[Fmsystem-commits] [16728] Admin: user/group handling

fmsystem-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fmsystem-commits] [16728] Admin: user/group handling

From:	sigurdne
Subject:	[Fmsystem-commits] [16728] Admin: user/group handling
Date:	Thu, 11 May 2017 08:33:43 -0400 (EDT)

Revision: 16728
          http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=16728
Author:   sigurdne
Date:     2017-05-11 08:33:43 -0400 (Thu, 11 May 2017)
Log Message:
-----------
Admin: user/group handling

Modified Paths:
--------------
    trunk/admin/inc/class.uiaccounts.inc.php

Modified: trunk/admin/inc/class.uiaccounts.inc.php
===================================================================
--- trunk/admin/inc/class.uiaccounts.inc.php    2017-05-11 11:48:49 UTC (rev 
16727)
+++ trunk/admin/inc/class.uiaccounts.inc.php    2017-05-11 12:33:43 UTC (rev 
16728)
@@ -164,6 +164,15 @@
 
                                $valid_users = array_unique($valid_users);
 
+                               $my_membership = $accounts->membership();
+
+                               foreach ($my_membership as $group_id => $info)
+                               {
+                                       $members = $accounts->member($group_id);
+                                       $valid_users = 
array_merge($valid_users, array_keys($members));
+                               }
+                               $valid_users = array_unique($valid_users);
+
                                $account_list = 
$GLOBALS['phpgw']->accounts->get_list('accounts', -1,$dir, $order,  $query);
                                foreach($account_list as  $user)
                                {
@@ -291,6 +300,10 @@
                                $valid_users = array();
                                foreach($available_apps as $_app => $dummy)
                                {
+                                       if($_app == 'admin')
+                                       {
+                                               continue;
+                                       }
                                        
if($GLOBALS['phpgw']->acl->check('admin', phpgwapi_acl::ADD, $_app))
                                        {
                                                $valid_users    = 
array_merge($valid_users, $GLOBALS['phpgw']->acl->get_ids_for_location('run', 
phpgwapi_acl::READ, $_app));
@@ -299,10 +312,12 @@
 
                                $valid_users = array_unique($valid_users);
 
+                               $admin_groups   = 
$GLOBALS['phpgw']->acl->get_ids_for_location('run', phpgwapi_acl::READ, 
'admin');
+
                                $allusers = 
$GLOBALS['phpgw']->accounts->get_list('groups', -1,$this->sort, $this->order, 
$this->query);
                                foreach($allusers as  $user)
                                {
-                                       if(!in_array($user->id, $valid_users))
+                                       if(!in_array($user->id, $valid_users) 
|| in_array($user->id, $admin_groups))
                                        {
                                                unset($allusers[$user->id]);
                                        }
@@ -982,6 +997,15 @@
                                return array('error' => 'error');
                        }
 
+                       /**
+                        * Go away
+                        */
+                       $test_admins = 
$GLOBALS['phpgw']->acl->get_ids_for_location('run', phpgwapi_acl::READ, 
'admin');
+                       if(in_array($group_id, $test_admins) && 
!$GLOBALS['phpgw']->acl->check('run', phpgwapi_acl::READ, 'admin'))
+                       {
+                                       return array('error' => 'error');
+                       }
+
                        $acl = createObject('phpgwapi.acl', $group_id);
                        $is_admin_group = $acl->check('run', 
phpgwapi_acl::READ, 'admin');
                        $current_user = 
$GLOBALS['phpgw_info']['user']['account_id'];
@@ -998,6 +1022,7 @@
                                        
$GLOBALS['phpgw']->accounts->delete_account4group($user_id, $group_id);
                                        //Delete cached menu for members of 
group
                                        phpgwapi_cache::user_clear('phpgwapi', 
'menu', $user_id);
+                                       
$GLOBALS['phpgw']->acl->clear_user_cache($user_id);
                                }
                                return array('message' => 'OK');
                        }
@@ -1032,6 +1057,7 @@
                                        
$GLOBALS['phpgw']->accounts->delete_account4group($entry['account_id'], 
$group_id);
                                        //Delete cached menu for members of 
group
                                        phpgwapi_cache::user_clear('phpgwapi', 
'menu', $entry['account_id']);
+                                       
$GLOBALS['phpgw']->acl->clear_user_cache($entry['account_id']);
                                }
                                return array('message' => 'OK');
                        }
@@ -1049,6 +1075,15 @@
                                return array('error' => 'error');
                        }
 
+                       /**
+                        * Do not get to elevate to admin rights
+                        */
+                       $test_admins = 
$GLOBALS['phpgw']->acl->get_ids_for_location('run', phpgwapi_acl::READ, 
'admin');
+                       if(in_array($group_id, $test_admins) && 
!$GLOBALS['phpgw']->acl->check('run', phpgwapi_acl::READ, 'admin'))
+                       {
+                                       return array('error' => 'error');
+                       }
+
                        if($group_id && isset($_POST['account_user']))
                        {
                                foreach ($account_user as $user_id)
@@ -1056,6 +1091,7 @@
                                        
$GLOBALS['phpgw']->accounts->add_user2group($user_id, $group_id);
                                        //Delete cached menu for members of 
group
                                        phpgwapi_cache::user_clear('phpgwapi', 
'menu', $user_id);
+                                       
$GLOBALS['phpgw']->acl->clear_user_cache($user_id);
                                }
                                return array('message' => 'OK');
                        }

[Prev in Thread]

Current Thread

[Next in Thread]

[Fmsystem-commits] [16728] Admin: user/group handling, sigurdne <=

Prev by Date: [Fmsystem-commits] [16727]
Next by Date: [Fmsystem-commits] [16729] Stable: Merge 16719:16728 from trunk
Previous by thread: [Fmsystem-commits] [16727]
Next by thread: [Fmsystem-commits] [16729] Stable: Merge 16719:16728 from trunk
Index(es):
- Date
- Thread