function update_action_rights() {
global $params, $actions, $path, $cright_read, $cright_write_admin, $obm, $profiles;
$cright_forbidden = 32;
$id = $params['contact_id'];
if ($id > 0) {
$c = get_contact_info($id);
// Allow public contact handling only if write_admin right
if ($c['privacy'] != 1) {
$actions['contact']['detailupdate']['Right'] = $cright_write_admin;
$actions['contact']['update']['Right'] = $cright_write_admin;
$actions['contact']['insert']['Right'] = $cright_write_admin;
$actions['contact']['check_delete']['Right'] = $cright_write_admin;
$actions['contact']['delete']['Right'] = $cright_write_admin;
} else {
// update the admin rights on the current contact
if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canAdmin($obm['uid'], 'contact', $id)) {
$actions['contact']['rights_admin']['Right'] = $cright_read;
$actions['contact']['rights_update']['Right'] = $cright_read;
} else {
$actions['contact']['rights_admin']['Right'] = $cright_write_admin;
$actions['contact']['rights_update']['Right'] = $cright_write_admin;
}
// update the update rights on the current contact
if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canWrite($obm['uid'], 'contact', $id)) {
$actions['contact']['update']['Right'] = $cright_read;
$actions['contact']['delete']['Right'] = $cright_read;
$actions['contact']['detailupdate']['Right'] = $cright_read;
$actions['contact']['check_delete']['Right'] = $cright_read;
} else {
$actions['contact']['update']['Right'] = $cright_forbidden;
$actions['contact']['delete']['Right'] = $cright_forbidden;
$actions['contact']['detailupdate']['Right'] = $cright_forbidden;
$actions['contact']['check_delete']['Right'] = $cright_forbidden;
}
// update the read rights on the current contact
if ($c['usercreate'] == $obm['uid'] || OBM_Acl::canRead($obm['uid'], 'contact', $id)) {
$actions['contact']['detailconsult']['Right'] = $cright_read;
} else {
$actions['contact']['detailconsult']['Right'] = $cright_forbidden;
}
}
}
}
function update_calendar_action() {
global $actions, $params, $path, $obm, $writable_calendars;
if (!$writable_calendars) {
unset($actions['calendar']['new']);
}
$id = $params['calendar_id'];
if($id) {
$event_info = get_calendar_event_info($id);
$owner = $event_info['owner'];
if ($owner != $obm['uid'] && !OBM_Acl::canWrite($obm['uid'], 'calendar', $owner)) {
// Detail Update
unset($actions['calendar']['detailupdate']);
// Duplicate
unset($actions['calendar']['duplicate']);
$data = "<a href=\"$datas[0]\">$datas[0]</a>";
// Update
unset($actions['calendar']['update']);
// Check Delete
unset($actions['calendar']['check_delete']);
// Delete
unset($actions['calendar']['delete']);
}
}
}
public function testPublicRights() {
OBM_Acl::initialize();
$this->assertFalse(OBM_Acl::canAccess(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canRead(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1));
OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0));
$this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1));
$this->assertTrue(OBM_Acl::canRead(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canAdmin(2, 'cv', 1));
OBM_Acl::allow(2, 'cv', 1, 'admin');
$this->assertTrue(OBM_Acl::canAccess(2, 'cv', 1));
$this->assertTrue(OBM_Acl::canRead(2, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(2, 'cv', 1));
$this->assertTrue(OBM_Acl::canAdmin(2, 'cv', 1));
$this->assertEquals(OBM_Acl::getAllowedEntities(2, 'cv', 'read', null, 'title'), array(1 => 'CV Admin'));
OBM_Acl::setPublicRights('cv', 1, array('access' => 1, 'read' => 1, 'write' => 0, 'admin' => 1));
$this->assertTrue(OBM_Acl::canAccess(3, 'cv', 1));
$this->assertTrue(OBM_Acl::canRead(3, 'cv', 1));
$this->assertFalse(OBM_Acl::canWrite(3, 'cv', 1));
$this->assertFalse(OBM_Acl::canAdmin(3, 'cv', 1));
$this->assertEquals(OBM_Acl::getPublicRights('cv', 1), array(
'access' => 1, 'read' => 1, 'write' => 0, 'admin' => 0
));
}
