_POST['parent_container'] = sprintf('/%s/', $principal->username() );
$params[':collection_path'] = $_POST['dav_name'];
$privsql = 'SELECT path_privs( :session_principal, :collection_path, :scan_depth) AS priv';
}
else if ( $id > 0 ) {
$params[':collection_id'] = $id;
$privsql = 'SELECT path_privs( :session_principal, dav_name, :scan_depth) AS priv FROM collection WHERE collection_id = :collection_id';
}
else {
if ( $editor->IsSubmit() && !$is_update && isset($collection_name) && $collection_name == '' ) {
$c->messages[] = i18n('The collection name may not be blank.');
}
}
if ( isset($privsql) ) {
$privqry = new AwlQuery( $privsql, $params );
$privqry->Exec('admin-collection-edit',__LINE__,__FILE__);
$permissions = $privqry->Fetch();
$can_write_collection = ($session->AllowedTo('Admin') || (bindec($permissions->priv) & privilege_to_bits('DAV::bind')) );
if ( ! $c->list_everyone ) {
$can_read_collection = ($session->AllowedTo('Admin') || (bindec($permissions->priv) & privilege_to_bits('DAV::read')) );
if ( ! $can_read_collection ) {
dbg_error_log( 'LOG WARNING', 'Access to id "%s"/"%s" by user "%s" rejected.', $id, $collection_name, $session->username );
header('Location: index.php');
@ob_flush(); exit(0);
}
}
}
// Verify CSRF token
if($_SERVER['REQUEST_METHOD'] === "POST" && !verifyCsrfPost()) {
$c->messages[] = i18n("A valid CSRF token must be provided");
$can_write_collection = false;
}
dbg_error_log('collection-edit', "Can write collection: %s", ($can_write_collection? 'yes' : 'no') );
$pwstars = '@@@@@@@@@@';
if ( $can_write_collection && $editor->IsSubmit() ) {
$editor->WhereNewRecord( "collection_id=(SELECT CURRVAL('dav_id_seq'))" );
if ( $_POST['use_default_privs'] == 'on' ) {
$_POST['default_privileges'] = '';
}
else if ( isset($_POST['default_privileges']) ) {
$privilege_bitpos = array_flip($privilege_names);
$priv_names = array_keys($_POST['default_privileges']);
$privs = privilege_to_bits($priv_names);
$_POST['default_privileges'] = sprintf('%024s',decbin($privs));
$editor->Assign('default_privileges', $privs_dec);
}
$is_update = ( $_POST['_editor_action'][$editor->Id] == 'update' );
if ( $_POST['timezone'] == '' ) unset($_POST['timezone']);
$resourcetypes = '<DAV::collection/>';
if ( isset($_POST['is_calendar']) && $_POST['is_calendar'] == 'on' ) $resourcetypes .= '<urn:ietf:params:xml:ns:caldav:calendar/>';
if ( isset($_POST['is_addressbook']) && $_POST['is_addressbook'] == 'on' ) $resourcetypes .= '<urn:ietf:params:xml:ns:carddav:addressbook/>';
$_POST['resourcetypes'] = $resourcetypes;
if ( $editor->IsCreate() ) {
$c->messages[] = i18n("Creating new Collection.");
}
else {
$c->messages[] = i18n("Updating Collection.");
// We need to know whether to update_instance_ranges, which is an expensive
// operation we should only do if the collection timezone has been updated
$tzqry = new AwlQuery( "SELECT timezone FROM collection WHERE collection_id=:id", [ ":id" => $id ] );
$tzqry->Exec('collection-edit',__LINE__,__FILE__);
$old_tz = $tzqry->Fetch()->timezone;
}
if ( !$editor->Write() ) {
$c->messages[] = i18n("Failed to write collection.");
if ( $id > 0 ) $editor->GetRecord();
}
else if ( isset($_FILES['ics_file']['tmp_name']) && $_FILES['ics_file']['tmp_name'] != '' ) {
/**
* If the user has uploaded a .ics file as a calendar, we fake this out
* as if it were a "PUT" request against a collection. This is something
* of a hack. It works though :-)
*/
$ics = trim(file_get_contents($_FILES['ics_file']['tmp_name']));
dbg_error_log('collection-edit',':Write: Loaded %d bytes from %s', strlen($ics), $_FILES['ics_file']['tmp_name'] );
include_once('check_UTF8.php');
if ( !check_string($ics) ) $ics = force_utf8($ics);
if ( check_string($ics) ) {
$path = $editor->Value('dav_name');
$user_no = $editor->Value('user_no');
$username = $editor->Value('username');
param_to_global('mode');
include_once('caldav-PUT-functions.php');
controlRequestContainer( $username, $user_no, $path, false, ($publicly_readable == 'on' ? true : false));
import_collection( $ics, $user_no, $path, $session->user_no, ($mode == 'on') );
$c->messages[] = sprintf(translate('Calendar "%s" was loaded from file.'), $path);
}
else {
$c->messages[] = i18n('The file is not UTF-8 encoded, please check the error for more details.');
}
}
if ($editor->IsCreate() || $old_tz != $_POST['timezone']) {
dbg_error_log('collection-edit', 'Need to update instance ranges, this will take a while...');
require_once("instance_range.php");
update_instance_ranges($editor->Value('dav_name'));
}
// Uncache anything to do with the collection
$cache = getCacheInstance();
$cache->delete( 'collection-'.$editor->Value('dav_name'), null );
}
else {
if ( $id > 0 ) $editor->GetRecord();
if ( $editor->IsSubmit() ) {
$c->messages[] = i18n('You do not have permission to modify this collection.');
}
}
if ( $editor->Available() ) {
$c->page_title = $editor->Title(translate('Collection').': '.$editor->Value('dav_displayname'));
$entryqry = new AwlQuery( 'SELECT count(*) as count from caldav_data where collection_id='.$editor->Value('collection_id') );
$entryqry->Exec('admin-collection-edit');
$entries = $entryqry->Fetch(); $entries = $entries->count;
$external_bind = "";
if ($can_write_collection) {
$externalqry = new AwlQuery( 'SELECT external_url from dav_binding where bound_source_id=:id limit 1', array(':id' => $editor->Value('collection_id') ) );
$externalqry->Exec('external-bind-url');
$external = $externalqry->Fetch(); $external_url = $external->external_url;
if ( $external_url ) {
$external_bind = "\n<tr> <th class='right'>" . translate('External Url') . "</th> <td class='left'>$external_url</td> </tr>";
}
}
}
else {
$c->page_title = $editor->Title(translate('Create New Collection'));
$privs = decbin(privilege_to_bits($c->default_privileges));
$editor->Assign('default_privileges', $privs);
$editor->Assign('username', $principal->username());
$editor->Assign('user_no', $principal->user_no());
$editor->Assign('is_calendar', 't' );
$editor->Assign('use_default_privs', 't');
$entries = 0;
}
$privilege_xlate = array(
'read' => translate('Read'),
'write-properties' => translate('Write Metadata'),
'write-content' => translate('Write Data'),
'unlock' => translate('Override a Lock'),
'read-acl' => translate('Read Access Controls'),
'read-current-user-privilege-set' => translate('Read Current User\'s Access'),
'bind' => translate('Create Events/Collections'),
'unbind' => translate('Delete Events/Collections'),
'write-acl' => translate('Write Access Controls'),
'read-free-busy' => translate('Read Free/Busy Information'),
'schedule-deliver-invite' => translate('Scheduling: Deliver an Invitation'),
'schedule-deliver-reply' => translate('Scheduling: Deliver a Reply'),
'schedule-query-freebusy' => translate('Scheduling: Query free/busy'),
'schedule-send-invite' => translate('Scheduling: Send an Invitation'),
'schedule-send-reply' => translate('Scheduling: Send a Reply'),
'schedule-send-freebusy' => translate('Scheduling: Send free/busy'),
'write' => translate('Write'),
'schedule-deliver' => translate('Scheduling: Delivery'),
'schedule-send' => translate('Scheduling: Sending')
);
/**
* collection_privilege_format_function is for formatting the binary privileges from the
* database, including localising them. This is a hook function for a browser
* column object, so it takes three parameters:
* @param mixed $value The value of the column.
* @param BrowserColumn $column The BrowserColumn object we are hooked into.
* @param dbrow $row The row object we read from the database.
* @return string The formatted privileges.
*/
function collection_privilege_format_function( $value, $column = NULL, $row = NULL ) {
global $privilege_xlate;
$privs = bits_to_privilege($value, 'calendar');
$formatted = '';
foreach( $privs AS $k => $v ) {
$formatted .= ($formatted == '' ? '' : ', ');
$v = preg_replace( '{^.*:}', '', $v );
$formatted .= (isset($privilege_xlate[$v]) ? $privilege_xlate[$v] : $v );
}
return $formatted;
}
$default_privileges = bindec($editor->Value('default_privileges'));
$privileges_set = '<div id="privileges"><input type="hidden" name="default_privileges[fake_privilege_for_input]" value="0">';
for( $i=0; $i<count($privilege_names); $i++ ) {
$privilege_set = ( (1 << $i) & $default_privileges ? ' CHECKED' : '');
$privileges_set .= '<label class="privilege"><input name="default_privileges['.$privilege_names[$i].']" id="default_privileges_'.$privilege_names[$i].'" type="checkbox"'.$privilege_set.'>'.$privilege_xlate[$privilege_names[$i]].'</label>'."\n";
}
$privileges_set .= '</div>';
$prompt_collection_id = translate('Collection ID');
$value_id = ( $editor->Available() ? '##collection_id.hidden####collection_id.value##' : translate('New Collection'));
$prompt_dav_name = translate('DAV Path');
$value_dav_name = $c->base_url.'/caldav.php'. ( $editor->Available() ? '##dav_name.value##' : '/##user_no.hidden####username.value##/ ##collection_name.input.30##' );
$prompt_load_file = translate('Load From File');
$prompt_displayname = translate('Displayname');
$prompt_entries = translate('Items in Collection');
if ( $entries > 0 && $editor->Value('is_calendar') && isset($c->get_includes_subcollections) && $c->get_includes_subcollections
&& ( bindec($permissions->priv) & privilege_to_bits( array('urn:ietf:params:xml:ns:caldav:read-free-busy','DAV::read')))) {
$entries = '<a href="' . $c->base_url . '/caldav.php' . substr($editor->Value('dav_name'), 0, -1) . '.ics" title="'
. translate('Download entire collection as .ics file') . '">' . $entries . '</a>';
}
$prompt_public = translate('Publicly Readable');
$prompt_calendar = translate('Is a Calendar');
$prompt_addressbook = translate('Is an Addressbook');
$prompt_use_default_privs = translate('Specific Privileges');
$prompt_privileges = translate('Default Privileges');
$prompt_description = translate('Description');
$prompt_schedule_transp = translate('Schedule Transparency');
$prompt_timezone = translate('Calendar Timezone');
$btn_all = htmlspecialchars(translate('All')); $btn_all_title = htmlspecialchars(translate('Toggle all privileges'));
$btn_rw = htmlspecialchars(translate('Read/Write')); $btn_rw_title = htmlspecialchars(translate('Set read+write privileges'));
$btn_read = htmlspecialchars(translate('Read')); $btn_read_title = htmlspecialchars(translate('Set read privileges'));
$btn_fb = htmlspecialchars(translate('Free/Busy')); $btn_fb_title = htmlspecialchars(translate('Set free/busy privileges'));
$btn_sd = htmlspecialchars(translate('Schedule Deliver')); $btn_sd_title = htmlspecialchars(translate('Privileges to allow delivery of scheduling messages'));
$btn_ss = htmlspecialchars(translate('Schedule Send')); $btn_ss_title = htmlspecialchars(translate('Privileges to delegate scheduling decisions'));
if ($can_write_collection || ! $id > 0) {
$privileges_row = <<<EOPRIV
<input type="button" value="$btn_all" class="submit" title="$btn_all_title" onclick="toggle_privileges('default_privileges', 'all', 'form_editor_1');">
<input type="button" value="$btn_rw" class="submit" title="$btn_rw_title"
onclick="toggle_privileges('default_privileges', 'read', 'write-properties', 'write-content', 'bind', 'unbind', 'read-free-busy',
'read-current-user-privilege-set', 'schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy',
'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
<input type="button" value="$btn_read" class="submit" title="$btn_read_title"
onclick="toggle_privileges('default_privileges', 'read', 'read-free-busy', 'schedule-query-freebusy', 'read-current-user-privilege-set' );">
<input type="button" value="$btn_fb" class="submit" title="$btn_fb_title"
onclick="toggle_privileges('default_privileges', 'read-free-busy', 'schedule-query-freebusy' );">
<br>$privileges_set
EOPRIV;
$submit_row = '<tr> <th class="right"></th> <td class="left" colspan="2">##submit##</td> </tr>';
} else {
$privileges_row = collection_privilege_format_function( $editor->Value('default_privileges') );
$privileges_row = '<div id="privileges">' . $privileges_row . '</div>';
$submit_row = '';
}
$csrf_field = getCsrfField();
$id = $editor->Value('collection_id');
$template = <<<EOTEMPLATE
##form##
<script language="javascript">
function toggle_privileges() {
var argv = toggle_privileges.arguments;
var argc = argv.length;
if ( argc < 2 ) {
return;
}
var match_me = argv[0];
var set_to = -1;
if ( argv[1] == 'all' ) {
var form = document.getElementById(argv[2]);
var fieldcount = form.elements.length;
var matching = '/^' + match_me + '/';
for (var i = 0; i < fieldcount; i++) {
var fieldname = form.elements[i].name;
if ( fieldname.match( match_me ) ) {
if ( set_to == -1 ) {
set_to = ( form.elements[i].checked ? 0 : 1 );
}
form.elements[i].checked = set_to;
}
}
}
else {
for (var i = 1; i < argc; i++) {
var f = document.getElementById( match_me + '_' + argv[i]);
if ( set_to == -1 ) {
set_to = ( f.checked ? 0 : 1 );
}
f.checked = set_to;
}
}
}
function toggle_enabled() {
var argv = toggle_enabled.arguments;
var argc = argv.length;
var fld_checkbox = document.getElementById(argv[0]);
if ( argc < 2 ) {
return;
}
for (var i = 1; i < argc; i++) {
var fld_id = argv[i].substr(1);
var fld_logical = argv[i].substr(0,1);
var f = document.getElementById(fld_id);
if ( fld_logical == '=' )
f.disabled = !fld_checkbox.checked;
else
f.disabled = fld_checkbox.checked;
}
}
function toggle_visible() {
var argv = toggle_visible.arguments;
var argc = argv.length;
var fld_checkbox = document.getElementById(argv[0]);
if ( argc < 2 ) {
return;
}
for (var i = 1; i < argc; i++) {
var block_id = argv[i].substr(1);
var block_logical = argv[i].substr(0,1);
var b = document.getElementById(block_id);
if ( block_logical == '!' )
b.style.display = (fld_checkbox.checked ? 'none' : '');
else
b.style.display = (!fld_checkbox.checked ? 'none' : '');
}
}
</script>
<style>
th.right, label.privilege {
white-space:nowrap;
}
label.privilege {
margin:0.2em 1em 0.2em 0.1em;
padding:0 0.2em;
line-height:1.6em;
font-size: 87%;
}
</style>
<table>
<tr> <th class="right">$prompt_collection_id:</th> <td class="left">$value_id</td> </tr>
<tr> <th class="right">$prompt_dav_name:</th> <td class="left">$value_dav_name</td> </tr>$external_bind
<tr> <th class="right">$prompt_entries:</th> <td class="left">$entries</td> </tr>
<tr> <th class="right">$prompt_load_file:</th> <td class="left">##ics_file.file.60## ##mode.checkbox##
</td> </tr>
<tr> <th class="right">$prompt_displayname:</th> <td class="left">##dav_displayname.input.50##</td> </tr>
<tr> <th class="right">$prompt_public:</th> <td class="left">##publicly_readable.checkbox##</td> </tr>
<tr> <th class="right">$prompt_calendar:</th> <td class="left">##is_calendar.checkbox##</td> </tr>
<tr> <th class="right">$prompt_addressbook:</th> <td class="left">##is_addressbook.checkbox##</td> </tr>
<tr> <th class="right">$prompt_privileges:</th><td class="left">##use_default_privs.checkbox## &nbsp; &nbsp; &nbsp;
<div id="privileges_settings">
$privileges_row
</div></td> </tr>
<tr> <th class="right">$prompt_timezone:</th> <td class="left">##timezone.select##</td> </tr>
<tr> <th class="right">$prompt_schedule_transp:</th> <td class="left">##schedule_transp.select##</td> </tr>
<tr> <th class="right">$prompt_description:</th> <td class="left">##description.textarea.78x6##</td> </tr>
$submit_row
</table>
$csrf_field
</form>
<script language="javascript">
toggle_enabled('fld_is_calendar','=fld_timezone','=fld_schedule_transp','!fld_is_addressbook');
toggle_enabled('fld_is_addressbook','!fld_is_calendar');
toggle_visible('fld_use_default_privs','!privileges_settings');
</script>
EOTEMPLATE;
$editor->SetTemplate( $template );
$page_elements[] = $editor;
if ( $editor->Available() ) {
$c->stylesheets[] = 'css/browse.css';
$c->scripts[] = 'js/browse.js';
$grantrow = new Editor("Grants", "grants");
$grantrow->SetSubmitName( 'savegrantrow' );
$limit_grantrow = '';
if ( ! $c->list_everyone ) {
if ( ! $session->AllowedTo( "Admin" ) ) {
$limit_grantrow = 'AND (principal_id = \''.$session->principal_id.'\' or principal_id in (select member_id from group_member where group_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\')) or principal_id in (select group_id from group_member where member_id = \''.$session->principal_id.'\'))';
}
}
$grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.') '.$limit_grantrow.' ORDER BY displayname' );
if ( $can_write_collection ) {
if ( $grantrow->IsSubmit() ) {
$_POST['by_collection'] = $id;
$to_principal = intval($_POST['to_principal']);
$orig_to_id = intval($_POST['orig_to_id']);
$grantrow->SetWhere( "by_collection=".$id." AND to_principal=$orig_to_id");
if ( isset($_POST['grant_privileges']) ) {
$privilege_bitpos = array_flip($privilege_names);
$priv_names = array_keys($_POST['grant_privileges']);
$privs = privilege_to_bits($priv_names);
$_POST['privileges'] = sprintf('%024s',decbin($privs));
$grantrow->Assign('privileges', $privs_dec);
}
$grantrow->Write( );
unset($_GET['to_principal']);
}
elseif ( isset($_GET['delete_grant']) ) {
$qry = new AwlQuery("DELETE FROM grants WHERE by_collection=:grantor_id AND to_principal = :to_principal",
array( ':grantor_id' => $id, ':to_principal' => intval($_GET['delete_grant']) ));
$qry->Exec('collection-edit');
}
}
function edit_grant_row_collection( $row_data ) {
global $grantrow, $id, $privilege_xlate, $privilege_names;
global $btn_all, $btn_all_title, $btn_rw, $btn_rw_title, $btn_read, $btn_read_title;
global $btn_fb, $btn_fb_title, $btn_sd, $btn_sd_title, $btn_ss, $btn_ss_title;
$submit_label = translate('Grant');
if ( $row_data->to_principal > -1 ) {
$grantrow->SetRecord( $row_data );
$submit_label = translate('Apply Changes');
}
$grant_privileges = bindec($grantrow->Value('grant_privileges'));
$privileges_set = '<div id="privileges">';
for( $i=0; $i < count($privilege_names); $i++ ) {
$privilege_set = ( (1 << $i) & $grant_privileges ? ' CHECKED' : '');
$privileges_set .= '<label class="privilege"><input name="grant_privileges['.$privilege_names[$i].']" id="grant_privileges_'.$privilege_names[$i].'" type="checkbox"'.$privilege_set.'>'.$privilege_xlate[$privilege_names[$i]].'</label>'."\n";
}
$privileges_set .= '</div>';
$orig_to_id = $row_data->to_principal;
$form_id = $grantrow->Id();
$form_url = preg_replace( '#&(edit|delete)_grant=\d+#', '', $_SERVER['REQUEST_URI'] );
$csrf_field = getCsrfField();
$template = <<<EOTEMPLATE
<form method="POST" enctype="multipart/form-data" id="form_$form_id" action="$form_url">
$csrf_field
<td class="left" colspan="2"><input type="hidden" name="id" value="$id"><input type="hidden" name="orig_to_id" value="$orig_to_id">##to_principal.select##</td>
<td class="left" colspan="2">
<input type="button" value="$btn_all" class="submit" title="$btn_all_title" onclick="toggle_privileges('grant_privileges', 'all', 'form_$form_id');">
<input type="button" value="$btn_rw" class="submit" title="$btn_rw_title"
onclick="toggle_privileges('grant_privileges', 'read', 'write-properties', 'write-content', 'bind', 'unbind', 'read-free-busy',
'read-current-user-privilege-set', 'schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy',
'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
<input type="button" value="$btn_read" class="submit" title="$btn_read_title"
onclick="toggle_privileges('grant_privileges', 'read', 'read-free-busy', 'schedule-query-freebusy', 'read-current-user-privilege-set' );">
<input type="button" value="$btn_fb" class="submit" title="$btn_fb_title"
onclick="toggle_privileges('grant_privileges', 'read-free-busy', 'schedule-query-freebusy' );">
<br>$privileges_set
<td class="center">##$submit_label.submit##</td>
</form>
EOTEMPLATE;
$grantrow->SetTemplate( $template );
$grantrow->Title("");
return $grantrow->Render();
}
$browser = new Browser(translate('Collection Grants'));
$browser->AddColumn( 'to_principal', translate('To ID'), 'right', '##principal_link##' );
$rowurl = $c->base_url . '/admin.php?action=edit&t=principal&id=';
$browser->AddHidden( 'principal_link', "'<a href=\"$rowurl' || to_principal || '\">' || to_principal || '</a>'" );
$browser->AddHidden( 'grant_privileges', 'privileges' );
$browser->AddColumn( 'displayname', translate('Display Name') );
$browser->AddColumn( 'privs', translate('Privileges'), '', '', 'privileges', '', '', 'collection_privilege_format_function' );
$browser->AddColumn( 'members', translate('Has Members'), '', '', 'has_members_list(principal_id)' );
if ( $can_write_collection ) {
$del_link = '<a href="'.$c->base_url.'/admin.php?action=edit&t=collection&id='.$id.'&delete_grant=##to_principal##" class="submit" title="">'.translate('Revoke').'</a>';
$edit_link = '<a href="'.$c->base_url.'/admin.php?action=edit&t=collection&id='.$id.'&edit_grant=##to_principal##" class="submit" title="">'.translate('Edit').'</a>';
$browser->AddColumn( 'action', translate('Action'), 'center', '', "'$edit_link&nbsp;$del_link'" );
}
$browser->SetOrdering( 'displayname', 'A' );
$browser->SetJoins( 'grants LEFT JOIN dav_principal ON (to_principal = principal_id) ' );
$browser->SetWhere( 'by_collection = '.$id );
if ( $c->enable_row_linking ) {
$browser->RowFormat( '<tr onMouseover="LinkHref(this,1);" title="'.translate('Click to edit principal details').'" class="r%d">', '</tr>', '#even' );
}
else {
$browser->RowFormat( '<tr class="r%d">', '</tr>', '#even' );
}
$browser->DoQuery();
$page_elements[] = $browser;
if ( $can_write_collection ) {
if ( isset($_GET['edit_grant']) ) {
$browser->MatchedRow('to_principal', $_GET['edit_grant'], 'edit_grant_row_collection');
}
else {
$browser->ExtraRowFormat( '<tr class="r%d">', '</tr>', '#even' );
$extra_row = array( 'to_principal' => -1 );
$browser->MatchedRow('to_principal', -1, 'edit_grant_row_collection');
$extra_row = (object) $extra_row;
$browser->AddRow($extra_row);
}
}
$browser = new Browser(translate('Access Tickets'));
$browser->AddHidden( 'dav_owner_id' );
if ($can_write_collection) {
$browser->AddColumn( 'ticket_id', translate('Ticket ID'), '', '' );
}
$browser->AddColumn( 'target', translate('Target'), '', '<td style="white-space:nowrap;">%s</td>', "'".$c->base_url.'/caldav.php'."' ||COALESCE(d.dav_name,c.dav_name)" );
$browser->AddColumn( 'expiry', translate('Expires'), '', '', 'TO_CHAR(expires,\'YYYYMMDD"T"HH:MI:SS\')');
$browser->AddColumn( 'privs', translate('Privileges'), '', '', "privileges_list(privileges)" );
if ($can_write_collection) {
$delurl = $c->base_url . '/admin.php?action=edit&t=principal&id=##dav_owner_id##&ticket_id=##URL:ticket_id##&subaction=delete_ticket';
$browser->AddColumn( 'delete', translate('Action'), 'center', '', "'<a class=\"submit\" href=\"$delurl\">".translate('Delete')."</a>'" );
}
$browser->SetOrdering( 'target', 'A' );
$browser->SetJoins( 'access_ticket t LEFT JOIN collection c ON (target_collection_id=collection_id) LEFT JOIN caldav_data d ON (target_resource_id=dav_id)' );
$browser->SetWhere( 'target_collection_id = '.intval($editor->Value('collection_id')) );
$browser->RowFormat( '<tr class="r%d">', '</tr>', '#even' );
$browser->DoQuery();
$page_elements[] = $browser;
/**
bind_id | bigint | not null default nextval('dav_id_seq'::regclass)
bound_source_id | bigint |
access_ticket_id | text |
dav_owner_id | bigint | not null
parent_container | text | not null
dav_name | text | not null
dav_displayname | text |
*/
$browser = new Browser(translate('Bindings to this Collection'));
$browser->AddColumn( 'bind_id', translate('ID'), '', '' );
$browser->AddHidden( 'b.dav_owner_id' );
$browser->AddColumn( 'bound_as', translate('Bound As'), '', '<td style="white-space:nowrap;">%s</td>', 'b.dav_name' );
$browser->AddColumn( 'access_ticket_id', translate('Ticket ID'), '', '' );
$browser->AddColumn( 'privs', translate('Privileges'), '', '', "privileges_list(privileges)" );
if ( $session->AllowedTo('Admin') ) {
$delurl = $c->base_url . '/admin.php?action=edit&t=principal&id=##dav_owner_id##&bind_id=##URL:bind_id##&subaction=delete_binding';
$browser->AddColumn( 'delete', translate('Action'), 'center', '', "'<a class=\"submit\" href=\"$delurl\">".translate('Delete')."</a>'" );
}
$browser->SetOrdering( 'target', 'A' );
$browser->SetJoins( 'dav_binding b LEFT JOIN collection c ON (bound_source_id=collection_id) LEFT JOIN access_ticket t ON (ticket_id=access_ticket_id)' );
$browser->SetWhere( 'bound_source_id = '.intval($editor->Value('collection_id')) );
$browser->RowFormat( '<tr class="r%d">', '</tr>', '#even' );
$browser->DoQuery();
$page_elements[] = $browser;
}
Reference in New Issue View Git Blame Copy Permalink