/** * Removes containers where current user has no access to * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { if (!$this->_doContainerACLChecks) { if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Container ACL disabled for ' . $_filter->getModelName() . '.'); } return TRUE; } $aclFilters = $_filter->getAclFilters(); if (!$aclFilters) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Force a standard containerFilter (specialNode = all) as ACL filter.'); } $containerFilter = $_filter->createFilter('container_id', 'specialNode', 'all', array('applicationName' => $_filter->getApplicationName())); $_filter->addFilter($containerFilter); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Setting filter grants for action ' . $_action); } switch ($_action) { case 'get': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_ADMIN)); break; case 'update': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_EDIT, Tinebase_Model_Grants::GRANT_ADMIN)); break; case 'export': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_EXPORT, Tinebase_Model_Grants::GRANT_ADMIN)); break; case 'sync': $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_SYNC, Tinebase_Model_Grants::GRANT_ADMIN)); break; default: throw new Tinebase_Exception_UnexpectedValue('Unknown action: ' . $_action); } }
/** * redefine required grants for get actions * * @param Tinebase_Model_Filter_FilterGroup $_filter * @param string $_action get|update */ public function checkFilterACL(Tinebase_Model_Filter_FilterGroup $_filter, $_action = 'get') { $hasGrantsFilter = FALSE; foreach ($_filter->getAclFilters() as $aclFilter) { if ($aclFilter instanceof Calendar_Model_GrantFilter) { $hasGrantsFilter = TRUE; break; } } if (!$hasGrantsFilter) { // force a grant filter // NOTE: actual grants are set via setRequiredGrants later $grantsFilter = $_filter->createFilter('grants', 'in', '@setRequiredGrants'); $_filter->addFilter($grantsFilter); } parent::checkFilterACL($_filter, $_action); if ($_action == 'get') { $_filter->setRequiredGrants(array(Tinebase_Model_Grants::GRANT_FREEBUSY, Tinebase_Model_Grants::GRANT_READ, Tinebase_Model_Grants::GRANT_ADMIN)); } }