[horde] unable to reset permission bits for ActiveSync
Jens-U. Mozdzen
jmozdzen at nde.ag
Wed Jan 23 00:15:49 UTC 2013
Hi Mike, hi Jan,
Zitat von Michael J Rubinsky <mrubinsk at horde.org>:
> Quoting Michael J Rubinsky <mrubinsk at horde.org>:
>
>> Quoting "Jens-U. Mozdzen" <jmozdzen at nde.ag>:
>>
>>> Zitat von Jan Schneider <jan at horde.org>:
>>>> Zitat von Jens-Uwe Mozdzen <jmozdzen at nde.ag>:
>>>>> Hi *,
>>>>> [...]
>>>>
>>>> So you are basically saying that you cannot permanently unset
>>>> permissions in the permissions interface? Cannot reproduce.
>>
>> I see this, at least on the Horde:ActiveSync pref.
>
> It seems to be a problem with the 'boolean' form type.
thanks for looking into this.
I'm mostly guessing here, but it could be a (design) problem / inconsistency:
I have added a dummy user "someone" as authorized for ActiveSync
(boolean/checkbox).
If I submit that form with the checkbox checked, the following is
submitted to the PHP backend:
u_n[u]
u_v[jmozdzen] on
u_v[someone] on
When I unset the checkbox, the following is sent to the PHP backend:
u_n[u]
u_v[jmozdzen] on
So there's no entry for the "someone" user, instead of setting it to
"off". This may be by design, to automatically delete entries for
unauthorized users, instead of setting the bool to "false".
The effective back-end, afaict, is in Horde/Core/Perms/Ui.php,
Horde_Core_Perms_Ui::validateEditForm(). But I couldn't find any code
to actually delete a permission there - only the values in u_v are
considered (and u_n for new entries). Debug traces show that
$this->_form->getInfo($this->_vars, $info) retrieves all current
permissions, and the following code (case "not matrix") just handles
those values reported by the web frontend - simply "jmozdzen" in the
above case. So "someone" remains in the returned result set, unchanged.
The code in Horde/Perms/Permission.php,
Horde_Perms_Permission::updatePermissions(), to diff between current
permissions and those handed to updatePermissions(), then doesn't
catch, since that input (assembled by validateEditForm()) contains
*all current* values.
Hope this helps you guys.
Regards,
Jens
More information about the horde
mailing list