[Tickets #2138] Dynamically configured IMSP sources ignore horde permissions

bugs@bugs.horde.org bugs at bugs.horde.org
Thu Jun 23 06:26:47 PDT 2005


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://dev.horde.org/horde/whups/ticket/?id=2138
-----------------------------------------------------------------------
 Ticket             | 2138
 Updated By         | Michael Rubinsky <mrubinsk at horde.org>
 Summary            | Dynamically configured IMSP sources ignore horde permissions
 Queue              | Turba
 Version            | HEAD
 State              | Feedback
 Priority           | 1. Low
 Type               | Bug
 Owners             | Michael Rubinsky
-----------------------------------------------------------------------


Michael Rubinsky <mrubinsk at horde.org> (2005-06-23 06:26) wrote:

Turba::hasPermission() will only check the permissions against horde's
permission system.  Calling it from Turba_Object would bypass any backend's
acls on that source.  By calling Turba_Driver::hasPermission, it gives any
concrete drivers the chance to override the default behavior of checking
horde permissions. If the concrete driver does not override the
hasPermission method, the default would be to call Turba::hasPermission.

I knew someone would ask about that extra assignment... It was the only way
I could think of of assuring that $GLOBALS['cfgSource'] is available and
unfiltered before we call Turba::permissionFilter.  Why?  Because, in
Turba::permissionFilter, we call Turba_Driver::hasPermission...which by
default behavior will call Turba::hasPermission...and that requires that
$GLOBALS['cfgSources'] be available.  I thought about doing an 'include
TURBA_BASE . '/config/sources.php' from within hasPermission, but that
seemed like a bad idea...




More information about the bugs mailing list