[turba] patch for readonly sources

Bo Daley bo at tilda.com.au
Mon Apr 7 18:11:02 PDT 2003 

hi all,

Someone here was confused that there were 'edit' and 'delete' links visible on
displayobject.php and browse.php for objects in readonly address books. I
checked this and Turba doesn't let users modify readonly objects but it does
display the links in a couple of places where it probably shouldn't.

Something like this oughtta remove them.

Index: Renderer.php
===================================================================
RCS file: /repository/turba/lib/Renderer.php,v
retrieving revision 1.6
diff -u -r1.6 Renderer.php
--- Renderer.php        27 Mar 2003 05:07:43 -0000      1.6
+++ Renderer.php        7 Apr 2003 07:20:58 -0000
@@ -36,8 +36,11 @@
 ?><table border="0" cellpadding="2" cellspacing="1" width="100%">
 <tr><td align="left" class="header"><b><?php echo $title ?></b></td>
 <?php
+global $cfgSources;
+$source = $cfgSources[$this->_object->source->name];
 if (!$this->_active &&
-    Turba::checkPermissions($this->_object, 'object', _PERMS_EDIT)) {
+    Turba::checkPermissions($this->_object, 'object', _PERMS_EDIT) &&
+    ((empty($source['readonly']) || (isset($source['admin']) &&
in_array(Auth::getAuth(), $source['admin']))))) {
     $url = Horde::addParameter('', 'source', $this->_object->source->name);
     $url = Horde::addParameter($url, 'key', $this->_object->getValue('__key'));
 ?>



Index: contactrow.inc
===================================================================
RCS file: /repository/turba/templates/browse/contactrow.inc,v
retrieving revision 1.19
diff -u -r1.19 contactrow.inc
--- contactrow.inc      10 Mar 2003 00:39:05 -0000      1.19
+++ contactrow.inc      7 Apr 2003 07:17:59 -0000
@@ -45,6 +45,8 @@
 }

 if ($ob->hasValue('__key')) {
+    global $cfgSources;
+    $source = $cfgSources[$ob->getSource()];
     if ($ob->isGroup()) {
         $url = 'browse.php';
     } else {
@@ -59,7 +61,7 @@

     $cell = Horde::link(Horde::applicationUrl($url), sprintf(_("View '%s'"),
$ob->getValue('name')));
     $cell .= $link_text . '</a>';
-    if (Turba::checkPermissions($ob, 'object', _PERMS_EDIT)) {
+    if ((Turba::checkPermissions($ob, 'object', _PERMS_EDIT)) &&
(empty($source['readonly']) || (isset($source['admin']) &&
in_array(Auth::getAuth(), $source['admin'])))) {
         $edit_url = Horde::addParameter('editobject.php', 'source',
$ob->getSource());
         $edit_url = Horde::addParameter($edit_url, 'key',
$ob->getValue('__key'));
         $edit_url = Horde::addParameter($edit_url, 'url', Horde::selfURL());


thanks,

bo.

More information about the turba mailing list