[horde] unable to reset permission bits for ActiveSync

Jens-U. Mozdzen jmozdzen at nde.ag
Wed Jan 23 00:15:49 UTC 2013 

Hi Mike, hi Jan,

Zitat von Michael J Rubinsky <mrubinsk at horde.org>:

> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>
>> Quoting "Jens-U. Mozdzen" <jmozdzen at nde.ag>:
>>
>>> Zitat von Jan Schneider <jan at horde.org>:
>>>> Zitat von Jens-Uwe Mozdzen <jmozdzen at nde.ag>:
>>>>> Hi *,
>>>>> [...]
>>>>
>>>> So you are basically saying that you cannot permanently unset  
>>>> permissions in the permissions interface? Cannot reproduce.
>>
>> I see this, at least on the Horde:ActiveSync pref.
>
> It seems to be a  problem with the 'boolean' form type.

thanks for looking into this.

I'm mostly guessing here, but it could be a (design) problem / inconsistency:

I have added a dummy user "someone" as authorized for ActiveSync  
(boolean/checkbox).

If I submit that form with the checkbox checked, the following is  
submitted to the PHP backend:
u_n[u]
u_v[jmozdzen]   on
u_v[someone]    on

When I unset the checkbox, the following is sent to the PHP backend:
u_n[u]
u_v[jmozdzen]   on

So there's no entry for the "someone" user, instead of setting it to  
"off". This may be by design, to automatically delete entries for  
unauthorized users, instead of setting the bool to "false".

The effective back-end, afaict, is in Horde/Core/Perms/Ui.php,  
Horde_Core_Perms_Ui::validateEditForm(). But I couldn't find any code  
to actually delete a permission there - only the values in u_v are  
considered (and u_n for new entries). Debug traces show that  
$this->_form->getInfo($this->_vars, $info) retrieves all current  
permissions, and the following code (case "not matrix") just handles  
those values reported by the web frontend - simply "jmozdzen" in the  
above case. So "someone" remains in the returned result set, unchanged.

The code in Horde/Perms/Permission.php,  
Horde_Perms_Permission::updatePermissions(), to diff between current  
permissions and those handed to updatePermissions(), then doesn't  
catch, since that input (assembled by validateEditForm()) contains  
*all current* values.

Hope this helps you guys.

Regards,
Jens

More information about the horde mailing list