/** * calculate event permissions and remove events that don't match * * @param Tinebase_Record_RecordSet $events * @param Tinebase_Model_Filter_AclFilter $grantsFilter */ protected function _checkGrants($events, $grantsFilter) { $currentContact = Tinebase_Core::getUser()->contact_id; $containerGrants = Tinebase_Container::getInstance()->getContainerGrantsOfRecords($events, Tinebase_Core::getUser()); $resolvedAttendees = Calendar_Model_Attender::getResolvedAttendees($events->attendee, true); $toRemove = array(); $inheritableGrants = array(Tinebase_Model_Grants::GRANT_FREEBUSY, Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_SYNC, Tinebase_Model_Grants::GRANT_EXPORT, Tinebase_Model_Grants::GRANT_PRIVATE); if ($grantsFilter instanceof Calendar_Model_GrantFilter) { $requiredGrants = $grantsFilter->getRequiredGrants(); if (is_array($requiredGrants)) { $requiredGrants = array_intersect($requiredGrants, $this->_recordBasedGrants); } else { // TODO throw exception here? if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) { Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' Required grants not set in grants filter: ' . print_r($grantsFilter->toArray(), true)); } } } foreach ($events as $event) { $containerId = $event->container_id instanceof Tinebase_Model_Container ? $event->container_id->getId() : $event->container_id; // either current user is organizer or has admin right on container if ($event->organizer === $currentContact || isset($containerGrants[$containerId]) && $containerGrants[$containerId]->account_grants[Tinebase_Model_Grants::GRANT_ADMIN]) { foreach ($this->_recordBasedGrants as $grant) { $event->{$grant} = true; } // has all rights => no need to filter continue; } // grants to original container if (isset($containerGrants[$containerId])) { foreach ($this->_recordBasedGrants as $grant) { $event->{$grant} = $containerGrants[$containerId]->account_grants[$grant]; } } // check grant inheritance if ($event->attendee instanceof Tinebase_Record_RecordSet) { foreach ($inheritableGrants as $grant) { if (!$event->{$grant}) { foreach ($event->attendee as $attendee) { $attendee = $resolvedAttendees->getById($attendee->getId()); if (!$attendee) { continue; } if ($attendee->displaycontainer_id instanceof Tinebase_Model_Container && $attendee->displaycontainer_id->account_grants && ($attendee->displaycontainer_id->account_grants[$grant] || $attendee->displaycontainer_id->account_grants[Tinebase_Model_Grants::GRANT_ADMIN])) { $event->{$grant} = true; break; } } } } } // check if one of the grants is set ... if (isset($requiredGrants) && is_array($requiredGrants)) { foreach ($requiredGrants as $requiredGrant) { if ($event->{$requiredGrant}) { continue 2; } } // ... otherwise mark for removal $toRemove[] = $event; } } // remove records with non matching grants foreach ($toRemove as $event) { $events->removeRecord($event); } }