[Tickets #14259] Re: Event notification from another user's private calendar

noreply at bugs.horde.org noreply at bugs.horde.org
Thu Feb 18 21:35:24 UTC 2016 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: https://bugs.horde.org/ticket/14259
------------------------------------------------------------------------------
  Ticket             | 14259
  Updated By         | lfbm.andamentos at gmail.com
  Summary            | Event notification from another user's private calendar
  Queue              | Kronolith
  Version            | 4.2.14
  Type               | Bug
  State              | Feedback
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


lfbm.andamentos at gmail.com (2016-02-18 21:35) wrote:

> This debug log is from reading the alarms already entered into the  
> alarms table. We need to find out why the alarm_uid of the incorrect  
> user is being set. Look in Kronolith_Application::listAlarms. Pay  
> attention to the code that sets the $users variable.

Ok, here´s what I´ve found so far.

File: Horde/Share/Object.php

public function listUsers($perm_level = null)
{
     $perm = $this->getPermission();
     $results = array_keys($perm->getUserPermissions($perm_level));
     Horde::debug($results);
     (...)

After running horde-alarms, I get this:

> 2016-02-18T19:00:17-02:00 DEBUG: Variable information:
> array(1) {
>   [0]=>
>   string(4) "robm"
> }
>
> Backtrace:
> 1. Horde_Alarm->notify() /usr/bin/horde-alarms:26
> 2. Horde_Alarm->listAlarms() /usr/share/php/Horde/Alarm.php:434
> 3. call_user_func() /usr/share/php/Horde/Alarm.php:113
> 4. Horde_Core_Factory_Alarm->load()
> 5. Horde_Registry->callAppMethod()  
> /usr/share/php/Horde/Core/Factory/Alarm.php:170
> 6. call_user_func_array() /usr/share/php/Horde/Registry.php:1192
> 7. Kronolith_Application->listAlarms()
> 8. Horde_Share_Object->listUsers()  
> /var/www/horde/kronolith/lib/Application.php:503
> 9. Horde::debug() /usr/share/php/Horde/Share/Object.php:213
>
> 2016-02-18T19:00:17-02:00 DEBUG: Variable information:
> array(0) {
> }
>
> Backtrace:
> 1. Horde_Alarm->notify() /usr/bin/horde-alarms:26
> 2. Horde_Alarm->listAlarms() /usr/share/php/Horde/Alarm.php:434
> 3. call_user_func() /usr/share/php/Horde/Alarm.php:113
> 4. Horde_Core_Factory_Alarm->load()
> 5. Horde_Registry->callAppMethod()  
> /usr/share/php/Horde/Core/Factory/Alarm.php:170
> 6. call_user_func_array() /usr/share/php/Horde/Registry.php:1192
> 7. Kronolith_Application->listAlarms()
> 8. Horde_Share_Object->listUsers()  
> /var/www/horde/kronolith/lib/Application.php:503
> 9. Horde::debug() /usr/share/php/Horde/Share/Object.php:213

I don´t know why horde-alarms triggers Horde_Share_Object::listUsers  
two times. Anyway, the second one it retrieves an empty array. PS: I  
only activate the debug function after creating the test event and  
before running horde-alarms.

Then, I changed the debug to:

public function listUsers($perm_level = null)
{
     $perm = $this->getPermission();
     $results = array_keys($perm->getUserPermissions($perm_level));
     // Always return the share's owner.
     $owner = $this->get('owner');
     if ($owner && !in_array($owner, $results)) {
         Horde::debug($owner);
         $results[] = $owner;
     }
     return $results;
}

And then it gets weird, because clearly a user which does not have  
access to that calendar (the user 'lfbm') is added to the results array:

> 2016-02-18T19:10:43-02:00 DEBUG: Variable information:
> string(4) "lfbm"
>
> Backtrace:
> 1. Horde_Alarm->notify() /usr/bin/horde-alarms:26
> 2. Horde_Alarm->listAlarms() /usr/share/php/Horde/Alarm.php:434
> 3. call_user_func() /usr/share/php/Horde/Alarm.php:113
> 4. Horde_Core_Factory_Alarm->load()
> 5. Horde_Registry->callAppMethod()  
> /usr/share/php/Horde/Core/Factory/Alarm.php:170
> 6. call_user_func_array() /usr/share/php/Horde/Registry.php:1192
> 7. Kronolith_Application->listAlarms()
> 8. Horde_Share_Object->listUsers()  
> /var/www/horde/kronolith/lib/Application.php:503
> 9. Horde::debug() /usr/share/php/Horde/Share/Object.php:217

So this is why the variable $users inside  
Kronolith_Application::listAlarms shows both 'robm' (the calendar  
owner) and 'lfbm' users. And the 'lfbm' is me, who is getting the  
notificatinos from the private 'robm' calendar.

File: kronolith/lib/Application.php

public function listAlarms($time, $user = null)
     {
         $current_user = $GLOBALS['registry']->getAuth();
         if ((empty($user) || $user != $current_user) &&  
!$GLOBALS['registry']->isAdmin()) {
             throw new Horde_Exception_PermissionDenied();
         }

         $group = $GLOBALS['injector']->getInstance('Horde_Group');
         $kronolith_shares =  
$GLOBALS['injector']->getInstance('Kronolith_Shares');

         $alarm_list = array();
         $time = new Horde_Date($time);
         $calendars = is_null($user)
             ? array_keys($kronolith_shares->listAllShares())
             : $GLOBALS['calendar_manager']->get(Kronolith::DISPLAY_CALENDARS);
         $alarms = Kronolith::listAlarms($time, $calendars, true);
         foreach ($alarms as $calendar => $cal_alarms) {
             if (!$cal_alarms) {
                 continue;
             }
             try {
                 $share = $kronolith_shares->getShare($calendar);
             } catch (Exception $e) {
                 continue;
             }
             if (empty($user)) {
                 $users = $share->listUsers(Horde_Perms::READ);
                 Horde::debug($users);
                 (...)


horde_debug.txt results:

> 2016-02-18T19:25:55-02:00 DEBUG: Variable information:
> array(1) {
>   [0]=>
>   string(4) "robm"
> }
>
> Backtrace:
> 1. Horde_Alarm->notify() /usr/bin/horde-alarms:26
> 2. Horde_Alarm->listAlarms() /usr/share/php/Horde/Alarm.php:434
> 3. call_user_func() /usr/share/php/Horde/Alarm.php:113
> 4. Horde_Core_Factory_Alarm->load()
> 5. Horde_Registry->callAppMethod()  
> /usr/share/php/Horde/Core/Factory/Alarm.php:170
> 6. call_user_func_array() /usr/share/php/Horde/Registry.php:1192
> 7. Kronolith_Application->listAlarms()
> 8. Horde::debug() /var/www/horde/kronolith/lib/Application.php:504
>
> 2016-02-18T19:25:55-02:00 DEBUG: Variable information:
> array(1) {
>   [0]=>
>   string(4) "lfbm"
> }
>
> Backtrace:
> 1. Horde_Alarm->notify() /usr/bin/horde-alarms:26
> 2. Horde_Alarm->listAlarms() /usr/share/php/Horde/Alarm.php:434
> 3. call_user_func() /usr/share/php/Horde/Alarm.php:113
> 4. Horde_Core_Factory_Alarm->load()
> 5. Horde_Registry->callAppMethod()  
> /usr/share/php/Horde/Core/Factory/Alarm.php:170
> 6. call_user_func_array() /usr/share/php/Horde/Registry.php:1192
> 7. Kronolith_Application->listAlarms()
> 8. Horde::debug() /var/www/horde/kronolith/lib/Application.php:504

More information about the bugs mailing list