[dev] Re: Shares bug with group permissions?

Rob Lineweaver rlineweaver at harrisonburg.k12.va.us
Thu Jul 24 07:27:40 PDT 2003 

Greetings,

Here is a little more information on this problem.  After creating some groups
(say "Group1", "Group2") and giving the groups permissions on a shared
calendar, my horde_categories_attributes table has some rows such as:

category_id:  11 (this is the shared calendar category ID)
attribute_name: perm_groups
attribute_key:  Group1
attribute_value: 30

All is well and good until the function listShares() in horde/lib/Shares.php
tries to find out what shares are available to a user.  When it comes to group
shares, it finds a list of groups the user belongs to (this is around line
308), and then constructs a query clause for the group permissions, which looks
something like:

.. OR (attribute_name = 'perm_groups' AND attribute_key IN (13, 18) ...

here, 13 and 18 are the category_id numbers for Group1 and Group2.  But since
the group perms are stored by the group's category_name (not category_id), it
actually needs to look like:

.. OR (attribute_name = 'perm_groups' AND attribute_key IN ('Group1', 'Group2')
..

The patch I sent yesterday (again pasted below) does this.  However, you can see
that the group names must be quoted in the SQL query.  The patch inserts single
quotes which works with MySQL but may not be appropriate for other backends. 
Can anyone suggest a backend-agnostic way of applying the proper quoting to the
string of group names that is accessible from listShares() in Share.php?  Or
should it be done somewhere/how else?

I suppose another possibility would be to change the clause to read like:

.. OR (attribute_name = 'perm_groups' AND (attribute_key = 'Group1' OR
attribute_key = 'Group2')) ...

I think if it were constructed that way, the Horde backend drivers would
automatically quote the strings.  Would that be an easier way to handle it? 
The SQL is not as pretty but it should work.

Thanks,

Rob Lineweaver
Network Administrator
Harrisonburg City Public Schools


--------------

--- lib/Share.php-orig  2003-07-23 21:29:22.000000000 -0400
+++ lib/Share.php       2003-07-23 20:16:48.000000000 -0400
@@ -311,7 +311,7 @@
                         $criteria['OR'][] = array(
                             'AND' => array(
                                 array('field' => 'name', 'op' => '=', 'test' =>
'perm_groups'),
-                                array('field' => 'key', 'op' => 'IN', 'test' =>
'(' . implode(', ', array_keys($groups)) . ')'),
+                                array('field' => 'key', 'op' => 'IN', 'test' =>
'(\'' . implode('\', \'', array_values($groups)) . '\')'),
                                 array('field' => 'value', 'op' => '&', 'test'
=> $perm)));
                     }
                 }

More information about the dev mailing list