/** * Removes accounts where current user has no access to * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update * * @todo move logic to Felamimail_Model_MessageFilter */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { $accountFilter = $_filter->getFilter('account_id'); // force a $accountFilter filter (ACL) / all accounts of user if ($accountFilter === NULL || $accountFilter['operator'] !== 'equals' || !empty($accountFilter['value'])) { $_filter->createFilter('account_id', 'equals', array()); } }
/** * you can define default filters here * * @param Tinebase_Model_Filter_FilterGroup $_filter */ protected function _addDefaultFilter(Tinebase_Model_Filter_FilterGroup $_filter = NULL) { if (!$_filter->isFilterSet('showHidden')) { $hiddenFilter = $_filter->createFilter('showHidden', 'equals', FALSE); $hiddenFilter->setIsImplicit(TRUE); $_filter->addFilter($hiddenFilter); } }
/** * search for preferences * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param Tinebase_Model_Pagination $_pagination * @param boolean $_onlyIds * @return Tinebase_Record_RecordSet|array of preferences / pref ids */ public function search(Tinebase_Model_Filter_FilterGroup $_filter = NULL, Tinebase_Model_Pagination $_pagination = NULL, $_onlyIds = FALSE) { // make sure account is set in filter $userId = Tinebase_Core::getUser()->getId(); if (!$_filter->isFilterSet('account')) { $accountFilter = $_filter->createFilter('account', 'equals', array('accountId' => $userId, 'accountType' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER)); $_filter->addFilter($accountFilter); } else { // only admins can search for other users prefs $accountFilter = $_filter->getAccountFilter(); $accountFilterValue = $accountFilter->getValue(); if ($accountFilterValue['accountId'] != $userId && $accountFilterValue['accountType'] == Tinebase_Acl_Rights::ACCOUNT_TYPE_USER) { if (!Tinebase_Acl_Roles::getInstance()->hasRight($this->_application, Tinebase_Core::getUser()->getId(), Tinebase_Acl_Rights_Abstract::ADMIN)) { return new Tinebase_Record_RecordSet('Tinebase_Model_Preference'); } } } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r($_filter->toArray(), TRUE)); } $paging = new Tinebase_Model_Pagination(array('dir' => 'ASC', 'sort' => array('name'))); $allPrefs = parent::search($_filter, $_pagination, $_onlyIds); if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' ' . print_r(is_array($allPrefs) ? $allPrefs : $allPrefs->toArray(), TRUE)); } if (!$_onlyIds) { $this->_addDefaultAndRemoveUndefinedPrefs($allPrefs, $_filter); // get single matching preferences for each different pref $result = $this->getMatchingPreferences($allPrefs); } else { $result = $allPrefs; } return $result; }
/** * (non-PHPdoc) * @see ActiveSync_Frontend_Abstract::_addContainerFilter() */ protected function _addContainerFilter(Tinebase_Model_Filter_FilterGroup $_filter, $_containerId) { // custom filter gets added when created $_filter->createFilter('account_id', 'equals', Tinebase_Core::getPreference('Expressomail')->{Expressomail_Preference::DEFAULTACCOUNT}); $_filter->addFilter($_filter->createFilter('folder_id', 'equals', $_containerId)); }
/** * Removes accounts where current user has no access to * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { $userFilter = $_filter->getFilter('user_id'); // force a $userFilter filter (ACL) if ($userFilter === NULL || $userFilter->getOperator() !== 'equals' || $userFilter->getValue() !== $this->_currentAccount->getId()) { $userFilter = $_filter->createFilter('user_id', 'equals', $this->_currentAccount->getId()); $_filter->addFilter($userFilter); } }
/** * add container acl filter to filter group * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_containerId */ protected function _addContainerFilter(Tinebase_Model_Filter_FilterGroup $_filter, $_containerId) { $syncableContainers = $this->_getSyncableFolders(); $containerIds = array(); if ($_containerId == $this->_specialFolderName) { $containerIds = $syncableContainers->getArrayOfIds(); } elseif (in_array($_containerId, $syncableContainers->id)) { $containerIds = array($_containerId); } $_filter->addFilter($_filter->createFilter('container_id', 'in', $containerIds)); }
/** * Removes containers where current user has no access to * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { if (!$this->_doContainerACLChecks) { if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Container ACL disabled for ' . $_filter->getModelName() . '.'); } return TRUE; } $aclFilters = $_filter->getAclFilters(); if (!$aclFilters) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Force a standard containerFilter (specialNode = all) as ACL filter.'); } $containerFilter = $_filter->createFilter('container_id', 'specialNode', 'all', array('applicationName' => $_filter->getApplicationName())); $_filter->addFilter($containerFilter); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Setting filter grants for action ' . $_action); } switch ($_action) { case 'get': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_ADMIN)); break; case 'update': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_ADMIN)); break; case 'export': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_EXPORT, Tinebase_Model_Grants::GRANT_ADMIN)); break; case 'sync': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_SYNC, Tinebase_Model_Grants::GRANT_ADMIN)); break; default: throw new Tinebase_Exception_UnexpectedValue('Unknown action: ' . $_action); } }
protected function _addContainerFilter(Tinebase_Model_Filter_FilterGroup $_filter, $_containerId) { // custom filter gets added when created $_filter->createFilter('account_id', 'equals', Tinebase_Core::getPreference('Felamimail')->{Felamimail_Preference::DEFAULTACCOUNT}); $_filter->addFilter($_filter->createFilter('folder_id', 'equals', $_containerId)); #if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " filter " . print_r($_filter->toArray(), true)); }
/** * redefine required grants for get actions * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { $hasGrantsFilter = FALSE; foreach ($_filter->getAclFilters() as $aclFilter) { if ($aclFilter instanceof Calendar_Model_GrantFilter) { $hasGrantsFilter = TRUE; break; } } if (!$hasGrantsFilter) { // force a grant filter // NOTE: actual grants are set via setRequiredGrants later $grantsFilter = $_filter->createFilter('grants', 'in', '@setRequiredGrants'); $_filter->addFilter($grantsFilter); } parent::checkFilterACL($_filter, $_action); if ($_action == 'get') { $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_FREEBUSY, Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_ADMIN)); } }
/** * Removes containers where current user has no access to * -> remove timetracker containers, too (those are managed within the timetracker) * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { if ($_action == 'get') { $userApps = Tinebase_Core::getUser()->getApplications(TRUE); $filterAppIds = array(); foreach ($userApps as $app) { if ($app->name !== 'Timetracker') { $filterAppIds[] = $app->getId(); } } $appFilter = $_filter->createFilter('application_id', 'in', $filterAppIds); $_filter->addFilter($appFilter); } }