[Tickets #2138] Dynamically configured IMSP sources ignore horde permissions
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Jun 23 06:26:47 PDT 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://dev.horde.org/horde/whups/ticket/?id=2138
-----------------------------------------------------------------------
Ticket | 2138
Updated By | Michael Rubinsky <mrubinsk at horde.org>
Summary | Dynamically configured IMSP sources ignore horde permissions
Queue | Turba
Version | HEAD
State | Feedback
Priority | 1. Low
Type | Bug
Owners | Michael Rubinsky
-----------------------------------------------------------------------
Michael Rubinsky <mrubinsk at horde.org> (2005-06-23 06:26) wrote:
Turba::hasPermission() will only check the permissions against horde's
permission system. Calling it from Turba_Object would bypass any backend's
acls on that source. By calling Turba_Driver::hasPermission, it gives any
concrete drivers the chance to override the default behavior of checking
horde permissions. If the concrete driver does not override the
hasPermission method, the default would be to call Turba::hasPermission.
I knew someone would ask about that extra assignment... It was the only way
I could think of of assuring that $GLOBALS['cfgSource'] is available and
unfiltered before we call Turba::permissionFilter. Why? Because, in
Turba::permissionFilter, we call Turba_Driver::hasPermission...which by
default behavior will call Turba::hasPermission...and that requires that
$GLOBALS['cfgSources'] be available. I thought about doing an 'include
TURBA_BASE . '/config/sources.php' from within hasPermission, but that
seemed like a bad idea...
More information about the bugs
mailing list