Fwd: Re: [dev] Patches for shares and prefs
Jason Rust
jrust at rustyparts.com
Tue Sep 16 18:46:31 PDT 2003
Sorry, replied to the wrong address.
-Jason
----- Forwarded message from Jason Rust <jrust at rustyparts.com> -----
From: Jason Rust <jrust at rustyparts.com>
X-Organisation: Rusty Parts
To: Chuck Hagenbuch <chuck at horde.org>
Date: Tue, 16 Sep 2003 20:24:20 -0500
Subject: Re: [dev] Patches for shares and prefs
> > The second patch fixes a problem where creator permissions were not
> > being queried in the listShares() method. The end result in kronolith
> > was that even if a user had object creator permissions for a calendar
> > the Add Event link wasn't showing up in the menu.
>
> This isn't the right fix. If creators have edit permissions for a share, this
> will let them edit anything in that share regardless of who the owner is.
>
> A correct fix would check for what you set, PLUS (owner == $current_user OR no
> owner).
Hmm. I think I may have been unclear in my description above. I'm
referring above to object creator permissions. I know that normally with
object creator perms you want to check if the user who created the
object in the share has the specified permission. But on a method that
is looking at the whole share (not just an individual object in the
share), like listShares() the only thing that can be done for checking
object creator permissions is to check it against the whole share
instead of the individual object.
Hope that makes a bit more sense.
-Jason
----- End forwarded message -----
--
http://www.rustyparts.com/
guaranteed never to rust!
More information about the dev
mailing list