fmsystem-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [15175] change logic for getting grants of permission


From: sigurdne
Subject: [Fmsystem-commits] [15175] change logic for getting grants of permission
Date: Thu, 19 May 2016 07:10:03 +0000 (UTC)

Revision: 15175
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=15175
Author:   sigurdne
Date:     2016-05-19 07:10:02 +0000 (Thu, 19 May 2016)
Log Message:
-----------
change logic for getting grants of permission

Modified Paths:
--------------
    trunk/demo/inc/class.sodemo.inc.php
    trunk/helpdesk/inc/class.sotts.inc.php
    trunk/hrm/inc/class.bocommon.inc.php
    trunk/hrm/inc/class.souser.inc.php
    trunk/hrm/inc/class.uiuser.inc.php
    trunk/notes/inc/class.sonotes.inc.php
    trunk/notes/inc/class.uinotes.inc.php
    trunk/phpgwapi/inc/class.acl.inc.php
    trunk/phpgwapi/inc/class.phpgw.inc.php
    trunk/property/inc/class.boadmin_entity.inc.php
    trunk/property/inc/class.boadmin_location.inc.php
    trunk/property/inc/class.boagreement.inc.php
    trunk/property/inc/class.boasync.inc.php
    trunk/property/inc/class.bobudget.inc.php
    trunk/property/inc/class.bocommon.inc.php
    trunk/property/inc/class.bocustom.inc.php
    trunk/property/inc/class.bodocument.inc.php
    trunk/property/inc/class.boentity.inc.php
    trunk/property/inc/class.bogab.inc.php
    trunk/property/inc/class.boifc.inc.php
    trunk/property/inc/class.boinvestment.inc.php
    trunk/property/inc/class.bolocation.inc.php
    trunk/property/inc/class.bopricebook.inc.php
    trunk/property/inc/class.boproject.inc.php
    trunk/property/inc/class.borequest.inc.php
    trunk/property/inc/class.bos_agreement.inc.php
    trunk/property/inc/class.botemplate.inc.php
    trunk/property/inc/class.botenant_claim.inc.php
    trunk/property/inc/class.bowo_hour.inc.php
    trunk/property/inc/class.boworkorder.inc.php
    trunk/property/inc/class.soagreement.inc.php
    trunk/property/inc/class.socustom.inc.php
    trunk/property/inc/class.soentity.inc.php
    trunk/property/inc/class.sojasper.inc.php
    trunk/property/inc/class.soproject.inc.php
    trunk/property/inc/class.sos_agreement.inc.php
    trunk/property/inc/class.sotts.inc.php
    trunk/property/inc/class.soworkorder.inc.php
    trunk/property/inc/class.uijasper.inc.php
    trunk/property/inc/class.uiproject.inc.php
    trunk/property/inc/class.uiresponsible.inc.php
    trunk/property/inc/class.uiwo_hour.inc.php
    trunk/property/inc/class.uiworkorder.inc.php
    trunk/sms/inc/class.soautoreply.inc.php
    trunk/sms/inc/class.socommand.inc.php
    trunk/sms/inc/class.sopoll.inc.php
    trunk/sms/inc/class.sosms.inc.php
    trunk/todo/inc/class.botodo.inc.php
    trunk/todo/inc/class.sotodo.inc.php
    trunk/todo/inc/class.uitodo.inc.php

Modified: trunk/demo/inc/class.sodemo.inc.php
===================================================================
--- trunk/demo/inc/class.sodemo.inc.php 2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/demo/inc/class.sodemo.inc.php 2016-05-19 07:10:02 UTC (rev 15175)
@@ -60,7 +60,7 @@
                        $this->custom = createObject('property.custom_fields');
 
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants('demo', $this->acl_location);
+                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants2('demo', $this->acl_location);
                }
 
                function read( $data )
@@ -83,15 +83,36 @@
 
                        if (!$filter)
                        {
-                               if (is_array($this->grants))
+                               $public_user_list = array();
+                               if (is_array($this->grants['accounts']) && 
$this->grants['accounts'])
                                {
-                                       while (list($user) = 
each($this->grants))
+                                       foreach($this->grants['accounts'] as 
$user => $_right)
                                        {
                                                $public_user_list[] = $user;
                                        }
+                                       unset($user);
                                        reset($public_user_list);
-                                       $filtermethod .= " $where ( 
$table.user_id IN(" . implode(',', $public_user_list) . "))";
+                                       $filtermethod .= " $where 
(({$table}.user_id IN(" . implode(',', $public_user_list) . ")";
+                                       $where = 'AND';
                                }
+
+                               $public_group_list = array();
+                               if (is_array($this->grants['groups']) && 
$this->grants['groups'])
+                               {
+                                       foreach($this->grants['groups'] as 
$user => $_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
                        else if ($filter == 'yours')
                        {
@@ -126,13 +147,19 @@
                                $querymethod = " $where name $this->like 
'%$query%'";
                        }
 
-                       $sql = "SELECT COUNT(phpgw_demo_table.id) as cnt FROM 
$table $filtermethod $querymethod";
+                       $sql = "SELECT COUNT(phpgw_demo_table.id) as cnt FROM 
$table"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.user_id = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " $filtermethod $querymethod";
 
                        $this->db->query($sql, __LINE__, __FILE__);
                        $this->db->next_record();
                        $this->total_records = $this->db->f('cnt');
 
-                       $sql = "SELECT * FROM $table $filtermethod $querymethod 
$ordermethod";
+                       $sql = "SELECT DISTINCT {$table}.* FROM {$table}"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.user_id = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " $filtermethod $querymethod $ordermethod";
 
                        if ($allrows)
                        {
@@ -151,7 +178,6 @@
                                        'id' => $this->db->f('id'),
                                        'name' => $this->db->f('name', true),
                                        'entry_date' => 
$this->db->f('entry_date'),
-                                       'grants' => 
(int)$this->grants[$this->db->f('user_id')]
                                );
                        }
 
@@ -184,15 +210,36 @@
 
                        if (!$filter)
                        {
-                               if (is_array($this->grants))
+                               $public_user_list = array();
+                               if (is_array($this->grants['accounts']) && 
$this->grants['accounts'])
                                {
-                                       while (list($user) = 
each($this->grants))
+                                       foreach($this->grants['accounts'] as 
$user => $_right)
                                        {
                                                $public_user_list[] = $user;
                                        }
+                                       unset($user);
                                        reset($public_user_list);
-                                       $filtermethod .= " $where ( 
$table.user_id IN(" . implode(',', $public_user_list) . "))";
+                                       $filtermethod .= " $where 
(({$table}.user_id IN(" . implode(',', $public_user_list) . ")";
+                                       $where = 'AND';
                                }
+
+                               $public_group_list = array();
+                               if (is_array($this->grants['groups']) && 
$this->grants['groups'])
+                               {
+                                       foreach($this->grants['groups'] as 
$user => $_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
                        else if ($filter == 'yours')
                        {
@@ -317,7 +364,10 @@
 
                        $this->uicols = $uicols;
 
-                       $sql = "SELECT COUNT(phpgw_demo_table.id) as cnt FROM 
$table $filtermethod $querymethod";
+                       $sql = "SELECT COUNT(phpgw_demo_table.id) as cnt FROM"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.user_id = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " $table $filtermethod $querymethod";
                        $this->db->query($sql, __LINE__, __FILE__);
                        $this->db->next_record();
                        $this->total_records = $this->db->f('cnt');
@@ -327,7 +377,10 @@
                                return array();
                        }
 
-                       $sql = "SELECT * FROM $table $filtermethod $querymethod 
$ordermethod";
+                       $sql = "SELECT DISTINCT {$table}.* FROM {$table}"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.user_id = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " $filtermethod $querymethod $ordermethod";
                        if ($allrows)
                        {
                                $this->db->query($sql, __LINE__, __FILE__);
@@ -382,7 +435,6 @@
                                $values['user_id'] = $this->db->f('user_id');
                                $values['cat_id'] = $this->db->f('category');
                                $values['access'] = $this->db->f('access');
-                               $values['grants'] = 
(int)$this->grants[$this->db->f('user_id')];
 
                                if (isset($values['attributes']) && 
is_array($values['attributes']))
                                {

Modified: trunk/helpdesk/inc/class.sotts.inc.php
===================================================================
--- trunk/helpdesk/inc/class.sotts.inc.php      2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/helpdesk/inc/class.sotts.inc.php      2016-05-19 07:10:02 UTC (rev 
15175)
@@ -121,28 +121,23 @@
                        $location_code  = isset($data['location_code']) ? 
$data['location_code'] : '';
                        $p_num                  = isset($data['p_num']) ? 
$data['p_num'] : '';
 
-                       $this->grants   = 
$GLOBALS['phpgw']->session->appsession('grants_ticket','helpdesk');
+                       $GLOBALS['phpgw']->acl->set_account_id($this->account);
+                       $this->grants   = 
$GLOBALS['phpgw']->acl->get_grants2('helpdesk','.ticket');
 
-                       if(!$this->grants)
-                       {
-                               
$GLOBALS['phpgw']->acl->set_account_id($this->account);
-                               $this->grants   = 
$GLOBALS['phpgw']->acl->get_grants('helpdesk','.ticket');
-                               
$GLOBALS['phpgw']->session->appsession('grants_ticket','helpdesk',$this->grants);
-                       }
+                       $order_join = "{$this->join} phpgw_accounts ON 
phpgw_helpdesk_tickets.user_id=phpgw_accounts.account_id";
 
                        $result_order_field = '';
                        if ($order)
                        {
                                if( $order == 'assignedto' )
                                {
-                                       $result_order_field = 
',account_lastname';
-                                       $order_join = "LEFT OUTER JOIN 
phpgw_accounts ON phpgw_helpdesk_tickets.assignedto=phpgw_accounts.account_id";
-                                       $order = 'account_lastname';
+//                                     $result_order_field = 
',account_lastname';
+//                                     $order_join = "LEFT OUTER JOIN 
phpgw_accounts ON phpgw_helpdesk_tickets.assignedto=phpgw_accounts.account_id";
+//                                     $order = 'account_lastname';
                                }
                                else if( $order == 'user' )
                                {
                                        $result_order_field = 
',account_lastname';
-                                       $order_join = "LEFT OUTER JOIN 
phpgw_accounts ON phpgw_helpdesk_tickets.user_id=phpgw_accounts.account_id";
                                        $order = 'account_lastname';
                                }
                                else
@@ -157,6 +152,8 @@
                                $ordermethod = ' ORDER BY 
phpgw_helpdesk_tickets.id DESC';
                        }
 
+                       $order_join .= " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)";
+
                        $filtermethod = '';
 
                        $categories = 
$GLOBALS['phpgw']->locations->get_subs('helpdesk', '.ticket.category');
@@ -195,14 +192,36 @@
 
                        if (is_array($this->grants))
                        {
-                               $grants = & $this->grants;
-                               foreach($grants as $user => $right)
+                               $public_user_list = array();
+                               if (is_array($this->grants['accounts']) && 
$this->grants['accounts'])
                                {
-                                       $public_user_list[] = $user;
+                                       foreach($this->grants['accounts'] as 
$user => $_right)
+                                       {
+                                               $public_user_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_user_list);
+                                       $filtermethod .= " $where 
((phpgw_helpdesk_tickets.user_id IN(" . implode(',', $public_user_list) . ")";
+                                       $where = 'AND';
                                }
-                               reset($public_user_list);
-                               $filtermethod .= " $where ( 
phpgw_helpdesk_tickets.user_id IN(" . implode(',',$public_user_list) . "))";
-                               $where= 'AND';
+
+                               $public_group_list = array();
+                               if (is_array($this->grants['groups']) && 
$this->grants['groups'])
+                               {
+                                       foreach($this->grants['groups'] as 
$user => $_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
 
                        if($tenant_id = 
$GLOBALS['phpgw']->session->appsession('tenant_id','helpdesk'))

Modified: trunk/hrm/inc/class.bocommon.inc.php
===================================================================
--- trunk/hrm/inc/class.bocommon.inc.php        2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/hrm/inc/class.bocommon.inc.php        2016-05-19 07:10:02 UTC (rev 
15175)
@@ -71,6 +71,32 @@
                        return ($rights & $required);
                }
 
+               /**
+                *
+                * @param integer $owner_id
+                * @param array $grants
+                * @param integer $required
+                * @return bool
+                */
+               function check_perms2( $owner_id, $grants,  $required )
+               {
+                       if(isset($grants['accounts'][$owner_id]) && 
($grants['accounts'][$owner_id] & $required))
+                       {
+                               return true;
+                       }
+
+                       $equalto = 
$GLOBALS['phpgw']->accounts->membership($owner_id);
+                       foreach($grants['groups'] as $group => $_right)
+                       {
+                               if(isset($equalto[$group]) && ($_right & 
$required))
+                               {
+                                       return true;
+                               }
+                       }
+
+                       return false;
+               }
+
                function create_preferences($app='',$user_id='')
                {
                        return 
$this->socommon->create_preferences($app,$user_id);

Modified: trunk/hrm/inc/class.souser.inc.php
===================================================================
--- trunk/hrm/inc/class.souser.inc.php  2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/hrm/inc/class.souser.inc.php  2016-05-19 07:10:02 UTC (rev 15175)
@@ -30,7 +30,7 @@
                        $this->join             = & $this->db->join;
                        $this->left_join        = & $this->db->left_join;
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants           = 
$GLOBALS['phpgw']->acl->get_grants('hrm','.user');
+                       $this->grants           = 
$GLOBALS['phpgw']->acl->get_grants2('hrm','.user');
                }
 
                function read($data)
@@ -54,7 +54,6 @@
                        {
                                $account_info[] = array
                                (
-                                       'grants'                        => 
isset($this->grants[$entry->id]) ? $this->grants[$entry->id] : 0,
                                        'account_firstname'     => 
$entry->firstname,
                                        'account_lastname'      => 
$entry->lastname,
                                        'account_id'            => $entry->id

Modified: trunk/hrm/inc/class.uiuser.inc.php
===================================================================
--- trunk/hrm/inc/class.uiuser.inc.php  2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/hrm/inc/class.uiuser.inc.php  2016-05-19 07:10:02 UTC (rev 15175)
@@ -76,7 +76,7 @@
                        $content = array();
                        foreach ( $account_info as $entry )
                        {
-                               if($entry['grants'])
+                               
if($this->bocommon->check_perms2($entry['account_id'], $this->grants, 
PHPGW_ACL_READ))
                                {
                                        $link_training                          
= $GLOBALS['phpgw']->link('/index.php', array('menuaction'=> 
'hrm.uiuser.training', 'user_id'=> $entry['account_id']));
                                        $text_training                          
= lang('training');
@@ -182,9 +182,9 @@
                {
                        $user_id        = phpgw::get_var('user_id', 'int');
 
-                       if (!$this->grants[$user_id])
+                       if (!$this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_READ))
                        {
-                               $this->bocommon->no_access($links);
+                               phpgw::no_access();
                                return;
                        }
 
@@ -216,13 +216,13 @@
                                        $entry['end_date']      = 
$GLOBALS['phpgw']->common->show_date($entry['end_date'],$dateformat);
                                }
 
-                               
if($this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_EDIT))
+                               if($this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_EDIT))
                                {
                                        $link_edit      = 
$GLOBALS['phpgw']->link('/index.php', array('menuaction'=> 'hrm.uiuser.edit', 
'user_id'=> $user_id, 'training_id'=> $entry['training_id']));
                                        $text_edit      = lang('edit');
                                        $lang_edit_text = lang('edit training 
item');
                                }
-                               
if($this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_DELETE))
+                               
if($this->bocommon->check_perms2($user_id,$this->grants, PHPGW_ACL_DELETE))
                                {
                                        $link_delete            = 
$GLOBALS['phpgw']->link('/index.php', array('menuaction'=> 'hrm.uiuser.delete', 
'user_id'=> $user_id, 'training_id'=> $entry['training_id']));
                                        $text_delete            = 
lang('delete');
@@ -320,7 +320,7 @@
                                'user_id'       => $user_id
                        );
 
-                       
if($this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_ADD))
+                       if($this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_ADD))
                        {
                                $add_action     = 
$GLOBALS['phpgw']->link('/index.php', array('menuaction'=> 'hrm.uiuser.edit', 
'user_id'=> $user_id));
                                $lang_add       = lang('add');
@@ -388,17 +388,17 @@
 
                        if(!$training_id)
                        {
-                               
if(!$this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_ADD))
+                               if(!$this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_ADD))
                                {
-                                       $this->bocommon->no_access($links);
+                                       phpgw::no_access();
                                        return;
                                }
                        }
                        else
                        {
-                               
if(!$this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_EDIT))
+                               if(!$this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_EDIT))
                                {
-                                       $this->bocommon->no_access($links);
+                                       phpgw::no_access();
                                        return;
                                }
                        }
@@ -605,9 +605,9 @@
                        $training_id            = phpgw::get_var('training_id', 
'int');
                        $user_id        = phpgw::get_var('user_id', 'int');
 
-                       
if(!$this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_READ))
+                       if(!$this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_READ))
                        {
-                               $this->bocommon->no_access($links);
+                               phpgw::no_access();
                                return;
                        }
                        $GLOBALS['phpgw']->xslttpl->add_file(array('user'));
@@ -691,9 +691,9 @@
                        $training_id            = phpgw::get_var('training_id', 
'int');
                        $user_id        = phpgw::get_var('user_id', 'int');
 
-                       
if(!$this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_DELETE))
+                       if(!$this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_DELETE))
                        {
-                               $this->bocommon->no_access($links);
+                               phpgw::no_access();
                                return;
                        }
                        $confirm = phpgw::get_var('confirm', 'bool', 'POST');
@@ -734,9 +734,9 @@
                {
                        $user_id        = phpgw::get_var('user_id', 'int');
 
-                       
if(!$this->bocommon->check_perms($this->grants[$user_id], PHPGW_ACL_READ))
+                       if(!$this->bocommon->check_perms2($user_id, 
$this->grants, PHPGW_ACL_READ))
                        {
-                               $this->bocommon->no_access($links);
+                               phpgw::no_access();
                                return;
                        }
 

Modified: trunk/notes/inc/class.sonotes.inc.php
===================================================================
--- trunk/notes/inc/class.sonotes.inc.php       2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/notes/inc/class.sonotes.inc.php       2016-05-19 07:10:02 UTC (rev 
15175)
@@ -41,7 +41,7 @@
                        $this->db               = &$GLOBALS['phpgw']->db;
                        $this->account  = 
$GLOBALS['phpgw_info']['user']['account_id'];
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants   = 
$GLOBALS['phpgw']->acl->get_grants('notes');
+                       $this->grants   = 
$GLOBALS['phpgw']->acl->get_grants2('notes');
                }
 
                function read($data)
@@ -72,20 +72,33 @@
                        if ($filter == 'none')
                        {
                                $filtermethod = ' ( note_owner = ' . 
$this->account;
-                               if (is_array($this->grants))
+                               $public_user_list = array();
+                               $grants = & $this->grants;
+                               if (is_array($grants['accounts']) && 
$grants['accounts'])
                                {
-                                       $grants = $this->grants;
-                                       while (list($user) = each($grants))
+                                       foreach($grants['accounts'] as $user => 
$_right)
                                        {
                                                $public_user_list[] = $user;
                                        }
                                        reset($public_user_list);
-                                       $filtermethod .= " OR 
(note_access='public' AND note_owner IN(" . implode(',',$public_user_list) . 
")))";
+                                       $filtermethod .= " OR 
(note_access='public' AND {$table}.note_owner IN(" . implode(',', 
$public_user_list) . "))";
                                }
-                               else
+                               $public_group_list = array();
+                               if (is_array($grants['groups']) && 
$grants['groups'])
                                {
-                                       $filtermethod .= ' )';
+                                       foreach($grants['groups'] as $user => 
$_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $filtermethod .= " OR 
note_access='public' AND phpgw_group_map.group_id IN(" . implode(',', 
$public_group_list) . "))";
+                                       $where = 'AND';
                                }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
                        elseif ($filter == 'yours')
                        {
@@ -117,11 +130,20 @@
                                $filtermethod .= " AND note_lastmod > $lastmod 
";
                        }
 
-                       $sql = "SELECT * FROM phpgw_notes WHERE $filtermethod 
$querymethod";
+                               $this->db->query("SELECT count(*) as cnt FROM 
phpgw_notes"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.note_owner = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " {$app_filter} {$filtermethod} 
{$querymethod}", __LINE__, __FILE__);
 
-                       $this->db->query($sql,__LINE__,__FILE__);
-                       $this->total_records = $this->db->num_rows();
+                               $this->db->next_record();
+                               $this->total_records = $this->db->f('cnt');
 
+
+                       $sql = "SELECT DISTINCT phpgw_notes.* FROM phpgw_notes"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.note_owner = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " WHERE $filtermethod $querymethod";
+
                        if($start)
                        {
                                $this->db->limit_query($sql . 
$ordermethod,$start,__LINE__,__FILE__);
@@ -130,7 +152,6 @@
                        $notes = array();
                        while ($this->db->next_record())
                        {
-                               $ngrants = 
$this->grants[$this->db->f('note_owner')];
                                $id = $this->db->f('note_id');
                                $notes[$id] = array
                                (
@@ -141,7 +162,6 @@
                                        'date'          => 
$GLOBALS['phpgw']->common->show_date($this->db->f('note_date')),
                                        'cat_id'        => 
$this->db->f('note_category'),
                                        'content'       => 
$this->db->f('note_content', true),
-                                       'grants'        => $ngrants
                                );
                        }
                        return $notes;

Modified: trunk/notes/inc/class.uinotes.inc.php
===================================================================
--- trunk/notes/inc/class.uinotes.inc.php       2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/notes/inc/class.uinotes.inc.php       2016-05-19 07:10:02 UTC (rev 
15175)
@@ -67,8 +67,8 @@
                        $this->account          = 
$GLOBALS['phpgw_info']['user']['account_id'];
 
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants           = 
$GLOBALS['phpgw']->acl->get_grants('notes');
-                       $this->grants[$this->account] = PHPGW_ACL_READ + 
PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE;
+//                     $this->grants           = 
$GLOBALS['phpgw']->acl->get_grants2('notes');
+//                     $this->grants['accounts'][$this->account] = 
PHPGW_ACL_READ + PHPGW_ACL_ADD + PHPGW_ACL_EDIT + PHPGW_ACL_DELETE;
                        $this->bonotes          = 
CreateObject('notes.bonotes',true);
 
                        $this->start            = $this->bonotes->start;

Modified: trunk/phpgwapi/inc/class.acl.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.acl.inc.php        2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/phpgwapi/inc/class.acl.inc.php        2016-05-19 07:10:02 UTC (rev 
15175)
@@ -1347,6 +1347,56 @@
                        return $grant_rights;
                }
                /**
+               * Get a list of users that have grants rights to their records 
at a location within an app
+               *
+               * @param string $app      Application name
+               *                               if emptry string, value of 
$GLOBALS['phpgw_info']['flags']['currentapp'] is used
+               * @param string $location location within application
+               *
+               * @return array Array with account ids and corresponding rights
+               */
+               public function get_grants2($app = '', $location = '')
+               {
+                       $grant_rights = phpgwapi_cache::session_get('phpgwapi', 
"get_grants2_{$app}_{$location}");
+                       if ( !is_null($grant_rights) )
+                       {
+                               return $grant_rights; // nothing more to do
+                       }
+
+                       $grant_rights   = $this->get_grants_type2($app, 
$location, 0);
+                       $grant_mask             = $this->get_grants_type2($app, 
$location, 1);
+                       if ( is_array($grant_mask['accounts']) )
+                       {
+                               foreach ( $grant_mask['accounts'] as $user_id 
=> $mask )
+                               {
+                                       if ( 
$grant_rights['accounts'][$user_id] )
+                                       {
+                                               
$grant_rights['accounts'][$user_id] &= (~ $mask);
+                                               if ( 
$grant_rights['accounts'][$user_id] <= 0 )
+                                               {
+                                                       
unset($grant_rights['accounts'][$user_id]);
+                                               }
+                                       }
+                               }
+                       }
+                       if ( is_array($grant_mask['groups']) )
+                       {
+                               foreach ( $grant_mask['groups'] as $user_id => 
$mask )
+                               {
+                                       if ( $grant_rights['groups'][$user_id] )
+                                       {
+                                               
$grant_rights['groups'][$user_id] &= (~ $mask);
+                                               if ( 
$grant_rights['groups'][$user_id] <= 0 )
+                                               {
+                                                       
unset($grant_rights['groups'][$user_id]);
+                                               }
+                                       }
+                               }
+                       }
+                       phpgwapi_cache::session_set('phpgwapi', 
"get_grants2_{$app}_{$location}", $grant_rights);
+                       return $grant_rights;
+               }
+               /**
                * Get application specific account based granted rights list
                *
                * @param string  $app      Application name
@@ -1358,6 +1408,143 @@
                *
                * @internal FIXME this should be simplified - if it is actually 
used
                */
+               public function get_grants_type2($app = '', $location = '', 
$mask = 0)
+               {
+                       $accounts = array();
+                       $groups = array();
+                       $grants =array(
+                               'accounts' => $accounts,
+                               'groups' => $groups
+                       );
+                       if(!$this->_account_id)
+                       {
+                               return array(
+                                               'accounts' => $accounts,
+                                               'groups' => $groups
+                                       );
+                       }
+
+                       if ( !$app )
+                       {
+                               $app = 
$GLOBALS['phpgw_info']['flags']['currentapp'];
+                       }
+
+                       $at_location = '';
+                       if ( $location )
+                       {
+                               $location = 
$this->_db->db_addslashes($location);
+                               $at_location = " AND phpgw_locations.name = 
'$location'";
+                       }
+
+                       $accts =& $GLOBALS['phpgw']->accounts;
+                       $acct_ids = 
array_keys($accts->membership($this->_account_id));
+                       $acct_ids[] = $this->_account_id;
+
+                       $rights = 0;
+
+                       $ids = implode(',', $acct_ids);
+                       $sql = 'SELECT acl_account, acl_grantor, acl_rights'
+                               . ' FROM phpgw_acl'
+                               . " {$this->_join} phpgw_locations ON 
phpgw_acl.location_id = phpgw_locations.location_id"
+                               . " {$this->_join} phpgw_applications ON 
phpgw_applications.app_id = phpgw_locations.app_id"
+                               . " WHERE phpgw_applications.app_name = '$app' 
$at_location"
+                                       . " AND acl_grantor > 0 AND acl_type = 
$mask"
+                                       . " AND acl_account IN ($ids)";
+
+                       $this->_db->query($sql, __LINE__, __FILE__);
+                       if ( $this->_db->num_rows() == 0 && $mask == 0  && 
isset($GLOBALS['phpgw_info']['user']['account_id']))
+                       {
+                               //return 
array($GLOBALS['phpgw_info']['user']['account_id'] => 31);
+                               return array(
+                                       'accounts' => 
array($GLOBALS['phpgw_info']['user']['account_id'] => 31),
+                                       'groups' => $groups
+                               );
+                       }
+
+                       $records = array();
+                       while ($this->_db->next_record())
+                       {
+                               $records[] = array
+                               (
+                                       'account'       => 
$this->_db->f('acl_account'),
+                                       'grantor'       => 
$this->_db->f('acl_grantor'),
+                                       'rights'        => 
$this->_db->f('acl_rights')
+                               );
+                       }
+
+                       foreach ($records as $record )
+                       {
+                               $grantor = $record['grantor'];
+                               $rights = $record['rights'];
+
+                               if( $grantor > 0 )
+                               {
+                                       if (!isset($accounts[$grantor]))
+                                       {
+                                               $is_group[$grantor] = 
$accts->get_type($grantor) == phpgwapi_account::TYPE_GROUP;
+                                               if ( !$is_group[$grantor] )
+                                               {
+                                                       $accounts[$grantor] = 
array($grantor);
+                                               }
+                                               else
+                                               {
+                                                       $groups[$grantor] = 
array($grantor);//$GLOBALS['phpgw']->accounts->get_members($grantor);
+                                               }
+                                       }
+
+                                       if ( $is_group[$grantor] )
+                                       {
+                                               // Don't allow to override 
private!
+                                               $rights &= (~ 
PHPGW_ACL_PRIVATE);
+                                               if ( 
!isset($grants['groups'][$grantor]) )
+                                               {
+                                                       
$grants['groups'][$grantor] = 0;
+                                               }
+
+                                               $grants['groups'][$grantor] |= 
$rights;
+                                               if ( !!($rights & self::READ) )
+                                               {
+                                                       
$grants['groups'][$grantor] |= self::READ;
+                                               }
+                                       }
+
+                                       foreach ( $accounts[$grantor] as 
$grantors )
+                                       {
+                                               if ( 
!isset($grants['accounts'][$grantors]) )
+                                               {
+                                                       
$grants['accounts'][$grantors] = 0;
+                                               }
+                                               $grants['accounts'][$grantors] 
|= $rights;
+                                       }
+                               }
+                       }
+
+                       if ( $mask == 0 && 
isset($GLOBALS['phpgw_info']['user']['account_id']))
+                       {
+                               
$grants['accounts'][$GLOBALS['phpgw_info']['user']['account_id']] = 31;
+                       }
+                       else
+                       {
+                               if ( 
isset($GLOBALS['phpgw_info']['user']['account_id']) && 
isset($grants['accounts'][$GLOBALS['phpgw_info']['user']['account_id']]) )
+                               {
+                                       unset 
($grants['accounts'][$GLOBALS['phpgw_info']['user']['account_id']]);
+                               }
+                       }
+
+                       return $grants;
+               }
+               /**
+               * Get application specific account based granted rights list
+               *
+               * @param string  $app      Application name
+               *                               if emptry string, value of 
$GLOBALS['phpgw_info']['flags']['currentapp'] is used
+               * @param string  $location location within application
+               * @param integer $mask     mask or right (1 means mask , 0 
means right) to check against
+               *
+               * @return array Associative array with granted access rights 
for accounts
+               *
+               * @internal FIXME this should be simplified - if it is actually 
used
+               */
                public function get_grants_type($app = '', $location = '', 
$mask = 0)
                {
                        $grants = array();

Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php      2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php      2016-05-19 07:10:02 UTC (rev 
15175)
@@ -604,12 +604,19 @@
                         */
                        public static function no_access($appname = '', 
$message = '')
                        {
-                               $GLOBALS['phpgw_info']['flags']['xslt_app'] = 
false;
                                $message = $message ? $message : lang('no 
access');
-                               $appname = $appname ? $appname : 
$GLOBALS['phpgw_info']['flags']['currentapp'];
-                               phpgwapi_cache::message_set($message, 'error');
-                               $GLOBALS['phpgw_info']['flags']['app_header'] = 
lang($appname) . '::' . lang('No access');
-                               $GLOBALS['phpgw']->common->phpgw_header(true);
+                               if (phpgw::get_var('phpgw_return_as') == 'json')
+                               {
+                                       echo $message;
+                               }
+                               else
+                               {
+                                       phpgwapi_cache::message_set($message, 
'error');
+                                       $appname = $appname ? $appname : 
$GLOBALS['phpgw_info']['flags']['currentapp'];
+                                       
$GLOBALS['phpgw_info']['flags']['app_header'] = lang($appname) . '::' . 
lang('No access');
+                                       
$GLOBALS['phpgw_info']['flags']['xslt_app'] = false;
+                                       
$GLOBALS['phpgw']->common->phpgw_header(true);
+                               }
                                $GLOBALS['phpgw']->common->phpgw_exit();
                        }
                }

Modified: trunk/property/inc/class.boadmin_entity.inc.php
===================================================================
--- trunk/property/inc/class.boadmin_entity.inc.php     2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.boadmin_entity.inc.php     2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -84,7 +84,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true,
                        'get_category_list' => true,
                        'get_attrib_list' => true
                );

Modified: trunk/property/inc/class.boadmin_location.inc.php
===================================================================
--- trunk/property/inc/class.boadmin_location.inc.php   2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.boadmin_location.inc.php   2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -50,7 +50,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.boagreement.inc.php
===================================================================
--- trunk/property/inc/class.boagreement.inc.php        2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.boagreement.inc.php        2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -53,7 +53,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )
@@ -128,10 +127,6 @@
                        $this->status_id = $data['status_id'];
                }
 
-               function check_perms( $has, $needed )
-               {
-                       return (!!($has & $needed) == true);
-               }
 
                function select_vendor_list( $format = '', $selected = '' )
                {

Modified: trunk/property/inc/class.boasync.inc.php
===================================================================
--- trunk/property/inc/class.boasync.inc.php    2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.boasync.inc.php    2016-05-19 07:10:02 UTC (rev 
15175)
@@ -47,7 +47,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.bobudget.inc.php
===================================================================
--- trunk/property/inc/class.bobudget.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bobudget.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -58,7 +58,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )
@@ -145,11 +144,6 @@
                        $this->direction = isset($data['direction']) ? 
$data['direction'] : '';
                }
 
-               function check_perms( $has, $needed )
-               {
-                       return (!!($has & $needed) == true);
-               }
-
                function read( $data = array() )
                {
                        /* $budget = $this->so->read(array('start' => 
$this->start,'query' => $this->query,'sort' => $this->sort,'order' => 
$this->order,

Modified: trunk/property/inc/class.bocommon.inc.php
===================================================================
--- trunk/property/inc/class.bocommon.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bocommon.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -76,6 +76,32 @@
                        return ($rights & $required);
                }
 
+               /**
+                *
+                * @param integer $owner_id
+                * @param array $grants
+                * @param integer $required
+                * @return bool
+                */
+               function check_perms2( $owner_id, $grants,  $required )
+               {
+                       if(isset($grants['accounts'][$owner_id]) && 
($grants['accounts'][$owner_id] & $required))
+                       {
+                               return true;
+                       }
+
+                       $equalto = 
$GLOBALS['phpgw']->accounts->membership($owner_id);
+                       foreach($grants['groups'] as $group => $_right)
+                       {
+                               if(isset($equalto[$group]) && ($_right & 
$required))
+                               {
+                                       return true;
+                               }
+                       }
+
+                       return false;
+               }
+
                function create_preferences( $app = '', $user_id = '' )
                {
                        return $this->socommon->create_preferences($app, 
$user_id);

Modified: trunk/property/inc/class.bocustom.inc.php
===================================================================
--- trunk/property/inc/class.bocustom.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bocustom.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -46,7 +46,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )
@@ -126,11 +125,6 @@
                        $this->cat_id = $data['cat_id'];
                }
 
-               function check_perms( $has, $needed )
-               {
-                       return (!!($has & $needed) == true);
-               }
-
                function read( $data = array() )
                {
                        /* $custom = $this->so->read(array('start' => 
$this->start,'query' => $this->query,'sort' => $this->sort,'order' => 
$this->order,

Modified: trunk/property/inc/class.bodocument.inc.php
===================================================================
--- trunk/property/inc/class.bodocument.inc.php 2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bodocument.inc.php 2016-05-19 07:10:02 UTC (rev 
15175)
@@ -52,7 +52,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.boentity.inc.php
===================================================================
--- trunk/property/inc/class.boentity.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.boentity.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -64,7 +64,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true,
                        'add_control' => true,
                        'update_control_serie' => true
                );

Modified: trunk/property/inc/class.bogab.inc.php
===================================================================
--- trunk/property/inc/class.bogab.inc.php      2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bogab.inc.php      2016-05-19 07:10:02 UTC (rev 
15175)
@@ -47,7 +47,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.boifc.inc.php
===================================================================
--- trunk/property/inc/class.boifc.inc.php      2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.boifc.inc.php      2016-05-19 07:10:02 UTC (rev 
15175)
@@ -53,7 +53,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )
@@ -152,11 +151,6 @@
                        $this->cat_id = (isset($data['cat_id']) ? 
$data['cat_id'] : '');
                }
 
-               function check_perms( $rights, $required )
-               {
-                       return ($rights & $required);
-               }
-
                function import( $values = '', $ifcfile = '' )
                {
                        _debug_array($ifcfile);

Modified: trunk/property/inc/class.boinvestment.inc.php
===================================================================
--- trunk/property/inc/class.boinvestment.inc.php       2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.boinvestment.inc.php       2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -49,7 +49,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.bolocation.inc.php
===================================================================
--- trunk/property/inc/class.bolocation.inc.php 2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bolocation.inc.php 2016-05-19 07:10:02 UTC (rev 
15175)
@@ -56,7 +56,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true,
                        'get_locations_by_name' => true
                );
 

Modified: trunk/property/inc/class.bopricebook.inc.php
===================================================================
--- trunk/property/inc/class.bopricebook.inc.php        2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.bopricebook.inc.php        2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -47,7 +47,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.boproject.inc.php
===================================================================
--- trunk/property/inc/class.boproject.inc.php  2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.boproject.inc.php  2016-05-19 07:10:02 UTC (rev 
15175)
@@ -51,7 +51,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.borequest.inc.php
===================================================================
--- trunk/property/inc/class.borequest.inc.php  2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.borequest.inc.php  2016-05-19 07:10:02 UTC (rev 
15175)
@@ -53,7 +53,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.bos_agreement.inc.php
===================================================================
--- trunk/property/inc/class.bos_agreement.inc.php      2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.bos_agreement.inc.php      2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -55,7 +55,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )
@@ -128,11 +127,6 @@
                        $this->status_id = $data['status_id'];
                }
 
-               function check_perms( $has, $needed )
-               {
-                       return (!!($has & $needed) == true);
-               }
-
                function select_vendor_list( $format = '', $selected = '' )
                {
                        switch ($format)

Modified: trunk/property/inc/class.botemplate.inc.php
===================================================================
--- trunk/property/inc/class.botemplate.inc.php 2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.botemplate.inc.php 2016-05-19 07:10:02 UTC (rev 
15175)
@@ -46,7 +46,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.botenant_claim.inc.php
===================================================================
--- trunk/property/inc/class.botenant_claim.inc.php     2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.botenant_claim.inc.php     2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -132,11 +132,6 @@
                        $this->district_id = isset($data['district_id']) ? 
$data['district_id'] : '';
                }
 
-               function check_perms( $has, $needed )
-               {
-                       return (!!($has & $needed) == true);
-               }
-
                function get_status_list( $data = 0 )
                {
                        if (is_array($data))

Modified: trunk/property/inc/class.bowo_hour.inc.php
===================================================================
--- trunk/property/inc/class.bowo_hour.inc.php  2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.bowo_hour.inc.php  2016-05-19 07:10:02 UTC (rev 
15175)
@@ -46,7 +46,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true
                );
 
                function __construct( $session = false )

Modified: trunk/property/inc/class.boworkorder.inc.php
===================================================================
--- trunk/property/inc/class.boworkorder.inc.php        2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.boworkorder.inc.php        2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -49,7 +49,6 @@
                        'read_single' => true,
                        'save' => true,
                        'delete' => true,
-                       'check_perms' => true,
                        'get_category' => true
                );
 

Modified: trunk/property/inc/class.soagreement.inc.php
===================================================================
--- trunk/property/inc/class.soagreement.inc.php        2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.soagreement.inc.php        2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -212,28 +212,6 @@
 
                        $where = 'WHERE';
 
-                       /*                      if ($filter=='all')
-                         {
-                         if (is_array($grants))
-                         {
-                         while (list($user) = each($grants))
-                         {
-                         $public_user_list[] = $user;
-                         }
-                         reset($public_user_list);
-                         $filtermethod .= " $where ( $entity_table.user_id 
IN(" . implode(',',$public_user_list) . "))";
-
-                         $where= 'AND';
-                         }
-
-                         }
-                         else
-                         {
-                         $filtermethod = " $where 
$entity_table.user_id=$filter ";
-                         $where= 'AND';
-                         }
-                        */
-
                        if ($agreement_id)
                        {
                                $filtermethod .= " $where 
$entity_table.agreement_id=$agreement_id";
@@ -319,7 +297,6 @@
                                for ($i = 0; $i < $n; $i++)
                                {
                                        $agreement_list[$j][$cols_return[$i]] = 
$this->db->f($cols_return[$i]);
-                                       $agreement_list[$j]['grants'] = 
(int)isset($grants[$this->db->f('user_id')]) ? $grants[$this->db->f('user_id')] 
: '';
                                }
 
                                if (isset($cols_return_extra) && 
is_array($cols_return_extra))

Modified: trunk/property/inc/class.socustom.inc.php
===================================================================
--- trunk/property/inc/class.socustom.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.socustom.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -322,7 +322,6 @@
                                for ($i = 0; $i < $n; $i++)
                                {
                                        $custom[$j][$uicols[$i]['name']] = 
$this->db->f($uicols[$i]['name']);
-                                       $custom[$j]['grants'] = 
(int)$grants[$this->db->f('user_id')];
                                }
                                $j++;
                        }

Modified: trunk/property/inc/class.soentity.inc.php
===================================================================
--- trunk/property/inc/class.soentity.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.soentity.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -126,16 +126,10 @@
                        {
                                return;
                        }
+               
+                       $acl = & $GLOBALS['phpgw']->acl;
+                       $grants = 
$acl->get_grants2($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
 
-                       $grants = 
$GLOBALS['phpgw']->session->appsession('grants_entity_' . $entity_id . '_' . 
$cat_id, $this->type_app[$this->type]);
-
-                       if (!$grants)
-                       {
-                               $this->acl = & $GLOBALS['phpgw']->acl;
-                               $grants = 
$this->acl->get_grants($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
-                               
$GLOBALS['phpgw']->session->appsession('grants_entity_' . $entity_id . '_' . 
$cat_id, $this->type_app[$this->type], $grants);
-                       }
-
                        $admin_entity = CreateObject('property.soadmin_entity');
                        $admin_entity->type = $this->type;
 
@@ -179,17 +173,38 @@
 
                        if ($filter == 'all')
                        {
-                               if (is_array($grants))
+                               $public_user_list = array();
+                               if (is_array($grants['accounts']) && 
$grants['accounts'])
                                {
-                                       foreach ($grants as $user => $right)
+                                       foreach ($grants['accounts'] as $user 
=> $right)
                                        {
                                                $public_user_list[] = $user;
                                        }
+                                       unset($user);
+
                                        reset($public_user_list);
-                                       $filtermethod .= " $where ( 
$entity_table.user_id IN(" . implode(',', $public_user_list) . "))";
+                                       $filtermethod .= " $where (( 
$entity_table.user_id IN(" . implode(',', $public_user_list) . ")";
 
                                        $where = 'AND';
                                }
+
+                               $public_group_list = array();
+                               if (is_array($grants['groups']) && 
$grants['groups'])
+                               {
+                                       foreach($grants['groups'] as $user => 
$_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
                        else
                        {
@@ -198,7 +213,10 @@
                        }
                        $values = array();
                        $name = 'title';
-                       $sql = "SELECT id, {$name} as name FROM {$entity_table} 
{$filtermethod}";
+                       $sql = "SELECT id, {$name} as name FROM {$entity_table}"
+                               . " {$this->join} phpgw_accounts ON 
$entity_table.user_id = phpgw_accounts.account_id"
+                               . " {$this->join} phpgw_group_map ON 
phpgw_accounts.account_id = phpgw_group_map.account_id"
+                               . " {$filtermethod}";
 
                        $this->db->query($sql, __LINE__, __FILE__);
                        while ($this->db->next_record())
@@ -465,17 +483,11 @@
                        {
                                $location_id = 
$GLOBALS['phpgw']->locations->get_id($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
                        }
+               
+                       $acl = & $GLOBALS['phpgw']->acl;
+                       $acl->set_account_id($this->account);
+                       $grants = 
$acl->get_grants2($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
 
-                       $grants = 
$GLOBALS['phpgw']->session->appsession("grants_entity_{$entity_id}_{$cat_id}", 
$this->type_app[$this->type]);
-
-                       if (!$grants)
-                       {
-                               $this->acl = & $GLOBALS['phpgw']->acl;
-                               $this->acl->set_account_id($this->account);
-                               $grants = 
$this->acl->get_grants($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
-                               
$GLOBALS['phpgw']->session->appsession("grants_entity_{$entity_id}_{$cat_id}", 
$this->type_app[$this->type], $grants);
-                       }
-
                        $admin_entity = CreateObject('property.soadmin_entity');
                        $admin_entity->type = $this->type;
 
@@ -529,17 +541,38 @@
 
                        if ($filter == 'all')
                        {
-                               if (is_array($grants) && !$bypass_acl_at_entity)
+                               $public_user_list = array();
+                               if (!$bypass_acl_at_entity && 
is_array($grants['accounts']) && $grants['accounts'])
                                {
-                                       foreach ($grants as $user => $right)
+                                       foreach ($grants['accounts'] as $user 
=> $right)
                                        {
                                                $public_user_list[] = $user;
                                        }
+                                       unset($user);
+
                                        reset($public_user_list);
-                                       $filtermethod .= " $where ( 
$entity_table.user_id IN(" . implode(',', $public_user_list) . "))";
+                                       $filtermethod .= " $where (( 
$entity_table.user_id IN(" . implode(',', $public_user_list) . ")";
 
                                        $where = 'AND';
                                }
+
+                               $public_group_list = array();
+                               if (!$bypass_acl_at_entity && 
is_array($grants['groups']) && $grants['groups'])
+                               {
+                                       foreach($grants['groups'] as $user => 
$_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
                        else
                        {
@@ -743,7 +776,9 @@
                                }
                        }
 
-                       $sql = "SELECT fm_bim_item.* __XML-ORDER__ FROM 
fm_bim_item {$this->join} fm_bim_type ON (fm_bim_item.type = fm_bim_type.id)";
+                       $sql = "SELECT fm_bim_item.* __XML-ORDER__ FROM 
fm_bim_item {$this->join} fm_bim_type ON (fm_bim_item.type = fm_bim_type.id)"
+                               . " {$this->join} phpgw_accounts ON 
$entity_table.user_id = phpgw_accounts.account_id"
+                               . " {$this->join} phpgw_group_map ON 
phpgw_accounts.account_id = phpgw_group_map.account_id ";
                        $join_control = "controller_control_component_list ON 
(fm_bim_item.id = controller_control_component_list.component_id  AND 
controller_control_component_list.location_id = fm_bim_type.location_id)";
 
                        if ($control_registered)
@@ -1436,17 +1471,11 @@
                        {
                                return;
                        }
+               
+                       $acl = & $GLOBALS['phpgw']->acl;
+                       $acl->set_account_id($this->account);
+                       $grants = 
$acl->get_grants2($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
 
-                       $grants = 
$GLOBALS['phpgw']->session->appsession("grants_entity_{$entity_id}_{$cat_id}", 
$this->type_app[$this->type]);
-
-                       if (!$grants)
-                       {
-                               $this->acl = & $GLOBALS['phpgw']->acl;
-                               $this->acl->set_account_id($this->account);
-                               $grants = 
$this->acl->get_grants($this->type_app[$this->type], 
".{$this->type}.{$entity_id}.{$cat_id}");
-                               
$GLOBALS['phpgw']->session->appsession("grants_entity_{$entity_id}_{$cat_id}", 
$this->type_app[$this->type], $grants);
-                       }
-
                        //_debug_array($cols_return_extra);
 
                        if ($order)
@@ -1502,17 +1531,38 @@
 
                        if ($filter == 'all')
                        {
-                               if (is_array($grants) && !$bypass_acl_at_entity)
+                               $public_user_list = array();
+                               if (!$bypass_acl_at_entity && 
is_array($grants['accounts']) && $grants['accounts'])
                                {
-                                       foreach ($grants as $user => $right)
+                                       foreach ($grants['accounts'] as $user 
=> $right)
                                        {
                                                $public_user_list[] = $user;
                                        }
+                                       unset($user);
+
                                        reset($public_user_list);
-                                       $filtermethod .= " $where ( 
$entity_table.user_id IN(" . implode(',', $public_user_list) . "))";
+                                       $filtermethod .= " $where (( 
$entity_table.user_id IN(" . implode(',', $public_user_list) . ")";
 
                                        $where = 'AND';
                                }
+
+                               $public_group_list = array();
+                               if (!$bypass_acl_at_entity && 
is_array($grants['groups']) && $grants['groups'])
+                               {
+                                       foreach($grants['groups'] as $user => 
$_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
                        else
                        {
@@ -1707,9 +1757,11 @@
                        }
 
                        $_joinmethod_datatype = 
array_merge($_joinmethod_datatype, $_joinmethod_datatype_custom);
+                       $_joinmethod_datatype[] = " {$this->join} 
phpgw_accounts ON $entity_table.user_id = phpgw_accounts.account_id"
+                               . " {$this->join} phpgw_group_map ON 
phpgw_accounts.account_id = phpgw_group_map.account_id ";
                        foreach ($_joinmethod_datatype as $_joinmethod)
                        {
-                               $sql .= $_joinmethod;
+                               $sql .= " {$_joinmethod}";
                        }
 
                        $querymethod = '';

Modified: trunk/property/inc/class.sojasper.inc.php
===================================================================
--- trunk/property/inc/class.sojasper.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.sojasper.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -41,7 +41,7 @@
                        $this->join = & $this->db->join;
                        $this->like = & $this->db->like;
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants('property', '.jasper');
+                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants2('property', '.jasper');
                }
 
                public function read( $data )
@@ -76,19 +76,33 @@
 
 
                        $filtermethod = "WHERE ( {$table}.user_id = 
{$this->account}";
-                       if (is_array($grants))
+                       $public_user_list = array();
+                       if (is_array($grants['accounts']) && 
$grants['accounts'])
                        {
-                               foreach ($grants as $user => $right)
+                               foreach($grants['accounts'] as $user => $_right)
                                {
                                        $public_user_list[] = $user;
                                }
                                reset($public_user_list);
-                               $filtermethod .= " OR (access='public' AND 
{$table}.user_id IN(" . implode(',', $public_user_list) . ")))";
+                               $filtermethod .= " OR (access='public' AND 
{$table}.user_id IN(" . implode(',', $public_user_list) . "))";
                        }
-                       else
+
+                       $public_group_list = array();
+                       if (is_array($grants['groups']) && $grants['groups'])
                        {
-                               $filtermethod .= ' )';
+                               foreach($grants['groups'] as $user => $_right)
+                               {
+                                       $public_group_list[] = $user;
+                               }
+                               unset($user);
+                               reset($public_group_list);
+                               $filtermethod .= " OR access='public' AND 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                               $where = 'AND';
                        }
+                       if($public_user_list && !$public_group_list)
+                       {
+                               $filtermethod .=')';
+                       }
 
                        if ($location_id)
                        {
@@ -101,11 +115,17 @@
                                $querymethod = "AND (title {$this->like} 
'%{$query}%' OR descr {$this->like} '%{$query}%')";
                        }
 
-                       $sql = "SELECT * FROM {$table} {$app_filter} 
{$filtermethod} {$querymethod}";
+                       $sql = "SELECT DISTINCT {$table}.* FROM {$table}"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.user_id = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " {$app_filter} {$filtermethod} 
{$querymethod}";
 
                        if (!$allrows)
                        {
-                               $this->db->query("SELECT count(*) as cnt FROM 
{$table} {$app_filter} {$filtermethod} {$querymethod}", __LINE__, __FILE__);
+                               $this->db->query("SELECT count(*) as cnt FROM 
{$table}"
+                               . " {$this->join} phpgw_accounts ON ( 
{$table}.user_id = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " {$app_filter} {$filtermethod} 
{$querymethod}", __LINE__, __FILE__);
                                $this->db->next_record();
                                $this->total_records = $this->db->f('cnt');
                                $this->db->limit_query($sql . $ordermethod, 
$start, __LINE__, __FILE__, $results);
@@ -244,12 +264,6 @@
                        $this->db->next_record();
                        $user_id = $this->db->f('user_id');
 
-                       if (!($this->grants[$user_id] & PHPGW_ACL_EDIT))
-                       {
-                               $receipt['error'][] = array('msg' => 
lang('JasperReport %1 has not been edited', $jasper['id']));
-                               return $receipt;
-                       }
-
                        $value_set = array
                                (
                                'location_id' => 
$GLOBALS['phpgw']->locations->get_id($jasper['app'], $jasper['location']),

Modified: trunk/property/inc/class.soproject.inc.php
===================================================================
--- trunk/property/inc/class.soproject.inc.php  2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.soproject.inc.php  2016-05-19 07:10:02 UTC (rev 
15175)
@@ -54,7 +54,7 @@
 
                        $this->acl = & $GLOBALS['phpgw']->acl;
                        $this->acl->set_account_id($this->account);
-                       $this->grants = $this->acl->get_grants('property', 
'.project');
+                       $this->grants = $this->acl->get_grants2('property', 
'.project');
                        $this->config = CreateObject('phpgwapi.config', 
'property');
                        $this->config->read();
                }
@@ -308,6 +308,8 @@
 
                                $joinmethod = " {$this->join} phpgw_accounts ON 
($entity_table.coordinator = phpgw_accounts.account_id))";
                                $paranthesis = '(';
+                               $joinmethod .= " {$this->join} phpgw_group_map 
ON (phpgw_accounts.account_id = phpgw_group_map.account_id))";
+                               $paranthesis .='(';
 
                                $joinmethod .= " {$this->join} 
fm_project_status ON ($entity_table.status = fm_project_status.id))";
                                $paranthesis .='(';
@@ -526,24 +528,36 @@
                                $where = 'AND';
                        }
 
-                       /*
-                         $group_method = ' GROUP BY 
fm_project_status.descr,loc1_name,fm_project.location_code,fm_project.id,fm_project.entry_date,fm_project.start_date,fm_project.end_date,'
-                         . 
'fm_project.name,fm_project.ecodimb,phpgw_accounts.account_lid,fm_project.user_id,fm_project.address,'
-                         . 
'fm_project.budget,fm_project.reserve,planned_cost,external_project_id';
-                        */
-
-                       if (is_array($this->grants))
+                       $public_user_list = array();
+                       if (is_array($this->grants['accounts']) && 
$this->grants['accounts'])
                        {
-                               $grants = $this->grants;
-                               while (list($user) = each($grants))
+                               foreach($this->grants['accounts'] as $user => 
$_right)
                                {
                                        $public_user_list[] = $user;
                                }
+                               unset($user);
                                reset($public_user_list);
-                               $filtermethod .= " $where (fm_project.user_id 
IN(" . implode(',', $public_user_list) . ")";
+                               $filtermethod .= " $where (( 
fm_project.coordinator IN(" . implode(',', $public_user_list) . ")";
+                               $where = 'AND';
+                       }
 
+                       $public_group_list = array();
+                       if (is_array($this->grants['groups']) && 
$this->grants['groups'])
+                       {
+                               foreach($this->grants['groups'] as $user => 
$_right)
+                               {
+                                       $public_group_list[] = $user;
+                               }
+                               unset($user);
+                               reset($public_group_list);
+                               $where = $public_user_list ? 'OR' : $where;
+                               $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
                                $where = 'AND';
                        }
+                       if($public_user_list && !$public_group_list)
+                       {
+                               $filtermethod .=')';
+                       }
 
                        if ($filter)
                        {
@@ -715,7 +729,6 @@
                                        {
                                                $project[$cols_return[$i]] = 
$this->db->f($cols_return[$i]);
                                        }
-                                       $project['grants'] = 
(int)$this->grants[$this->db->f('user_id')];
 
                                        $location_code = 
$this->db->f('location_code');
                                        $location = explode('-', 
$location_code);
@@ -888,7 +901,6 @@
                                        'start_date' => 
$this->db->f('start_date'),
                                        'end_date' => $this->db->f('end_date'),
                                        'cat_id' => $this->db->f('category'),
-                                       'grants' => 
(int)$this->grants[$this->db->f('user_id')],
                                        'p_num' => $this->db->f('p_num'),
                                        'p_entity_id' => 
$this->db->f('p_entity_id'),
                                        'p_cat_id' => $this->db->f('p_cat_id'),

Modified: trunk/property/inc/class.sos_agreement.inc.php
===================================================================
--- trunk/property/inc/class.sos_agreement.inc.php      2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.sos_agreement.inc.php      2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -532,7 +532,6 @@
                                for ($i = 0; $i < $n; $i++)
                                {
                                        $s_agreement_list[$j][$cols_return[$i]] 
= stripslashes($this->db->f($cols_return[$i]));
-                                       //      $s_agreement_list[$j]['grants'] 
= (int)$grants[$this->db->f('user_id')];
                                }
 
                                if (isset($cols_return_extra) && 
is_array($cols_return_extra))

Modified: trunk/property/inc/class.sotts.inc.php
===================================================================
--- trunk/property/inc/class.sotts.inc.php      2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.sotts.inc.php      2016-05-19 07:10:02 UTC (rev 
15175)
@@ -141,24 +141,21 @@
 
 
                        $result_order_field = array();
+                       $order_join = "{$this->join} phpgw_accounts ON 
fm_tts_tickets.user_id=phpgw_accounts.account_id";
+
                        if ($order)
                        {
                                if ($order == 'assignedto')
                                {
-                                       $result_order_field = 
array('account_lastname' => 'account_lastname');
-                                       $order_join = "LEFT OUTER JOIN 
phpgw_accounts ON fm_tts_tickets.assignedto=phpgw_accounts.account_id";
-                                       $order = 'account_lastname';
+                       //              $result_order_field = 
array('account_lastname' => 'account_lastname');
+                       //              $order_join = "LEFT OUTER JOIN 
phpgw_accounts ON fm_tts_tickets.assignedto=phpgw_accounts.account_id";
+                       //              $order = 'account_lastname';
                                }
                                else if ($order == 'user')
                                {
                                        $result_order_field = 
array('account_lastname' => 'account_lastname');
-                                       $order_join = "LEFT OUTER JOIN 
phpgw_accounts ON fm_tts_tickets.user_id=phpgw_accounts.account_id";
                                        $order = 'account_lastname';
                                }
-                               else
-                               {
-                                       $order_join = '';
-                               }
 
                                $ordermethod = " ORDER BY $order $sort";
                        }
@@ -166,43 +163,44 @@
                        {
                                $ordermethod = ' ORDER BY id DESC';
                        }
-
+                       $order_join .= " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)";
                        $union_select = false;
                        $filtermethod = '';
 
                        $where = 'WHERE';
 
-                       $GLOBALS['phpgw']->config->read();
+                       $config = $GLOBALS['phpgw']->config->read();
 
-                       if 
(!isset($GLOBALS['phpgw']->config->config_data['bypass_acl_at_tickets']) || 
!$GLOBALS['phpgw']->config->config_data['bypass_acl_at_tickets'])
+                       if (!isset($config['bypass_acl_at_tickets']) || 
!$config['bypass_acl_at_tickets'])
                        {
-                               $this->grants = 
$GLOBALS['phpgw']->session->appsession('grants_ticket', 'property');
+                               
$GLOBALS['phpgw']->acl->set_account_id($this->account);
+                               $grants = 
$GLOBALS['phpgw']->acl->get_grants2('property', '.ticket');
 
-                               if (!$this->grants)
-                               {
-                                       
$GLOBALS['phpgw']->acl->set_account_id($this->account);
-                                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants('property', '.ticket');
-                                       
$GLOBALS['phpgw']->session->appsession('grants_ticket', 'property', 
$this->grants);
-                               }
-
                                $public_user_list = array();
-                               if 
(isset($GLOBALS['phpgw']->config->config_data['acl_at_tts_category']) && 
$GLOBALS['phpgw']->config->config_data['acl_at_tts_category'])
+                               if (isset($config['acl_at_tts_category']) && 
$config['acl_at_tts_category'])
                                {
                                        $categories = 
$GLOBALS['phpgw']->locations->get_subs('property', '.ticket.category');
 
                                        $category_grants = array();
                                        foreach ($categories as $location)
                                        {
-                                               $category_grants = 
array_merge($category_grants, $GLOBALS['phpgw']->acl->get_grants('property', 
$location));
+                                               $category_grants = 
$GLOBALS['phpgw']->acl->get_grants2('property', $location);
+                                               foreach 
($category_grants['accounts'] as $user => $right)
+                                               {
+                                                       
$grants['accounts'][$user] = $right;
+                                               }
+                                               unset($user);
+                                               unset($right);
+                                               foreach 
($category_grants['groups'] as $user => $right)
+                                               {
+                                                       
$grants['groups'][$user] = $right;
+                                               }
+                                               unset($user);
+                                               unset($right);
                                        }
-
-                                       foreach ($category_grants as $user => 
$right)
-                                       {
-                                               $public_user_list[] = $user;
-                                       }
                                }
 
-                               if 
(isset($GLOBALS['phpgw']->config->config_data['acl_at_location']) && 
$GLOBALS['phpgw']->config->config_data['acl_at_location'])
+                               if (isset($config['acl_at_location']) && 
$config['acl_at_location'])
                                {
                                        $access_location = 
execMethod('property.socommon.get_location_list', PHPGW_ACL_READ);
                                        if ($access_location)
@@ -212,22 +210,38 @@
                                        }
                                }
 
-                               if (is_array($this->grants))
+                               $public_user_list = array();
+                               if (is_array($grants['accounts']) && 
$grants['accounts'])
                                {
-                                       $grants = & $this->grants;
-                                       foreach ($grants as $user => $right)
+                                       foreach ($grants['accounts'] as $user 
=> $right)
                                        {
                                                $public_user_list[] = $user;
                                        }
+                                       unset($user);
+
+                                       reset($public_user_list);
+                                       $filtermethod .= " $where ( 
fm_tts_tickets.user_id IN(" . implode(',', $public_user_list) . ")";
+
+                                       $where = 'AND';
                                }
 
-                               if ($public_user_list)
+                               $public_group_list = array();
+                               if (is_array($grants['groups']) && 
$grants['groups'])
                                {
-                                       $public_user_list = 
array_unique($public_user_list);
-                                       reset($public_user_list);
-                                       $filtermethod .= " $where ( 
fm_tts_tickets.user_id IN(" . implode(',', $public_user_list) . "))";
+                                       foreach($grants['groups'] as $user => 
$_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $where = $public_user_list ? 'OR' : 
$where;
+                                       $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
                                        $where = 'AND';
                                }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
 
                        if ($tenant_id = 
$GLOBALS['phpgw']->session->appsession('tenant_id', 'property'))
@@ -358,7 +372,7 @@
                                {
                                        $membership = array(-1 => 0);
                                }
-                               $filtermethod .= ' OR (assignedto IS NULL AND 
group_id IN (' . implode(',', array_keys($membership)) . ')))';
+                               $filtermethod .= ' OR (assignedto IS NULL AND 
fm_tts_tickets.group_id IN (' . implode(',', array_keys($membership)) . ')))';
                        }
 
                        if ($user_id < 0)

Modified: trunk/property/inc/class.soworkorder.inc.php
===================================================================
--- trunk/property/inc/class.soworkorder.inc.php        2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.soworkorder.inc.php        2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -48,14 +48,9 @@
                        $this->join = & $this->db->join;
                        $this->left_join = & $this->db->left_join;
                        $this->interlink = CreateObject('property.interlink');
-                       //      $this->grants           = 
$GLOBALS['phpgw']->session->appsession('grants_project','property');
-                       //      if(!$this->grants)
-                       {
-                               $this->acl = & $GLOBALS['phpgw']->acl;
-                               $this->acl->set_account_id($this->account);
-                               $this->grants = 
$this->acl->get_grants('property', '.project');
-                               //              
$GLOBALS['phpgw']->session->appsession('grants_project','property',$this->grants);
-                       }
+                       $this->acl = & $GLOBALS['phpgw']->acl;
+                       $this->acl->set_account_id($this->account);
+                       $this->grants = $this->acl->get_grants2('property', 
'.project');
                }
 
                function next_id()
@@ -373,6 +368,8 @@
                                $uicols['classname'][] = 'rightClasss';
                                $uicols['sortable'][] = '';
 
+                               $joinmethod .= " {$this->join} phpgw_group_map 
ON (phpgw_accounts.account_id = phpgw_group_map.account_id))";
+                               $paranthesis .='(';
                                $joinmethod .= " {$this->left_join} fm_vendor 
ON (fm_workorder.vendor_id = fm_vendor.id))";
                                $paranthesis .='(';
                                $joinmethod .= " {$this->left_join} 
fm_workorder_budget ON (fm_workorder.id = fm_workorder_budget.order_id))";
@@ -632,18 +629,37 @@
                                $where = 'AND';
                        }
 
-                       if (is_array($this->grants))
+                       $public_user_list = array();
+                       if (is_array($this->grants['accounts']) && 
$this->grants['accounts'])
                        {
-                               $grants = $this->grants;
-                               while (list($user) = each($grants))
+                               foreach($this->grants['accounts'] as $user => 
$_right)
                                {
                                        $public_user_list[] = $user;
                                }
+                               unset($user);
                                reset($public_user_list);
-                               $filtermethod .= " $where 
(fm_project.access='public' AND fm_project.user_id IN(" . implode(',', 
$public_user_list) . ")";
+                               $filtermethod .= " $where ((fm_project.user_id 
IN(" . implode(',', $public_user_list) . ")";
                                $where = 'AND';
                        }
 
+                       $public_group_list = array();
+                       if (is_array($this->grants['groups']) && 
$this->grants['groups'])
+                       {
+                               foreach($this->grants['groups'] as $user => 
$_right)
+                               {
+                                       $public_group_list[] = $user;
+                               }
+                               unset($user);
+                               reset($public_group_list);
+                               $where = $public_user_list ? 'OR' : $where;
+                               $filtermethod .= " $where 
phpgw_group_map.group_id IN(" . implode(',', $public_group_list) . "))";
+                               $where = 'AND';
+                       }
+                       if($public_user_list && !$public_group_list)
+                       {
+                               $filtermethod .=')';
+                       }
+
                        if ($filter)
                        {
                                $filtermethod .= " $where 
fm_workorder.user_id={$filter}";
@@ -689,7 +705,7 @@
                        if ($filter_year && $filter_year != 'all')
                        {
                                $filter_year = (int)$filter_year;
-                               $filtermethod .= " $where 
(fm_workorder_budget.year={$filter_year} OR fm_workorder_status.closed IS 
NULL)";
+                               $filtermethod .= " $where 
(fm_workorder_budget.year={$filter_year})";// OR fm_workorder_status.closed IS 
NULL)";
                                $where = 'AND';
                        }
 
@@ -765,7 +781,7 @@
                        {
                                $sql_minimized = "SELECT DISTINCT 
fm_workorder.id {$sql_base}";
                                $sql_count = "SELECT count(id) as cnt FROM 
({$sql_minimized}) as t";
-
+//                             _debug_array($sql_count);
                                $this->db->query($sql_count, __LINE__, 
__FILE__);
                                $this->db->next_record();
                                $this->total_records = $this->db->f('cnt');
@@ -844,7 +860,6 @@
                                $workorder['combined_cost'] = 0;
                                $workorder['budget'] = 0;
 //---------
-                               $workorder['grants'] = 
(int)$this->grants[$this->db->f('project_owner')];
 
                                $location_code = $this->db->f('location_code');
                                $location = explode('-', $location_code);
@@ -957,7 +972,6 @@
                                        'contact_phone' => 
$this->db->f('contact_phone'),
                                        'tenant_id' => 
$this->db->f('tenant_id'),
                                        'cat_id' => $this->db->f('category'),
-                                       'grants' => 
(int)$this->grants[$this->db->f('user_id')],
                                        'billable_hours' => 
$this->db->f('billable_hours'),
                                        'approved' => $this->db->f('approved'),
                                        'mail_recipients' => explode(',', 
trim($this->db->f('mail_recipients'), ',')),

Modified: trunk/property/inc/class.uijasper.inc.php
===================================================================
--- trunk/property/inc/class.uijasper.inc.php   2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.uijasper.inc.php   2016-05-19 07:10:02 UTC (rev 
15175)
@@ -250,100 +250,7 @@
                                        )
                                )
                        );
-                       //$this->save_sessiondata();
-                       //$datatable = array();
 
-                       /* if( phpgw::get_var('phpgw_return_as') != 'json' )
-                         {
-                         $datatable['config']['base_url'] = 
$GLOBALS['phpgw']->link('/index.php', array
-                         (
-                         'menuaction'  => 'property.uijasper.index',
-                         'app'                 => $this->app
-                         ));
-
-                         $datatable['config']['base_java_url'] = 
"menuaction:'property.uijasper.index',"
-                         ."app: '{$this->app}',"
-                         ."allrows:'{$this->allrows}'";
-
-
-                         $link_data = array
-                         (
-                         'menuaction'  => 'property.uijasper.index',
-                         'app'                 => $this->app
-                         );
-
-                         $values_combo_box[0]  = $this->bo->get_apps();
-
-                         $datatable['config']['allow_allrows'] = true;
-
-                         $datatable['actions']['form'] = array
-                         (
-                         array
-                         (
-                         'action'      => $GLOBALS['phpgw']->link('/index.php',
-                         array
-                         (
-                         'menuaction'  => 'property.uijasper.index'//,
-                         )
-                         ),
-                         'fields'      => array
-                         (
-                         'field' => array
-                         (
-                         array //boton         CATEGORY
-                         (
-                         'id' => 'btn_app_id',
-                         'name' => 'app',
-                         'value'       => lang('application'),
-                         'type' => 'button',
-                         'style' => 'filter',
-                         'tab_index' => 1
-                         ),
-                         array
-                         (
-                         'type'        => 'button',
-                         'id'  => 'btn_export',
-                         'value'       => lang('download'),
-                         'tab_index' => 9
-                         ),
-                         array
-                         (
-                         'type'        => 'button',
-                         'id'  => 'btn_new',
-                         'value'       => lang('add'),
-                         'tab_index' => 8
-                         ),
-                         array //boton  SEARCH
-                         (
-                         'id' => 'btn_search',
-                         'name' => 'search',
-                         'value'       => lang('search'),
-                         'type' => 'button',
-                         'tab_index' => 7
-                         ),
-                         array // TEXT INPUT
-                         (
-                         'name'         => 'query',
-                         'id'   => 'txt_query',
-                         'value'       => '',//$query,
-                         'type' => 'text',
-                         'onkeypress' => 'return pulsar(event)',
-                         'size'        => 28,
-                         'tab_index' => 6
-                         )
-                         ),
-                         'hidden_value' => array
-                         (
-                         array //div values  combo_box_0
-                         (
-                         'id' => 'values_combo_box_0',
-                         'value'       => 
$this->bocommon->select2String($values_combo_box[0])
-                         )
-                         )
-                         )
-                         )
-                         );
-                         } */
                        $filters = $this->_get_Filters();
                        foreach ($filters as $filter)
                        {
@@ -637,12 +544,9 @@
                        {
                                $values = $this->bo->read_single($id);
                                $function_msg = lang('edit report');
-                               $this->acl->set_account_id($this->account);
-                               $grants = $this->acl->get_grants('property', 
'.jasper');
-                               if 
(!$this->bocommon->check_perms($grants[$values['user_id']], PHPGW_ACL_READ))
+                               if 
(!$this->bocommon->check_perms2($values['user_id'], $this->grants, 
PHPGW_ACL_READ))
                                {
-                                       $values = array();
-                                       $receipt['error'][] = array('msg' => 
lang('You are not granted sufficient rights for this entry'));
+                                       phpgw::no_access();
                                }
                        }
                        else
@@ -780,7 +684,7 @@
                                $values['input'] = $values_attribute;
                                $first_run = false;
                        }
-                       if 
(!$this->bocommon->check_perms($this->grants[$values['user_id']], 
PHPGW_ACL_READ))
+                       if (!$this->bocommon->check_perms2($values['user_id'], 
$this->grants, PHPGW_ACL_READ))
                        {
                                echo lang('not allowed');
                                $GLOBALS['phpgw']->common->phpgw_exit();
@@ -946,7 +850,7 @@
 
                        $id = phpgw::get_var('id'); // string
                        $values = $this->bo->read_single($id);
-                       if 
(!$this->bocommon->check_perms($this->grants[$values['user_id']], 
PHPGW_ACL_DELETE))
+                       if (!$this->bocommon->check_perms2($values['user_id'], 
$this->grants, PHPGW_ACL_DELETE))
                        {
                                return lang('not allowed');
                        }

Modified: trunk/property/inc/class.uiproject.inc.php
===================================================================
--- trunk/property/inc/class.uiproject.inc.php  2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.uiproject.inc.php  2016-05-19 07:10:02 UTC (rev 
15175)
@@ -1300,12 +1300,20 @@
                                                'project_id' => $id));
                                }
 
-                               if 
(!$this->bocommon->check_perms($values['grants'], PHPGW_ACL_EDIT))
+                               if 
(!$this->bocommon->check_perms2($values['coordinator'], $this->bo->so->grants, 
PHPGW_ACL_EDIT))
                                {
                                        $this->receipt['error'][] = array('msg' 
=> lang('You have no edit right for this project'));
-                                       
$GLOBALS['phpgw']->session->appsession('receipt', 'property', 
$this->receipt['error']);
-                                       
$GLOBALS['phpgw']->redirect_link('/index.php', array('menuaction' => 
'property.uiproject.view',
-                                               'id' => $id));
+                                       
$GLOBALS['phpgw']->session->appsession('receipt', 'property', $this->receipt);
+
+                                       switch ($mode)
+                                       {
+                                               case 'edit':
+                                                       
self::redirect(array('menuaction' => 'property.uiproject.view','id' => $id));
+                                                       break;
+                                               default:
+                                                       
self::redirect(array('menuaction' => 'property.uiproject.index'));
+                                                       break;
+                                       }
                                }
                                else
                                {
@@ -2279,13 +2287,15 @@
 
                function delete()
                {
-                       if (!$this->acl_delete)
+                       $project_id = phpgw::get_var('project_id', 'int');
+
+//                     $project = $this->bo->read_single($project_id);
+
+                       if (!$this->acl_delete)// || 
!$this->bocommon->check_perms2($project['coordinator'], $this->bo->so->grants, 
PHPGW_ACL_DELETE))
                        {
-                               $GLOBALS['phpgw']->redirect_link('/index.php', 
array('menuaction' => 'property.uilocation.stop',
-                                       'perm' => 8, 'acl_location' => 
$this->acl_location));
+                               phpgw::no_access();
                        }
 
-                       $project_id = phpgw::get_var('project_id', 'int');
                        if (phpgw::get_var('phpgw_return_as') == 'json')
                        {
                                $this->bo->delete($project_id);

Modified: trunk/property/inc/class.uiresponsible.inc.php
===================================================================
--- trunk/property/inc/class.uiresponsible.inc.php      2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.uiresponsible.inc.php      2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -582,16 +582,13 @@
                        {
                                $values = $this->bo->read_single($id);
                                $function_msg = lang('edit responsible');
-                               /*
-                                 $this->acl->set_account_id($this->account);
-                                 $grants       = 
$this->acl->get_grants('property','.responsible');
-                                 
if(!$this->bocommon->check_perms($grants[$values['user_id']], PHPGW_ACL_READ))
-                                 {
-                                 $values = array();
-                                 $receipt['error'][]=array('msg'=>lang('You 
are not granted sufficient rights for this entry'));
-                                 }
-
-                                */
+                               
+//                               $this->acl->set_account_id($this->account);
+//                               $grants       = 
$this->acl->get_grants('property','.responsible');
+//                               
if(!$this->bocommon->check_perms2($values['created_by'], $grants, 
PHPGW_ACL_READ))
+//                               {
+//                                       phpgw::no_access();
+//                               }
                        }
                        else
                        {
@@ -706,8 +703,7 @@
                {
                        if (!$this->acl_add && !$this->acl_edit)
                        {
-                               $GLOBALS['phpgw']->redirect_link('/index.php', 
array('menuaction' => 'property.uilocation.stop',
-                                       'perm' => 2, 'acl_location' => 
$this->acl_location));
+                               phpgw::no_access();
                        }
 
                        $id = phpgw::get_var('id', 'int');
@@ -764,16 +760,6 @@
                        {
                                $values = $this->bo->read_single_role($id);
                                $function_msg = lang('edit role');
-                               /*
-                                 $this->acl->set_account_id($this->account);
-                                 $grants       = 
$this->acl->get_grants('property','.responsible');
-                                 
if(!$this->bocommon->check_perms($grants[$values['user_id']], PHPGW_ACL_READ))
-                                 {
-                                 $values = array();
-                                 $receipt['error'][]=array('msg'=>lang('You 
are not granted sufficient rights for this entry'));
-                                 }
-
-                                */
                        }
                        else
                        {

Modified: trunk/property/inc/class.uiwo_hour.inc.php
===================================================================
--- trunk/property/inc/class.uiwo_hour.inc.php  2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/property/inc/class.uiwo_hour.inc.php  2016-05-19 07:10:02 UTC (rev 
15175)
@@ -381,13 +381,6 @@
                {
 
                        $workorder = 
$this->boworkorder->read_single($workorder_id);
-                       /*                      if 
(!$this->bocommon->check_perms($workorder['grants'],PHPGW_ACL_EDIT))
-                         {
-                         $receipt['error'][]=array('msg'=>lang('You have no 
edit right for this project'));
-                         
$GLOBALS['phpgw']->session->appsession('receipt','property',$receipt);
-                         
$GLOBALS['phpgw']->redirect_link('/index.php',array('menuaction'=> 
'property.uiworkorder.view','id'=> $workorder_id));
-                         }
-                        */
                        $hour_list = $this->bo->read($workorder_id);
                        //_debug_array($hour_list);
                        $grouping_descr_old = '';

Modified: trunk/property/inc/class.uiworkorder.inc.php
===================================================================
--- trunk/property/inc/class.uiworkorder.inc.php        2016-05-19 00:37:29 UTC 
(rev 15174)
+++ trunk/property/inc/class.uiworkorder.inc.php        2016-05-19 07:10:02 UTC 
(rev 15175)
@@ -1248,14 +1248,21 @@
                                }
 
                                $acl_required = $mode == 'edit' ? 
PHPGW_ACL_EDIT : PHPGW_ACL_READ;
-                               if 
(!$this->bocommon->check_perms($project['grants'], $acl_required))
+                               if 
(!$this->bocommon->check_perms2($project['coordinator'], $this->bo->so->grants, 
PHPGW_ACL_EDIT))
                                {
                                        $this->receipt['error'][] = array(
                                                'msg' => lang('You have no edit 
right for this project'));
                                        
$GLOBALS['phpgw']->session->appsession('receipt', 'property', $this->receipt);
-                                       
$GLOBALS['phpgw']->redirect_link('/index.php', array(
-                                               'menuaction' => 
'property.uiworkorder.view',
-                                               'id' => $id));
+
+                                       switch ($mode)
+                                       {
+                                               case 'edit':
+                                                       
self::redirect(array('menuaction' => 'property.uiworkorder.view','id' => $id));
+                                                       break;
+                                               default:
+                                                       
self::redirect(array('menuaction' => 'property.uiworkorder.index'));
+                                                       break;
+                                       }
                                }
 
                                if ($project['key_fetch'] && 
!$values['key_fetch'])

Modified: trunk/sms/inc/class.soautoreply.inc.php
===================================================================
--- trunk/sms/inc/class.soautoreply.inc.php     2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/sms/inc/class.soautoreply.inc.php     2016-05-19 07:10:02 UTC (rev 
15175)
@@ -17,8 +17,6 @@
         */
        class sms_soautoreply
        {
-
-               var $grants;
                var $db;
                var $account;
                var $autoreply_data;
@@ -29,7 +27,6 @@
                        $this->db = clone($GLOBALS['phpgw']->db);
 
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants('sms', '.config');
                        $this->join = $this->db->join;
                        $this->like = $this->db->like;
                }
@@ -54,21 +51,7 @@
                        $table = 'phpgw_sms_featautoreply';
 
                        $where = 'WHERE';
-                       $grants = $this->grants;
 
-                       /*                      if (is_array($grants))
-                         {
-                         while (list($user) = each($grants))
-                         {
-                         $public_user_list[] = $user;
-                         }
-                         reset($public_user_list);
-                         $filtermethod .= " $where ( $table.uid IN(" . 
implode(',',$public_user_list) . "))";
-
-                         $where= 'AND';
-                         }
-                        */
-
                        $querymethod = '';
                        if ($query)
                        {
@@ -98,7 +81,6 @@
                                        'id' => $this->db->f('autoreply_id'),
                                        'uid' => $this->db->f('uid'),
                                        'code' => 
stripslashes($this->db->f('autoreply_code')),
-                                       'grants' => 
(int)$grants[$this->db->f('uid')]
                                );
                        }
 

Modified: trunk/sms/inc/class.socommand.inc.php
===================================================================
--- trunk/sms/inc/class.socommand.inc.php       2016-05-19 00:37:29 UTC (rev 
15174)
+++ trunk/sms/inc/class.socommand.inc.php       2016-05-19 07:10:02 UTC (rev 
15175)
@@ -17,8 +17,6 @@
         */
        class sms_socommand
        {
-
-               var $grants;
                var $db;
                var $account;
                var $command_data;
@@ -29,7 +27,6 @@
                        $this->db = clone($GLOBALS['phpgw']->db);
 
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants('sms', '.config');
                        $this->join = $this->db->join;
                        $this->like = $this->db->like;
                }
@@ -54,21 +51,7 @@
                        $table = 'phpgw_sms_featcommand';
 
                        $where = 'WHERE';
-                       $grants = $this->grants;
 
-                       /*                      if (is_array($grants))
-                         {
-                         while (list($user) = each($grants))
-                         {
-                         $public_user_list[] = $user;
-                         }
-                         reset($public_user_list);
-                         $filtermethod .= " $where ( $table.uid IN(" . 
implode(',',$public_user_list) . "))";
-
-                         $where= 'AND';
-                         }
-                        */
-
                        $querymethod = '';
                        if ($query)
                        {
@@ -100,7 +83,6 @@
                                        'uid' => $this->db->f('uid'),
                                        'code' => 
stripslashes($this->db->f('command_code')),
                                        'exec' => 
stripslashes($this->db->f('command_exec')),
-                                       'grants' => 
(int)$grants[$this->db->f('uid')]
                                );
                        }
 

Modified: trunk/sms/inc/class.sopoll.inc.php
===================================================================
--- trunk/sms/inc/class.sopoll.inc.php  2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/sms/inc/class.sopoll.inc.php  2016-05-19 07:10:02 UTC (rev 15175)
@@ -17,8 +17,6 @@
         */
        class sms_sopoll
        {
-
-               var $grants;
                var $db;
                var $account;
                var $poll_data;
@@ -29,7 +27,6 @@
                        $this->db = & $GLOBALS['phpgw']->db;
 
                        $GLOBALS['phpgw']->acl->set_account_id($this->account);
-                       $this->grants = 
$GLOBALS['phpgw']->acl->get_grants('sms', '.config');
                        $this->join = $this->db->join;
                        $this->like = $this->db->like;
                }
@@ -54,21 +51,7 @@
                        $table = 'phpgw_sms_featpoll';
 
                        $where = 'WHERE';
-                       $grants = $this->grants;
 
-                       /*                      if (is_array($grants))
-                         {
-                         while (list($user) = each($grants))
-                         {
-                         $public_user_list[] = $user;
-                         }
-                         reset($public_user_list);
-                         $filtermethod .= " $where ( $table.uid IN(" . 
implode(',',$public_user_list) . "))";
-
-                         $where= 'AND';
-                         }
-                        */
-
                        $querymethod = '';
                        if ($query)
                        {
@@ -100,7 +83,6 @@
                                        'code' => $this->db->f('poll_code', 
true),
                                        'title' => $this->db->f('poll_title', 
true),
                                        'enable' => $this->db->f('poll_enable'),
-                                       'grants' => 
(int)$grants[$this->db->f('uid')]
                                );
                        }
 

Modified: trunk/sms/inc/class.sosms.inc.php
===================================================================
--- trunk/sms/inc/class.sosms.inc.php   2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/sms/inc/class.sosms.inc.php   2016-05-19 07:10:02 UTC (rev 15175)
@@ -18,7 +18,6 @@
        class sms_sosms
        {
 
-               var $grants;
                var $db;
                var $account;
 
@@ -41,11 +40,11 @@
                        $allrows = isset($data['allrows']) ? $data['allrows'] : 
'';
                        $acl_location = isset($data['acl_location']) ? 
$data['acl_location'] : '';
 
-                       if ($acl_location)
-                       {
-                               
$GLOBALS['phpgw']->acl->set_account_id($this->account);
-                               $grants = 
$GLOBALS['phpgw']->acl->get_grants('sms', $acl_location);
-                       }
+//                     if ($acl_location)
+//                     {
+//                             
$GLOBALS['phpgw']->acl->set_account_id($this->account);
+//                             $grants = 
$GLOBALS['phpgw']->acl->get_grants2('sms', $acl_location);
+//                     }
 
 //_debug_array($grants);
                        if ($order)
@@ -61,18 +60,6 @@
 
                        $where = 'WHERE';
 
-                       /*                      if (is_array($grants))
-                         {
-                         while (list($user) = each($grants))
-                         {
-                         $public_user_list[] = $user;
-                         }
-                         reset($public_user_list);
-                         $filtermethod .= " $where ( $table.in_uid IN(" . 
implode(',',$public_user_list) . "))";
-
-                         $where= 'AND';
-                         }
-                        */
                        if ($query)
                        {
                                $query = $this->db->db_addslashes($query);
@@ -106,7 +93,6 @@
                                        'entry_time' => 
$this->db->f('in_datetime'),
                                        'message' => $this->db->f('in_msg', 
true),
                                        'user' => 
$GLOBALS['phpgw']->accounts->id2name($this->db->f('in_uid')),
-                                       'grants' => 
(int)isset($grants[$this->db->f('in_uid')]) ? $grants[$this->db->f('in_uid')] : 0
                                );
                        }
 
@@ -122,11 +108,11 @@
                        $allrows = isset($data['allrows']) ? $data['allrows'] : 
'';
                        $acl_location = isset($data['acl_location']) ? 
$data['acl_location'] : '';
 
-                       if ($acl_location)
-                       {
-                               
$GLOBALS['phpgw']->acl->set_account_id($this->account);
-                               $grants = 
$GLOBALS['phpgw']->acl->get_grants('sms', $acl_location);
-                       }
+//                     if ($acl_location)
+//                     {
+//                             
$GLOBALS['phpgw']->acl->set_account_id($this->account);
+//                             $grants = 
$GLOBALS['phpgw']->acl->get_grants2('sms', $acl_location);
+//                     }
 
                        if ($order)
                        {
@@ -142,18 +128,18 @@
 
                        $where = 'WHERE';
 
-                       if (is_array($grants))
-                       {
-                               while (list($user) = each($grants))
-                               {
-                                       $public_user_list[] = $user;
-                               }
-                               reset($public_user_list);
-                               $filtermethod = " $where ( $table.uid IN(" . 
implode(',', $public_user_list) . "))";
+//                     if (is_array($grants))
+//                     {
+//                             while (list($user) = each($grants))
+//                             {
+//                                     $public_user_list[] = $user;
+//                             }
+//                             reset($public_user_list);
+//                             $filtermethod = " $where ( $table.uid IN(" . 
implode(',', $public_user_list) . "))";
+//
+//                             $where = 'AND';
+//                     }
 
-                               $where = 'AND';
-                       }
-
                        $querymethod = '';
                        if ($query)
                        {
@@ -197,7 +183,6 @@
                                        'entry_time' => 
$this->db->f('p_datetime'),
                                        'message' => $this->db->f('p_msg', 
true),
                                        'status' => 
$status_array[$this->db->f('p_status')],
-                                       'grants' => 
(int)$grants[$this->db->f('uid')]
                                );
                        }
                        return $outbox;

Modified: trunk/todo/inc/class.botodo.inc.php
===================================================================
--- trunk/todo/inc/class.botodo.inc.php 2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/todo/inc/class.botodo.inc.php 2016-05-19 07:10:02 UTC (rev 15175)
@@ -185,9 +185,30 @@
                        $this->cat_id   = $data['cat_id'];
                }
 
-               function check_perms($has, $needed)
+               /**
+                *
+                * @param integer $owner_id
+                * @param array $grants
+                * @param integer $required
+                * @return bool
+                */
+               function check_perms( $owner_id, $grants,  $required )
                {
-                       return (!!($has & $needed) == True);
+                       if(isset($grants['accounts'][$owner_id]) && 
($grants['accounts'][$owner_id] & $required))
+                       {
+                               return true;
+                       }
+
+                       $equalto = 
$GLOBALS['phpgw']->accounts->membership($owner_id);
+                       foreach($grants['groups'] as $group => $_right)
+                       {
+                               if(isset($equalto[$group]) && ($_right & 
$required))
+                               {
+                                       return true;
+                               }
+                       }
+
+                       return false;
                }
 
                function cached_accounts($account_id)

Modified: trunk/todo/inc/class.sotodo.inc.php
===================================================================
--- trunk/todo/inc/class.sotodo.inc.php 2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/todo/inc/class.sotodo.inc.php 2016-05-19 07:10:02 UTC (rev 15175)
@@ -26,7 +26,7 @@
                function __construct()
                {
                        $this->db          =& $GLOBALS['phpgw']->db;
-                       $this->grants      = 
$GLOBALS['phpgw']->acl->get_grants('todo');
+                       $this->grants      = 
$GLOBALS['phpgw']->acl->get_grants2('todo');
                        $this->account     = 
$GLOBALS['phpgw_info']['user']['account_id'];
                        $this->user_groups = 
$GLOBALS['phpgw']->accounts->membership($this->account);
                        $this->historylog  = 
CreateObject('phpgwapi.historylog','todo', '.');
@@ -99,16 +99,34 @@
 
                        if($filter == 'none')
                        {
-                               if(is_array($this->grants))
+
+                               $public_user_list = array();
+                               if (is_array($grants['accounts']) && 
$grants['accounts'])
                                {
-                                       $grants = $this->grants;
-                                       while(list($user) = each($grants))
+                                       foreach($grants['accounts'] as $user => 
$_right)
                                        {
                                                $public_user_list[] = $user;
                                        }
                                        reset($public_user_list);
-                                       $filtermethod .= " OR 
(todo_access='public' AND todo_owner IN(" . implode(',', $public_user_list) . 
'))';
+                                       $filtermethod .= " OR 
(todo_access='public' AND todo_owner IN(" . implode(',', $public_user_list) . 
"))";
                                }
+
+                               $public_group_list = array();
+                               if (is_array($grants['groups']) && 
$grants['groups'])
+                               {
+                                       foreach($grants['groups'] as $user => 
$_right)
+                                       {
+                                               $public_group_list[] = $user;
+                                       }
+                                       unset($user);
+                                       reset($public_group_list);
+                                       $filtermethod .= " OR 
todo_access='public' AND phpgw_group_map.group_id IN(" . implode(',', 
$public_group_list) . "))";
+                                       $where = 'AND';
+                               }
+                               if($public_user_list && !$public_group_list)
+                               {
+                                       $filtermethod .=')';
+                               }
                        }
 
                        $filtermethod .= ')';
@@ -138,8 +156,18 @@
                                $parentmethod = ' AND todo_id_parent=' . (int) 
$parent;
                        }
 
-                       $sql = "SELECT * FROM phpgw_todo WHERE $filtermethod 
$querymethod $type $parentmethod ";
+                       $this->db->query("SELECT count(*) as cnt FROM 
phpgw_todo"
+                               . " {$this->join} phpgw_accounts ON ( 
phpgw_todo.todo_owner = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " WHERE $filtermethod $querymethod $type 
$parentmethod", __LINE__, __FILE__);
+                       $this->db->next_record();
+                       $this->total_records = $this->db->f('cnt');
 
+                       $sql = "SELECT DISTINCT phpgw_todo.* FROM phpgw_todo"
+                               . " {$this->join} phpgw_accounts ON ( 
phpgw_todo.todo_owner = phpgw_accounts.account_id)"
+                               . " {$this->join} phpgw_group_map ON 
(phpgw_accounts.account_id = phpgw_group_map.account_id)"
+                               . " WHERE $filtermethod $querymethod $type 
$parentmethod ";
+
                        if($limit)
                        {
                                $this->db->limit_query($sql . 
$ordermethod,$start,__LINE__,__FILE__);
@@ -149,8 +177,6 @@
                                $this->db->query($sql . 
$ordermethod,__LINE__,__FILE__);
                        }
 
-                       $this->total_records = $this->db->num_rows();
-
                        $todos = array();
                        while($this->db->next_record())
                        {
@@ -170,7 +196,6 @@
                                        'status'                        => 
(int)$this->db->f('todo_status'),
                                        'sdate'                         => 
$this->db->f('todo_startdate'),
                                        'edate'                         => 
$this->db->f('todo_enddate'),
-                                       'grants'                        => 
(int)$this->grants[$this->db->f('todo_owner')],
                                        'sdate_epoch'           => 
(int)$this->db->f('todo_startdate'),
                                        'edate_epoch'           => 
(int)$this->db->f('todo_enddate'),
                                        'assigned'                      => 
$this->db->f('todo_assigned'),

Modified: trunk/todo/inc/class.uitodo.inc.php
===================================================================
--- trunk/todo/inc/class.uitodo.inc.php 2016-05-19 00:37:29 UTC (rev 15174)
+++ trunk/todo/inc/class.uitodo.inc.php 2016-05-19 07:10:02 UTC (rev 15175)
@@ -262,7 +262,7 @@
                                $this->t->set_var('view','<a href="' . 
$GLOBALS['phpgw']->link('/index.php', array('menuaction' => 'todo.uitodo.view', 
'todo_id' => $todo_list[$i]['id']) )
                                        . '">' . lang('View') . '</a>');
 
-                               if 
($this->botodo->check_perms($this->grants[$todo_list[$i]['owner_id']],PHPGW_ACL_EDIT))
+                               if 
($this->botodo->check_perms($todo_list[$i]['owner_id'], $this->grants, 
PHPGW_ACL_EDIT))
                                {
                                        $this->t->set_var('edit','<a href="' . 
$GLOBALS['phpgw']->link('/index.php', array('menuaction' => 'todo.uitodo.edit', 
'todo_id' => $todo_list[$i]['id']) )
                                                                                
        . '">' . lang('Edit') . '</a>');
@@ -272,7 +272,7 @@
                                        $this->t->set_var('edit','&nbsp;');
                                }
 
-                               if 
($this->botodo->check_perms($this->grants[$todo_list[$i]['owner_id']],PHPGW_ACL_DELETE))
+                               if 
($this->botodo->check_perms($todo_list[$i]['owner_id'],$this->grants, 
PHPGW_ACL_DELETE))
                                {
                                        $this->t->set_var('delete','<a href="' 
. $GLOBALS['phpgw']->link('/index.php', array('menuaction' => 
'todo.uitodo.delete', 'todo_id' => $todo_list[$i]['id']) )
                                                                                
                . '">' . lang('Delete') . '</a>');
@@ -282,7 +282,7 @@
                                        $this->t->set_var('delete','&nbsp;');
                                }
 
-                               if 
($this->botodo->check_perms($this->grants[$todo_list[$i]['owner_id']],PHPGW_ACL_ADD))
+                               if 
($this->botodo->check_perms($todo_list[$i]['owner_id'],$this->grants,PHPGW_ACL_ADD))
                                {
                                        $this->t->set_var('subadd', '<a href="' 
. $GLOBALS['phpgw']->link('/index.php', array('menuaction' => 
'todo.uitodo.add', 'parent' => $todo_list[$i]['id'], 'cat_id' => $this->cat_id) 
)
                                                                                
                . '">' . lang('Add Sub') . '</a>');
@@ -316,7 +316,7 @@
                                }
                                else
                                {
-                                       if 
($this->botodo->check_perms($this->grants[$cat[0]['owner']],PHPGW_ACL_ADD) || 
$cat[0]['owner'] == $GLOBALS['phpgw_info']['user']['account_id'])
+                                       if 
($this->botodo->check_perms($cat[0]['owner'], $this->grants,PHPGW_ACL_ADD) || 
$cat[0]['owner'] == $GLOBALS['phpgw_info']['user']['account_id'])
                                        {
                                                $this->t->set_var('add','<form 
method="POST" action="' . $GLOBALS['phpgw']->link('/index.php', 
array('menuaction' => 'todo.uitodo.add', 'cat_id' => $this->cat_id) )
                                                        . '"><input 
type="submit" name="Add" value="' . lang('Add') .'"></form>');
@@ -753,7 +753,7 @@
 
                        $this->t->set_var('access_list', '<input 
type="checkbox" name="values[access]" value="True"' . ($values['access'] == 
'private'?' checked':'') . '>');
 
-                       if 
($this->botodo->check_perms($this->grants[$values['owner']],PHPGW_ACL_DELETE) 
|| $values['owner'] == $GLOBALS['phpgw_info']['user']['account_id'])
+                       if ($this->botodo->check_perms($values['owner'], 
$this->grants,PHPGW_ACL_DELETE) || $values['owner'] == 
$GLOBALS['phpgw_info']['user']['account_id'])
                        {
                                $this->t->set_var('delete','<form method="POST" 
action="' . $GLOBALS['phpgw']->link('/index.php', array('menuaction' => 
'todo.uitodo.delete', 'todo_id' => $values['id']) )
                                     . '"><input type="submit" value="' . 
lang('Delete') .'"></form>');




reply via email to

[Prev in Thread] Current Thread [Next in Thread]