Permission checking for shared addressbooks/contacts.
This commit is contained in:
Thomas Tanghus
parent
f568ba9c8c
commit
2cffcfbc03
|
|
@ -154,8 +154,10 @@ foreach ($parameters as $key=>$element) {
|
|||
}
|
||||
$checksum = md5($vcard->children[$line]->serialize());
|
||||
|
||||
if(!OC_Contacts_VCard::edit($id, $vcard)) {
|
||||
bailOut($l10n->t('Error adding contact property: '.$name));
|
||||
try {
|
||||
OC_Contacts_VCard::edit($id, $vcard);
|
||||
} catch(Exception $e) {
|
||||
bailOut($e->getMessage());
|
||||
}
|
||||
|
||||
OCP\JSON::success(array(
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
*
|
||||
* @author Jakob Sack
|
||||
* @copyright 2011 Jakob Sack mail@jakobsack.de
|
||||
* @copyright 2012 Thomas Tanghus (thomas@tanghus.net)
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
|
||||
|
|
@ -30,7 +31,14 @@ $id = isset($_POST['id'])?$_POST['id']:null;
|
|||
if(!$id) {
|
||||
bailOut(OC_Contacts_App::$l10n->t('id is not set.'));
|
||||
}
|
||||
$card = OC_Contacts_App::getContactObject( $id );
|
||||
|
||||
OC_Contacts_VCard::delete($id);
|
||||
try {
|
||||
OC_Contacts_VCard::delete($id);
|
||||
} catch(Exception $e) {
|
||||
$msg = $e->getMessage();
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', exception: '.$msg,
|
||||
OCP\Util::DEBUG);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', id'.$id, OCP\Util::DEBUG);
|
||||
bailOut($msg);
|
||||
}
|
||||
OCP\JSON::success(array('data' => array( 'id' => $id )));
|
||||
|
|
|
|||
|
|
@ -40,8 +40,10 @@ if(is_null($line)) {
|
|||
|
||||
unset($vcard->children[$line]);
|
||||
|
||||
if(!OC_Contacts_VCard::edit($id, $vcard)) {
|
||||
bailOut($l10n->t('Error deleting contact property.'));
|
||||
try {
|
||||
OC_Contacts_VCard::edit($id, $vcard);
|
||||
} catch(Exception $e) {
|
||||
bailOut($e->getMessage());
|
||||
}
|
||||
|
||||
OCP\JSON::success(array(
|
||||
|
|
|
|||
|
|
@ -41,6 +41,10 @@ foreach($active_addressbooks as $addressbook) {
|
|||
= array('contacts' => array('type' => 'book',));
|
||||
$contacts_addressbook[$addressbook['id']]['displayname']
|
||||
= $addressbook['displayname'];
|
||||
$contacts_addressbook[$addressbook['id']]['permissions']
|
||||
= isset($addressbook['permissions'])
|
||||
? $addressbook['permissions']
|
||||
: '0';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -75,10 +79,14 @@ if($contacts_alphabet) {
|
|||
}
|
||||
}
|
||||
$contacts_addressbook[$contact['addressbookid']]['contacts'][] = array(
|
||||
'type' => 'contact',
|
||||
'id' => $contact['id'],
|
||||
'addressbookid' => $contact['addressbookid'],
|
||||
'displayname' => htmlspecialchars($display)
|
||||
'type' => 'contact',
|
||||
'id' => $contact['id'],
|
||||
'addressbookid' => $contact['addressbookid'],
|
||||
'displayname' => htmlspecialchars($display),
|
||||
'permissions' =>
|
||||
isset($contacts_addressbook[$contact['addressbookid']]['permissions'])
|
||||
? $contacts_addressbook[$contact['addressbookid']]['permissions']
|
||||
: '0',
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -162,9 +162,10 @@ if(!$value) {
|
|||
}
|
||||
//debug('New checksum: '.$checksum);
|
||||
|
||||
if(!OC_Contacts_VCard::edit($id, $vcard)) {
|
||||
bailOut(OC_Contacts_App::$l10n->t('Error updating contact property.'));
|
||||
exit();
|
||||
try {
|
||||
OC_Contacts_VCard::edit($id, $vcard);
|
||||
} catch(Exception $e) {
|
||||
bailOut($e->getMessage());
|
||||
}
|
||||
|
||||
OCP\JSON::success(array('data' => array(
|
||||
|
|
|
|||
|
|
@ -398,12 +398,32 @@ OC.Contacts={
|
|||
localLoadContact(newid, bookid);
|
||||
}
|
||||
},
|
||||
setEnabled:function(enabled) {
|
||||
console.log('setEnabled', enabled);
|
||||
$('.contacts_property,.action').each(function () {
|
||||
$(this).prop('disabled', !enabled);
|
||||
OC.Contacts.Card.enabled = enabled;
|
||||
});
|
||||
},
|
||||
doExport:function() {
|
||||
document.location.href = OC.linkTo('contacts', 'export.php') + '?contactid=' + this.id;
|
||||
},
|
||||
editNew:function(){ // add a new contact
|
||||
this.id = ''; this.fn = ''; this.fullname = ''; this.givname = ''; this.famname = ''; this.addname = ''; this.honpre = ''; this.honsuf = '';
|
||||
OC.Contacts.Card.add(';;;;;', '', '', true);
|
||||
var book = $('#contacts h3.active');
|
||||
var permissions = parseInt(book.data('permissions'));
|
||||
if(permissions == 0
|
||||
|| permissions & OC.Share.PERMISSION_UPDATE
|
||||
|| permissions & OC.Share.PERMISSION_DELETE) {
|
||||
with(this) {
|
||||
delete id; delete fn; delete fullname; delete givname; delete famname;
|
||||
delete addname; delete honpre; delete honsuf;
|
||||
}
|
||||
this.bookid = book.data('id');
|
||||
OC.Contacts.Card.add(';;;;;', '', '', true);
|
||||
} else {
|
||||
OC.dialogs.alert(t('contacts', 'You do not have permission to add contacts to ')
|
||||
+ book.text() + '. ' + t('contacts', 'Please select one of your own address books.'), t('contacts', 'Permission error'));
|
||||
}
|
||||
return false;
|
||||
},
|
||||
add:function(n, fn, aid, isnew){ // add a new contact
|
||||
|
|
@ -497,11 +517,16 @@ OC.Contacts={
|
|||
OC.Contacts.notify({
|
||||
data:curlistitem,
|
||||
message:t('contacts','Click to undo deletion of "') + curlistitem.find('a').text() + '"',
|
||||
timeout:5,
|
||||
//timeout:5,
|
||||
timeouthandler:function(contact) {
|
||||
console.log('timeout');
|
||||
OC.Contacts.Card.doDelete(contact.data('id'), true);
|
||||
delete contact;
|
||||
OC.Contacts.Card.doDelete(contact.data('id'), true, function(res) {
|
||||
if(!res) {
|
||||
OC.Contacts.Contacts.insertContact({contact:contact});
|
||||
} else {
|
||||
delete contact;
|
||||
}
|
||||
});
|
||||
},
|
||||
clickhandler:function(contact) {
|
||||
OC.Contacts.Contacts.insertContact({contact:contact});
|
||||
|
|
@ -510,7 +535,7 @@ OC.Contacts={
|
|||
}
|
||||
});
|
||||
},
|
||||
doDelete:function(id, removeFromQueue) {
|
||||
doDelete:function(id, removeFromQueue, cb) {
|
||||
var updateQueue = function(id, remove) {
|
||||
if(removeFromQueue) {
|
||||
OC.Contacts.Contacts.deletionQueue.splice(OC.Contacts.Contacts.deletionQueue.indexOf(parseInt(id)), 1);
|
||||
|
|
@ -523,14 +548,23 @@ OC.Contacts={
|
|||
if(OC.Contacts.Contacts.deletionQueue.indexOf(parseInt(id)) == -1 && removeFromQueue) {
|
||||
console.log('returning');
|
||||
updateQueue(id, removeFromQueue);
|
||||
if(typeof cb == 'function') {
|
||||
cb(true);
|
||||
}
|
||||
return;
|
||||
}
|
||||
$.post(OC.filePath('contacts', 'ajax', 'contact/delete.php'),{'id':id},function(jsondata) {
|
||||
$.post(OC.filePath('contacts', 'ajax', 'contact/delete.php'), {'id':id},function(jsondata) {
|
||||
if(jsondata.status == 'error'){
|
||||
OC.dialogs.alert(jsondata.data.message, t('contacts', 'Error'));
|
||||
OC.Contacts.notify({message:jsondata.data.message});
|
||||
if(typeof cb == 'function') {
|
||||
cb(false);
|
||||
}
|
||||
}
|
||||
updateQueue(id, removeFromQueue);
|
||||
});
|
||||
if(typeof cb == 'function') {
|
||||
cb(true);
|
||||
}
|
||||
},
|
||||
loadContact:function(jsondata, bookid){
|
||||
this.data = jsondata;
|
||||
|
|
@ -563,6 +597,11 @@ OC.Contacts={
|
|||
$('#contact_note').hide();
|
||||
$('#contacts_propertymenu_dropdown a[data-type="NOTE"]').parent().show();
|
||||
}
|
||||
var permissions = OC.Contacts.Card.permissions = parseInt($('#contacts ul[data-id="' + bookid + '"]').data('permissions'));
|
||||
console.log('permissions', permissions);
|
||||
this.setEnabled(permissions == 0
|
||||
|| permissions & OC.Share.PERMISSION_UPDATE
|
||||
|| permissions & OC.Share.PERMISSION_DELETE);
|
||||
},
|
||||
loadSingleProperties:function() {
|
||||
var props = ['BDAY', 'NICKNAME', 'ORG', 'URL', 'CATEGORIES'];
|
||||
|
|
@ -757,6 +796,13 @@ OC.Contacts={
|
|||
console.log('Saving: ' + q);
|
||||
$(obj).attr('disabled', 'disabled');
|
||||
$.post(OC.filePath('contacts', 'ajax', 'contact/saveproperty.php'),q,function(jsondata){
|
||||
if(!jsondata) {
|
||||
OC.dialogs.alert(t('contacts', 'Unknown error. Please check logs.'), t('contacts', 'Error'));
|
||||
OC.Contacts.loading(obj, false);
|
||||
$(obj).removeAttr('disabled');
|
||||
OC.Contacts.Card.update({cid:OC.Contacts.Card.id});
|
||||
return false;
|
||||
}
|
||||
if(jsondata.status == 'success'){
|
||||
container.data('checksum', jsondata.data.checksum);
|
||||
OC.Contacts.Card.savePropertyInternal(name, fields, checksum, jsondata.data.checksum);
|
||||
|
|
@ -768,6 +814,7 @@ OC.Contacts={
|
|||
OC.dialogs.alert(jsondata.data.message, t('contacts', 'Error'));
|
||||
OC.Contacts.loading(obj, false);
|
||||
$(obj).removeAttr('disabled');
|
||||
OC.Contacts.Card.update({cid:OC.Contacts.Card.id});
|
||||
return false;
|
||||
}
|
||||
},'json');
|
||||
|
|
@ -787,12 +834,16 @@ OC.Contacts={
|
|||
OC.dialogs.alert(jsondata.data.message, t('contacts', 'Error'));
|
||||
OC.Contacts.loading(obj, false);
|
||||
$(obj).removeAttr('disabled');
|
||||
OC.Contacts.Card.update({cid:OC.Contacts.Card.id});
|
||||
return false;
|
||||
}
|
||||
},'json');
|
||||
}
|
||||
},
|
||||
addProperty:function(type) {
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
switch (type) {
|
||||
case 'NOTE':
|
||||
$('#contacts_propertymenu_dropdown a[data-type="'+type+'"]').parent().hide();
|
||||
|
|
@ -836,6 +887,9 @@ OC.Contacts={
|
|||
},
|
||||
deleteProperty:function(obj, type) {
|
||||
console.log('deleteProperty');
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
OC.Contacts.loading(obj, true);
|
||||
var checksum = OC.Contacts.checksumFor(obj);
|
||||
if(checksum) {
|
||||
|
|
@ -887,6 +941,9 @@ OC.Contacts={
|
|||
}
|
||||
},
|
||||
editName:function() {
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
var params = {id: this.id};
|
||||
/* Initialize the name edit dialog */
|
||||
if($('#edit_name_dialog').dialog('isOpen') == true) {
|
||||
|
|
@ -922,6 +979,9 @@ OC.Contacts={
|
|||
}
|
||||
},
|
||||
saveName:function(dlg) {
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
//console.log('saveName, id: ' + this.id);
|
||||
var n = new Array($(dlg).find('#fam').val().strip_tags(),$(dlg).find('#giv').val().strip_tags(),$(dlg).find('#add').val().strip_tags(),$(dlg).find('#pre').val().strip_tags(),$(dlg).find('#suf').val().strip_tags());
|
||||
this.famname = n[0];
|
||||
|
|
@ -1010,6 +1070,9 @@ OC.Contacts={
|
|||
return false;
|
||||
},
|
||||
editAddress:function(obj, isnew){
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
var container = undefined;
|
||||
var params = {id: this.id};
|
||||
if(obj === 'new') {
|
||||
|
|
@ -1135,6 +1198,9 @@ OC.Contacts={
|
|||
}
|
||||
},
|
||||
saveAddress:function(dlg, obj, isnew){
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
if(isnew) {
|
||||
container = $('#addresses dl').last();
|
||||
obj = container.find('input').first();
|
||||
|
|
@ -1177,6 +1243,9 @@ OC.Contacts={
|
|||
container.find('.addresslist').html(adrtxt);
|
||||
},
|
||||
uploadPhoto:function(filelist) {
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
if(!filelist) {
|
||||
OC.dialogs.alert(t('contacts','No files selected for upload.'), t('contacts', 'Error'));
|
||||
return;
|
||||
|
|
@ -1255,6 +1324,9 @@ OC.Contacts={
|
|||
this.loadPhotoHandlers()
|
||||
},
|
||||
editCurrentPhoto:function(){
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
$.getJSON(OC.filePath('contacts', 'ajax', 'currentphoto.php'),{'id':this.id},function(jsondata){
|
||||
if(jsondata.status == 'success'){
|
||||
//alert(jsondata.data.page);
|
||||
|
|
@ -1268,6 +1340,9 @@ OC.Contacts={
|
|||
});
|
||||
},
|
||||
editPhoto:function(id, tmpkey){
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
//alert('editPhoto: ' + tmpkey);
|
||||
$.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id, 'requesttoken':requesttoken},function(jsondata){
|
||||
if(jsondata.status == 'success'){
|
||||
|
|
@ -1284,7 +1359,10 @@ OC.Contacts={
|
|||
$('#edit_photo_dialog').dialog('open');
|
||||
}
|
||||
},
|
||||
savePhoto:function(){
|
||||
savePhoto:function() {
|
||||
if(!this.enabled) {
|
||||
return;
|
||||
}
|
||||
var target = $('#crop_target');
|
||||
var form = $('#cropform');
|
||||
var wrapper = $('#contacts_details_photo_wrapper');
|
||||
|
|
@ -1719,11 +1797,15 @@ OC.Contacts={
|
|||
firstrun = true;
|
||||
if($('#contacts h3').length == 0) {
|
||||
$('#contacts').html('<h3 class="addressbook" contextmenu="addressbookmenu" data-id="'
|
||||
+ b+'">'+book.displayname+'</h3><ul class="contacts hidden" data-id="'+b+'"></ul>');
|
||||
+ b + '" data-permissions="' + book.permissions + '">' + book.displayname
|
||||
+ '</h3><ul class="contacts hidden" data-id="'+b+'" data-permissions="'
|
||||
+ book.permissions + '"></ul>');
|
||||
} else {
|
||||
if(!$('#contacts h3[data-id="'+b+'"]').length) {
|
||||
var item = $('<h3 class="addressbook" contextmenu="addressbookmenu" data-id="'+b+'">'
|
||||
+ book.displayname+'</h3><ul class="contacts hidden" data-id="'+b+'"></ul>')
|
||||
if(!$('#contacts h3[data-id="' + b + '"]').length) {
|
||||
var item = $('<h3 class="addressbook" contextmenu="addressbookmenu" data-id="'
|
||||
+ b + '" data-permissions="' + book.permissions + '">'
|
||||
+ book.displayname+'</h3><ul class="contacts hidden" data-id="' + b
|
||||
+ '" data-permissions="' + book.permissions + '"></ul>');
|
||||
var added = false;
|
||||
$('#contacts h3').each(function(){
|
||||
if ($(this).text().toLowerCase() > book.displayname.toLowerCase()) {
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@ class OC_Share_Backend_Addressbook implements OCP\Share_Backend_Collection {
|
|||
$addressbook = OC_Contacts_Addressbook::find($item['item_source']);
|
||||
if ($addressbook) {
|
||||
$addressbook['displayname'] = $item['item_target'];
|
||||
$addressbook['permissions'] = $item['permissions'];
|
||||
$addressbooks[] = $addressbook;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -405,7 +405,7 @@ class OC_Contacts_VCard{
|
|||
if ($addressbook['userid'] != OCP\User::getUser()) {
|
||||
$sharedContact = OCP\Share::getItemSharedWithBySource('contact', $id, OCP\Share::FORMAT_NONE, null, true);
|
||||
if (!$sharedContact || !($sharedContact['permissions'] & OCP\Share::PERMISSION_UPDATE)) {
|
||||
return false;
|
||||
throw new Exception(OC_Contacts_App::$l10n->t('You do not have the permissions to edit this contact.'));
|
||||
}
|
||||
}
|
||||
OC_Contacts_App::loadCategoriesFromVCard($card);
|
||||
|
|
@ -423,7 +423,8 @@ class OC_Contacts_VCard{
|
|||
try {
|
||||
$result = $stmt->execute(array($fn,$data,time(),$id));
|
||||
} catch(Exception $e) {
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', exception: '.$e->getMessage(), OCP\Util::ERROR);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', exception: '
|
||||
. $e->getMessage(), OCP\Util::ERROR);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', id'.$id, OCP\Util::DEBUG);
|
||||
return false;
|
||||
}
|
||||
|
|
@ -444,10 +445,21 @@ class OC_Contacts_VCard{
|
|||
$oldcard = self::findWhereDAVDataIs($aid, $uri);
|
||||
$card = OC_VObject::parse($data);
|
||||
if(!$card) {
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', Unable to parse VCARD, uri: '.$uri, OCP\Util::ERROR);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.
|
||||
', Unable to parse VCARD, uri: '.$uri, OCP\Util::ERROR);
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
self::edit($oldcard['id'], $card);
|
||||
return true;
|
||||
} catch(Exception $e) {
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', exception: '
|
||||
. $e->getMessage() . ', '
|
||||
. OCP\USER::getUser(), OCP\Util::ERROR);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', uri'
|
||||
. $uri, OCP\Util::DEBUG);
|
||||
return false;
|
||||
}
|
||||
return self::edit($oldcard['id'], $card);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -462,18 +474,28 @@ class OC_Contacts_VCard{
|
|||
}
|
||||
$addressbook = OC_Contacts_Addressbook::find($card['addressbookid']);
|
||||
if ($addressbook['userid'] != OCP\User::getUser()) {
|
||||
$sharedContact = OCP\Share::getItemSharedWithBySource('contact', $id, OCP\Share::FORMAT_NONE, null, true);
|
||||
if (!$sharedContact || !($sharedContact['permissions'] & OCP\Share::PERMISSION_DELETE)) {
|
||||
return false;
|
||||
$sharedContact = OCP\Share::getItemSharedWithBySource('contact',
|
||||
$id, OCP\Share::FORMAT_NONE, null, true);
|
||||
if (!$sharedContact
|
||||
|| !($sharedContact['permissions'] & OCP\Share::PERMISSION_DELETE)) {
|
||||
throw new Exception(
|
||||
OC_Contacts_App::$l10n->t(
|
||||
'You do not have the permissions to delete this contact.'
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
OC_Hook::emit('OC_Contacts_VCard', 'pre_deleteVCard', array('aid' => null, 'id' => $id, 'uri' => null));
|
||||
$stmt = OCP\DB::prepare( 'DELETE FROM *PREFIX*contacts_cards WHERE id = ?' );
|
||||
OC_Hook::emit('OC_Contacts_VCard', 'pre_deleteVCard',
|
||||
array('aid' => null, 'id' => $id, 'uri' => null)
|
||||
);
|
||||
$stmt = OCP\DB::prepare('DELETE FROM *PREFIX*contacts_cards WHERE id = ?');
|
||||
try {
|
||||
$stmt->execute(array($id));
|
||||
} catch(Exception $e) {
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', exception: '.$e->getMessage(), OCP\Util::ERROR);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', id: '.$id, OCP\Util::DEBUG);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.
|
||||
', exception: ' . $e->getMessage(), OCP\Util::ERROR);
|
||||
OCP\Util::writeLog('contacts', __METHOD__.', id: '
|
||||
. $id, OCP\Util::DEBUG);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue