From 45615be2078d808fb414e4ea61e9f4e0ab00d611 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 12 Jul 2018 22:36:44 +0200 Subject: [PATCH] pass context to getAccessMode() --- op/op.AddDocument.php | 2 +- op/op.AddFile.php | 2 +- op/op.AddSubFolder.php | 2 +- op/op.Ajax.php | 14 +++++++------- op/op.EditAttributes.php | 2 +- op/op.EditDocument.php | 4 ++-- op/op.EditDocumentFile.php | 2 +- op/op.EditFolder.php | 2 +- op/op.EditOnline.php | 4 ++-- op/op.MoveDocument.php | 4 ++-- op/op.MoveFolder.php | 2 +- op/op.RemoveDocument.php | 7 +++++-- op/op.RemoveDocumentFile.php | 2 +- op/op.RemoveDocumentLink.php | 2 +- op/op.RemoveFolder.php | 2 +- op/op.RemoveVersion.php | 2 +- op/op.UpdateDocument.php | 2 +- restapi/index.php | 24 ++++++++++++------------ webdav/webdav.php | 8 ++++---- 19 files changed, 46 insertions(+), 43 deletions(-) diff --git a/op/op.AddDocument.php b/op/op.AddDocument.php index 630958934..eb1def9d7 100644 --- a/op/op.AddDocument.php +++ b/op/op.AddDocument.php @@ -51,7 +51,7 @@ if (!is_object($folder)) { $folderPathHTML = getFolderPathHTML($folder, true); -if ($folder->getAccessMode($user) < M_READWRITE) { +if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } diff --git a/op/op.AddFile.php b/op/op.AddFile.php index 80f0e6c31..944028eea 100644 --- a/op/op.AddFile.php +++ b/op/op.AddFile.php @@ -40,7 +40,7 @@ if (!is_object($document)) { $folder = $document->getFolder(); -if ($document->getAccessMode($user) < M_READWRITE) { +if ($document->getAccessMode($user, 'addDocumentFile') < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } diff --git a/op/op.AddSubFolder.php b/op/op.AddSubFolder.php index d9576d97f..ca9260b56 100644 --- a/op/op.AddSubFolder.php +++ b/op/op.AddSubFolder.php @@ -50,7 +50,7 @@ if (!is_object($folder)) { $folderPathHTML = getFolderPathHTML($folder, true); -if ($folder->getAccessMode($user) < M_READWRITE) { +if ($folder->getAccessMode($user, 'addFolder') < M_READWRITE) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } diff --git a/op/op.Ajax.php b/op/op.Ajax.php index b9092b8c0..6eede8bfe 100644 --- a/op/op.Ajax.php +++ b/op/op.Ajax.php @@ -267,9 +267,9 @@ switch($command) { } else { $mfolder = $dms->getFolder($_REQUEST['folderid']); if($mfolder) { - if ($mfolder->getAccessMode($user) >= M_READWRITE) { + if ($mfolder->getAccessMode($user, 'moveFolder') >= M_READWRITE) { if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) { - if($folder->getAccessMode($user) >= M_READWRITE) { + if($folder->getAccessMode($user, 'moveFolder') >= M_READWRITE) { if($mfolder->setParent($folder)) { header('Content-Type: application/json'); echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_folder'), 'data'=>'')); @@ -306,9 +306,9 @@ switch($command) { } else { $mdocument = $dms->getDocument($_REQUEST['docid']); if($mdocument) { - if ($mdocument->getAccessMode($user) >= M_READWRITE) { + if ($mdocument->getAccessMode($user, 'moveDocument') >= M_READWRITE) { if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) { - if($folder->getAccessMode($user) >= M_READWRITE) { + if($folder->getAccessMode($user, 'moveDocument') >= M_READWRITE) { if($mdocument->setFolder($folder)) { header('Content-Type: application/json'); echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_document'), 'data'=>'')); @@ -345,7 +345,7 @@ switch($command) { } else { $folder = $dms->getFolder($_REQUEST['id']); if($folder) { - if ($folder->getAccessMode($user) >= M_READWRITE) { + if ($folder->getAccessMode($user, 'removeFolder') >= M_READWRITE) { $parent=$folder->getParent(); $nl = $folder->getNotifyList(); $foldername = $folder->getName(); @@ -392,7 +392,7 @@ switch($command) { } else { $document = $dms->getDocument($_REQUEST['id']); if($document) { - if ($document->getAccessMode($user) >= M_READWRITE) { + if ($document->getAccessMode($user, 'removeDocument') >= M_READWRITE) { $folder = $document->getFolder(); /* Get the notify list before removing the document */ $dnl = $document->getNotifyList(); @@ -523,7 +523,7 @@ switch($command) { exit; } - if ($folder->getAccessMode($user) < M_READWRITE) { + if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) { header('Content-Type: application/json'); echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied"))); exit; diff --git a/op/op.EditAttributes.php b/op/op.EditAttributes.php index 46b013974..dce009239 100644 --- a/op/op.EditAttributes.php +++ b/op/op.EditAttributes.php @@ -48,7 +48,7 @@ if (!is_object($document)) { $folder = $document->getFolder(); $docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName().""; -if ($document->getAccessMode($user) < M_READWRITE) { +if ($document->getAccessMode($user, 'editDocumentContentAttributes') < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } diff --git a/op/op.EditDocument.php b/op/op.EditDocument.php index 8717d39ff..54aaf7763 100644 --- a/op/op.EditDocument.php +++ b/op/op.EditDocument.php @@ -46,13 +46,13 @@ if (!is_object($document)) { $folder = $document->getFolder(); $docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName().""; -if ($document->getAccessMode($user) < M_READWRITE) { +if ($document->getAccessMode($user, 'editDocument') < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if($document->isLocked()) { $lockingUser = $document->getLockingUser(); - if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { + if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editDocument') != M_ALL)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); } } diff --git a/op/op.EditDocumentFile.php b/op/op.EditDocumentFile.php index 780e51f76..441ce6964 100644 --- a/op/op.EditDocumentFile.php +++ b/op/op.EditDocumentFile.php @@ -59,7 +59,7 @@ if (!is_object($file)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id")); } -if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) { +if (($document->getAccessMode($user, 'editDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); } diff --git a/op/op.EditFolder.php b/op/op.EditFolder.php index 616046764..2648c4e08 100644 --- a/op/op.EditFolder.php +++ b/op/op.EditFolder.php @@ -45,7 +45,7 @@ if (!is_object($folder)) { $folderPathHTML = getFolderPathHTML($folder, true); -if ($folder->getAccessMode($user) < M_READWRITE) { +if ($folder->getAccessMode($user, 'editFolder') < M_READWRITE) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } diff --git a/op/op.EditOnline.php b/op/op.EditOnline.php index e0c4d3065..b19eb420b 100644 --- a/op/op.EditOnline.php +++ b/op/op.EditOnline.php @@ -42,13 +42,13 @@ if (!is_object($document)) { $folder = $document->getFolder(); $docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName().""; -if ($document->getAccessMode($user) < M_READWRITE) { +if ($document->getAccessMode($user, 'editOnline') < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if($document->isLocked()) { $lockingUser = $document->getLockingUser(); - if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { + if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editOnline') != M_ALL)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); } } diff --git a/op/op.MoveDocument.php b/op/op.MoveDocument.php index 8fa4d9e95..7c834cd39 100644 --- a/op/op.MoveDocument.php +++ b/op/op.MoveDocument.php @@ -51,13 +51,13 @@ if (!is_object($targetFolder)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_target_folder")); } -if (($document->getAccessMode($user) < M_READWRITE) || ($targetFolder->getAccessMode($user) < M_READWRITE)) { +if (($document->getAccessMode($user, 'moveDocument') < M_READWRITE) || ($targetFolder->getAccessMode($user, 'moveDocument') < M_READWRITE)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if($document->isLocked()) { $lockingUser = $document->getLockingUser(); - if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { + if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'moveDocument') != M_ALL)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); } } diff --git a/op/op.MoveFolder.php b/op/op.MoveFolder.php index 2519b551f..cdc0525b7 100644 --- a/op/op.MoveFolder.php +++ b/op/op.MoveFolder.php @@ -56,7 +56,7 @@ if($folder->isSubFolder($targetFolder)) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_target_folder")); } -if ($folder->getAccessMode($user) < M_READWRITE || $targetFolder->getAccessMode($user) < M_READWRITE) { +if ($folder->getAccessMode($user, 'moveFolder') < M_READWRITE || $targetFolder->getAccessMode($user, 'moveFolder') < M_READWRITE) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } diff --git a/op/op.RemoveDocument.php b/op/op.RemoveDocument.php index df5359a73..771728464 100644 --- a/op/op.RemoveDocument.php +++ b/op/op.RemoveDocument.php @@ -46,13 +46,16 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -if ($document->getAccessMode($user) < M_ALL) { +if ($document->getAccessMode($user, 'removeDocument') < M_ALL) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied")); } +/* FIXME: whether a document is locked or not, doesn't make a difference, + * because M_ALL access right is used in any case. + */ if($document->isLocked()) { $lockingUser = $document->getLockingUser(); - if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { + if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'removeDocument') != M_ALL)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); } } diff --git a/op/op.RemoveDocumentFile.php b/op/op.RemoveDocumentFile.php index c2126e3a8..9887c5dd2 100644 --- a/op/op.RemoveDocumentFile.php +++ b/op/op.RemoveDocumentFile.php @@ -54,7 +54,7 @@ if (!is_object($file)) { } -if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) { +if (($document->getAccessMode($user, 'removeDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } diff --git a/op/op.RemoveDocumentLink.php b/op/op.RemoveDocumentLink.php index d89c41bb2..87d088d54 100644 --- a/op/op.RemoveDocumentLink.php +++ b/op/op.RemoveDocumentLink.php @@ -54,7 +54,7 @@ if (!is_object($link)) { } $responsibleUser = $link->getUser(); -$accessMode = $document->getAccessMode($user); +$accessMode = $document->getAccessMode($user, 'removeDocumentLink'); if ( ($accessMode < M_READ) diff --git a/op/op.RemoveFolder.php b/op/op.RemoveFolder.php index 0ba444b8d..91385908d 100644 --- a/op/op.RemoveFolder.php +++ b/op/op.RemoveFolder.php @@ -50,7 +50,7 @@ if ($folderid == $settings->_rootFolderID || !$folder->getParent()) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_rm_root")); } -if ($folder->getAccessMode($user) < M_ALL) { +if ($folder->getAccessMode($user, 'removeFolder') < M_ALL) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } diff --git a/op/op.RemoveVersion.php b/op/op.RemoveVersion.php index f2d25bc75..95917380a 100644 --- a/op/op.RemoveVersion.php +++ b/op/op.RemoveVersion.php @@ -46,7 +46,7 @@ if (!$settings->_enableVersionDeletion && !$user->isAdmin()) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); } -if ($document->getAccessMode($user) < M_ALL) { +if ($document->getAccessMode($user, 'removeVersion') < M_ALL) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } diff --git a/op/op.UpdateDocument.php b/op/op.UpdateDocument.php index eeba7227d..654c192c2 100644 --- a/op/op.UpdateDocument.php +++ b/op/op.UpdateDocument.php @@ -48,7 +48,7 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -if ($document->getAccessMode($user) < M_READWRITE) { +if ($document->getAccessMode($user, 'updateDocument') < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); } diff --git a/restapi/index.php b/restapi/index.php index 39e8ffe9a..f19be2a1e 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -411,7 +411,7 @@ function createFolder($id) { /* {{{ */ } $parent = $dms->getFolder($id); if($parent) { - if($parent->getAccessMode($userobj) >= M_READWRITE) { + if($parent->getAccessMode($userobj, 'addFolder') >= M_READWRITE) { if($name = $app->request()->post('name')) { $comment = $app->request()->post('comment'); $attributes = $app->request()->post('attributes'); @@ -478,9 +478,9 @@ function moveFolder($id, $folderid) { /* {{{ */ $mfolder = $dms->getFolder($id); if($mfolder) { - if ($mfolder->getAccessMode($userobj) >= M_READ) { + if ($mfolder->getAccessMode($userobj, 'moveFolder') >= M_READ) { if($folder = $dms->getFolder($folderid)) { - if($folder->getAccessMode($userobj) >= M_READWRITE) { + if($folder->getAccessMode($userobj, 'moveFolder') >= M_READWRITE) { if($mfolder->setParent($folder)) { $app->response()->header('Content-Type', 'application/json'); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); @@ -535,7 +535,7 @@ function deleteFolder($id) { /* {{{ */ } $mfolder = $dms->getFolder($id); if($mfolder) { - if ($mfolder->getAccessMode($userobj) >= M_READWRITE) { + if ($mfolder->getAccessMode($userobj, 'removeFolder') >= M_READWRITE) { if($mfolder->remove()) { $app->response()->header('Content-Type', 'application/json'); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); @@ -577,7 +577,7 @@ function uploadDocument($id) { /* {{{ */ } $mfolder = $dms->getFolder($id); if($mfolder) { - if ($mfolder->getAccessMode($userobj) >= M_READWRITE) { + if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) { $docname = $app->request()->params('name'); $keywords = $app->request()->params('keywords'); // $categories = $app->request()->params('categories') ? $app->request()->params('categories') : []; @@ -650,7 +650,7 @@ function uploadDocumentPut($id) { /* {{{ */ } $mfolder = $dms->getFolder($id); if($mfolder) { - if ($mfolder->getAccessMode($userobj) >= M_READWRITE) { + if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) { $docname = $app->request()->get('name'); $origfilename = $app->request()->get('origfilename'); $content = $app->getInstance()->request()->getBody(); @@ -706,7 +706,7 @@ function uploadDocumentFile($documentId) { /* {{{ */ } $document = $dms->getDocument($documentId); if($document) { - if ($document->getAccessMode($userobj) >= M_READWRITE) { + if ($document->getAccessMode($userobj, 'addDocumentFile') >= M_READWRITE) { $docname = $app->request()->params('name'); $keywords = $app->request()->params('keywords'); $origfilename = $app->request()->params('origfilename'); @@ -791,7 +791,7 @@ function deleteDocument($id) { /* {{{ */ global $app, $dms, $userobj; $document = $dms->getDocument($id); if($document) { - if ($document->getAccessMode($userobj) >= M_READWRITE) { + if ($document->getAccessMode($userobj, 'deleteDocument') >= M_READWRITE) { if($document->remove()) { $app->response()->header('Content-Type', 'application/json'); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); @@ -819,9 +819,9 @@ function moveDocument($id, $folderid) { /* {{{ */ global $app, $dms, $userobj; $document = $dms->getDocument($id); if($document) { - if ($document->getAccessMode($userobj) >= M_READ) { + if ($document->getAccessMode($userobj, 'moveDocument') >= M_READ) { if($folder = $dms->getFolder($folderid)) { - if($folder->getAccessMode($userobj) >= M_READWRITE) { + if($folder->getAccessMode($userobj, 'moveDocument') >= M_READWRITE) { if($document->setFolder($folder)) { $app->response()->header('Content-Type', 'application/json'); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); @@ -1151,7 +1151,7 @@ function removeDocumentCategory($id, $categoryId) { /* {{{ */ $category = $dms->getDocumentCategory($categoryId); if($document && $category) { - if ($document->getAccessMode($userobj) >= M_READWRITE) { + if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) { $ret = $document->removeCategories(array($category)); $app->response()->header('Content-Type', 'application/json'); @@ -1179,7 +1179,7 @@ function removeDocumentCategories($id) { /* {{{ */ $document = $dms->getDocument($id); if($document) { - if ($document->getAccessMode($userobj) >= M_READWRITE) { + if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) { $app->response()->header('Content-Type', 'application/json'); if($document->setCategories(array())) echo json_encode(array('success'=>true, 'message'=>'Deleted categories successfully.', 'data'=>'')); diff --git a/webdav/webdav.php b/webdav/webdav.php index e077e4858..cc372ecae 100644 --- a/webdav/webdav.php +++ b/webdav/webdav.php @@ -602,7 +602,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server if($document) { if($this->logger) $this->logger->log('PUT: replacing document id='.$document->getID(), PEAR_LOG_INFO); - if ($document->getAccessMode($this->user) < M_READWRITE) { + if ($document->getAccessMode($this->user, 'updateDocument') < M_READWRITE) { if($this->logger) $this->logger->log('PUT: no access on document', PEAR_LOG_ERR); unlink($tmpFile); @@ -645,7 +645,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server } else { if($this->logger) $this->logger->log('PUT: adding new document', PEAR_LOG_INFO); - if ($folder->getAccessMode($this->user) < M_READWRITE) { + if ($folder->getAccessMode($this->user, 'addDocument') < M_READWRITE) { if($this->logger) $this->logger->log('PUT: no access on folder', PEAR_LOG_ERR); unlink($tmpFile); @@ -753,7 +753,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server return "403 Forbidden"; } - if ($folder->getAccessMode($this->user) < M_READWRITE) { + if ($folder->getAccessMode($this->user, 'addFolder') < M_READWRITE) { if($this->logger) $this->logger->log('MKCOL: access forbidden', PEAR_LOG_ERR); return "403 Forbidden"; @@ -800,7 +800,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server if (!$obj) return "404 Not found"; // check for access rights - if($obj->getAccessMode($this->user) < M_ALL) { + if($obj->getAccessMode($this->user, get_class($obj) == $this->dms->getClassname('folder') ? 'removeFolder' : 'removeDocument') < M_ALL) { if($this->logger) $this->logger->log('DELETE: access forbidden', PEAR_LOG_ERR); return "403 Forbidden";