3 commits - lib/api lib/client lib/kolab_client_task.php lib/locale

Aleksander Machniak machniak at kolabsys.com
Wed Sep 19 14:18:11 CEST 2012


 lib/api/kolab_api_service_role.php        |    2 +
 lib/client/kolab_client_task_about.php    |    6 +--
 lib/client/kolab_client_task_main.php     |   16 ++++-----
 lib/client/kolab_client_task_settings.php |   53 ++++++++++++++++++++++++------
 lib/kolab_client_task.php                 |   41 ++++++++++++++++++-----
 lib/locale/en.php                         |    9 ++---
 lib/locale/en_US.php                      |    9 ++---
 7 files changed, 99 insertions(+), 37 deletions(-)

New commits:
commit 5f8b26ed45b08386c56d93c743bba9dc362309ec
Author: Aleksander Machniak <alec at alec.pl>
Date:   Wed Sep 19 14:17:28 2012 +0200

    Improved detection of task availability according to capabilities
    Some code improvements

diff --git a/lib/client/kolab_client_task_main.php b/lib/client/kolab_client_task_main.php
index 7a7a1f0..8c50b10 100644
--- a/lib/client/kolab_client_task_main.php
+++ b/lib/client/kolab_client_task_main.php
@@ -30,8 +30,8 @@ class kolab_client_task_main extends kolab_client_task
         'domain'    => 'domains',
         'role'      => 'roles',
         'resource'  => 'resources',
-        'settings'  => '',
-        'about'     => '',
+        'settings'  => 'settings',
+        'about'     => 'about',
     );
 
 
@@ -60,15 +60,15 @@ class kolab_client_task_main extends kolab_client_task
             'search', 'search.loading', 'search.acchars');
 
         // Create list of tasks for dashboard
-        // @TODO: check capabilities
         $capabilities = $this->capabilities();
-
-        $this->menu = array();
+        $this->menu   = array();
 
         foreach ($this->_menu as $task => $api_task) {
-            if ($api_task && !array_key_exists($api_task . '.list', $capabilities['actions'])) {
-                //console("Skipping menu item $task for $api_task");
-                continue;
+            if ($task != 'about' && !array_key_exists($api_task . '.list', $capabilities['actions'])) {
+                $task_class = 'kolab_client_task_' . $task;
+                if (!method_exists($task_class, 'is_enabled') || !$task_class::is_enabled($capabilities['actions'])) {
+                    continue;
+                }
             }
 
             $this->menu[$task . '.default'] = 'menu.' . ($api_task ? $api_task : $task);
diff --git a/lib/client/kolab_client_task_settings.php b/lib/client/kolab_client_task_settings.php
index 03e0a34..8eb5caa 100644
--- a/lib/client/kolab_client_task_settings.php
+++ b/lib/client/kolab_client_task_settings.php
@@ -27,8 +27,8 @@ class kolab_client_task_settings extends kolab_client_task
     protected $ajax_only = true;
 
     protected $menu = array(
-//        'user.info'  => 'settings.info',
-        'type_list'  => 'type.list',
+        'type_list'  => 'types.list',
+        'type_add'   => 'type.add',
     );
 
     /**
@@ -39,8 +39,8 @@ class kolab_client_task_settings extends kolab_client_task
         $this->output->set_object('task_navigation', $this->menu());
 //        $this->output->set_object('content', 'settings', true);
 
-        $caps = $this->get_capability('actions');
-        if (!empty($caps['user.edit']) || !empty($caps['user.info'])) {
+        $caps_actions = $this->get_capability('actions');
+        if (self::can_edit_self($caps_actions)) {
             $this->action_info();
         }
         else {
@@ -49,6 +49,45 @@ class kolab_client_task_settings extends kolab_client_task
     }
 
     /**
+     * Checks if it's possible to edit data of current user
+     */
+    public static function can_edit_self($caps_actions)
+    {
+        // Disable user form for directory manager (see #1025)
+        if (preg_match('/^cn=([a-z ]+)/i', $_SESSION['user']['id'])) {
+            return false;
+        }
+
+        if (empty($caps_actions['user.info'])) {
+            return false;
+        }
+
+        // If we can do user.info, we can at least display
+        // the form, effective rights will be checked later
+        // there's a very small chance that user cannot view his data
+        return true;
+    }
+
+    /**
+     * Check if any of task actions is accessible for current user
+     *
+     * @return bool
+     */
+    public static function is_enabled($caps_actions)
+    {
+        // User form
+        if (self::can_edit_self($caps_actions)) {
+            return true;
+        }
+
+        if (!empty($caps_actions['types.list'])) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
      * Returns task menu output (overrides parent's menu method).
      *
      * @return string HTML output
@@ -85,12 +124,6 @@ class kolab_client_task_settings extends kolab_client_task
      */
     public function action_info()
     {
-        // Disable for directory manager (see #1025)
-        if (preg_match('/^cn=([a-z ]+)/i', $_SESSION['user']['id'])) {
-            $this->output->command('set_watermark', 'content');
-            return;
-        }
-
         $_POST['id'] = $_SESSION['user']['id'];
         $user_task    = new kolab_client_task_user($this->output);
         $user_task->action_info();
diff --git a/lib/kolab_client_task.php b/lib/kolab_client_task.php
index 27f7c53..b2edadf 100644
--- a/lib/kolab_client_task.php
+++ b/lib/kolab_client_task.php
@@ -658,6 +658,36 @@ class kolab_client_task
     }
 
     /**
+     * Returns effective rights for the specified object
+     *
+     * @param string $type Object type
+     * @param string $id   Object identifier
+     *
+     * @return array Two element array with 'attribute' and 'entry' elements
+     */
+    protected function effective_rights($type, $id = null)
+    {
+        $caps = $this->get_capability('actions');
+
+        if (empty($caps[$type . '.effective_rights'])) {
+            return array(
+                'attribute' => array(),
+                'entry'     => array(),
+            );
+        }
+
+        // Get the rights on the entry and attribute level
+        $result = $this->api->get($type . '.effective_rights', array($type => $id));
+
+        $result = array(
+            'attribute' => $result->get('attributeLevelRights'),
+            'entry'     => $result->get('entryLevelRights'),
+        );
+
+        return $result;
+    }
+
+    /**
      * Returns execution time in seconds
      *
      * @param string Execution time
@@ -922,14 +952,9 @@ class kolab_client_task
         }
 
         // Get the rights on the entry and attribute level
-        $result = $this->api->get($name . ".effective_rights", array($name => $data['id']));
-        $attribute_rights = $result->get('attributeLevelRights');
-        $entry_rights     = $result->get('entryLevelRights');
-
-        $data['effective_rights'] = array(
-            'attribute' => $attribute_rights,
-            'entry'     => $entry_rights,
-        );
+        $data['effective_rights'] = $this->effective_rights($name, $data['id']);
+        $attribute_rights         = $data['effective_rights']['attribute'];
+        $entry_rights             = $data['effective_rights']['entry'];
 
         // See if "administrators" (those who can delete and add back on the entry
         // level) may override the automatically generated contents of auto_form_fields.


commit f8a39bf87385a71b18ea2194510fb1f888fd21cc
Author: Aleksander Machniak <alec at alec.pl>
Date:   Wed Sep 19 14:15:04 2012 +0200

    Define role.effective_rights capability

diff --git a/lib/api/kolab_api_service_role.php b/lib/api/kolab_api_service_role.php
index 1158f03..0deecf9 100644
--- a/lib/api/kolab_api_service_role.php
+++ b/lib/api/kolab_api_service_role.php
@@ -64,6 +64,8 @@ class kolab_api_service_role extends kolab_api_service
             $rights['members_list'] = "r";
         }
 
+        $rights['effective_rights'] = "r";
+
         return $rights;
     }
 


commit 1de1f6c2cb3323baa715b0eb2e67520610241b1a
Author: Aleksander Machniak <alec at alec.pl>
Date:   Wed Sep 19 11:33:06 2012 +0200

    Fix some labels

diff --git a/lib/client/kolab_client_task_about.php b/lib/client/kolab_client_task_about.php
index 5380581..0a2ce41 100644
--- a/lib/client/kolab_client_task_about.php
+++ b/lib/client/kolab_client_task_about.php
@@ -27,9 +27,9 @@ class kolab_client_task_about extends kolab_client_task
     protected $ajax_only = true;
 
     protected $menu = array(
-        'kolab'      => 'menu.kolab',
-        'kolabsys'   => 'menu.kolabsys',
-        'technology' => 'menu.technology',
+        'kolab'      => 'about.kolab',
+        'kolabsys'   => 'about.kolabsys',
+        'technology' => 'about.technology',
     );
 
     public function action_default()
diff --git a/lib/locale/en.php b/lib/locale/en.php
index a9d4fac..0da1aa0 100644
--- a/lib/locale/en.php
+++ b/lib/locale/en.php
@@ -1,8 +1,12 @@
 <?php
 
 $LANG['about.community'] = 'This is the Community Edition of the <b>Kolab Server</b>.';
-$LANG['about.warranty'] = 'It comes with absolutely <b>no warranties</b> and is typically run entirely self supported. You can find help & information on the community <a href="http://kolab.org">web site</a> & <a href="http://wiki.kolab.org">wiki</a>.';
+$LANG['about.kolab'] = 'Kolab';
+$LANG['about.kolabsys'] = 'Kolab Systems';
 $LANG['about.support'] = 'Professional support is available from <a href="http://kolabsys.com">Kolab Systems</a>.';
+$LANG['about.technology'] = 'Technology';
+$LANG['about.warranty'] = 'It comes with absolutely <b>no warranties</b> and is typically run entirely self supported. You can find help & information on the community <a href="http://kolab.org">web site</a> & <a href="http://wiki.kolab.org">wiki</a>.';
+
 $LANG['creatorsname'] = 'Created by';
 $LANG['days'] = 'days';
 $LANG['debug'] = 'Debug info';
@@ -58,12 +62,9 @@ $LANG['MB'] = 'MB';
 $LANG['menu.about'] = 'About';
 $LANG['menu.domains'] = 'Domains';
 $LANG['menu.groups'] = 'Groups';
-$LANG['menu.kolab'] = 'Kolab';
-$LANG['menu.kolabsys'] = 'Kolab Systems';
 $LANG['menu.resources'] = 'Resources';
 $LANG['menu.roles'] = 'Roles';
 $LANG['menu.settings'] = 'Settings';
-$LANG['menu.technology'] = 'Technology';
 $LANG['menu.users'] = 'Users';
 
 $LANG['modifiersname'] = 'Modified by';
diff --git a/lib/locale/en_US.php b/lib/locale/en_US.php
index 760f513..7b56ba1 100644
--- a/lib/locale/en_US.php
+++ b/lib/locale/en_US.php
@@ -1,8 +1,12 @@
 <?php
 
 $LANG['about.community'] = 'This is the Community Edition of the <b>Kolab Server</b>.';
-$LANG['about.warranty'] = 'It comes with absolutely <b>no warranties</b> and is typically run entirely self supported. You can find help & information on the community <a href="http://kolab.org">web site</a> & <a href="http://wiki.kolab.org">wiki</a>.';
+$LANG['about.kolab'] = 'Kolab';
+$LANG['about.kolabsys'] = 'Kolab Systems';
 $LANG['about.support'] = 'Professional support is available from <a href="http://kolabsys.com">Kolab Systems</a>.';
+$LANG['about.technology'] = 'Technology';
+$LANG['about.warranty'] = 'It comes with absolutely <b>no warranties</b> and is typically run entirely self supported. You can find help & information on the community <a href="http://kolab.org">web site</a> & <a href="http://wiki.kolab.org">wiki</a>.';
+
 $LANG['creatorsname'] = 'Created by';
 $LANG['days'] = 'days';
 $LANG['debug'] = 'Debug info';
@@ -56,12 +60,9 @@ $LANG['MB'] = 'MB';
 $LANG['menu.about'] = 'About';
 $LANG['menu.domains'] = 'Domains';
 $LANG['menu.groups'] = 'Groups';
-$LANG['menu.kolab'] = 'Kolab';
-$LANG['menu.kolabsys'] = 'Kolab Systems';
 $LANG['menu.resources'] = 'Resources';
 $LANG['menu.roles'] = 'Roles';
 $LANG['menu.settings'] = 'Settings';
-$LANG['menu.technology'] = 'Technology';
 $LANG['menu.users'] = 'Users';
 
 $LANG['modifiersname'] = 'Modified by';





More information about the commits mailing list