[turba] Issue with administrator being able to edit address book entry

tom burkart turba at aussec.com
Sun Jul 6 20:51:11 PDT 2003


I did report this issue before and had no reply...

In turba/lib/Source.php when the object is created the read only flag gets
set to read-write if (1) the source is read-write and (2) the current user
is an administrator.

In turba/lib/AbstractObject.php the isEditable() function then checks
whether (1) the object is readable and (2) the owner is the current user.
I really would like this to include the administrators (as I have
instances of more than one).

How can I modify the code to make this change?  The difficulty here is
that the object has no reference as to which source it came from and so
has no way of doing the comparison easily.  The only thing I can think of
at the moment is to add another variable to the object to say that this
user has admin privs - is this the smart way to do it?  What else does
this break?

tom.



More information about the turba mailing list