R56132 - in /trunk/egroupware/api/src: ./ Accounts/ CalDAV/ Contacts/ Etemplate/Widget/ Mail/ Vfs/Links/ Vfs/Sqlfs/

ralfbecker_sf 2016-05-11 19:23:14 UTC #1

Author: ralfbecker
New Revision: 56132

URL: http://svn.stylite.de/viewvc/egroupware?rev=56132&view=rev
Log:
using Acl::(ADD|READ|EDIT|DELETE|PRIVAT) constants instead old EGW_ACL_* defines and fix some namespace errors found by doc/check_namespace.php

Modified:
trunk/egroupware/api/src/Accounts/Ads.php
trunk/egroupware/api/src/Accounts/Sql.php
trunk/egroupware/api/src/Acl.php
trunk/egroupware/api/src/Auth.php
trunk/egroupware/api/src/CalDAV.php
trunk/egroupware/api/src/CalDAV/Handler.php
trunk/egroupware/api/src/CalDAV/Principals.php
trunk/egroupware/api/src/Categories.php
trunk/egroupware/api/src/Config.php
trunk/egroupware/api/src/Contacts.php
trunk/egroupware/api/src/Contacts/Storage.php
trunk/egroupware/api/src/DateTime.php
trunk/egroupware/api/src/Egw.php
trunk/egroupware/api/src/Etemplate/Widget/Taglist.php
trunk/egroupware/api/src/Link.php
trunk/egroupware/api/src/Mail/Account.php
trunk/egroupware/api/src/Mailer.php
trunk/egroupware/api/src/Session.php
trunk/egroupware/api/src/Vfs/Links/StreamWrapper.php
trunk/egroupware/api/src/Vfs/Sqlfs/StreamWrapper.php

Modified: trunk/egroupware/api/src/Accounts/Ads.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Accounts/Ads.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Accounts/Ads.php (original)
+++ trunk/egroupware/api/src/Accounts/Ads.php Wed May 11 21:23:14 2016
@@ -865,7 +865,7 @@
}
else // we need to run the unlimited query
{

  	$query = ldap::quote(strtolower($param['query']));

  	$query = Api\Ldap::quote(strtolower($param['query']));

  	$accounts = array();
  	if($param['type'] !== 'groups')

@@ -916,7 +916,7 @@
}
if ($param[‘type’] === ‘groups’ || $param[‘type’] === ‘both’)
{

  		$query = ldap::quote(strtolower($param['query']));

  		$query = Api\Ldap::quote(strtolower($param['query']));

  		$filter = null;
  		if(!empty($query) && $query != '*')

Modified: trunk/egroupware/api/src/Accounts/Sql.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Accounts/Sql.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Accounts/Sql.php (original)
+++ trunk/egroupware/api/src/Accounts/Sql.php Wed May 11 21:23:14 2016
@@ -201,7 +201,7 @@
if (!preg_match(’/^\{[a-z5]{3,5}\}.+/i’,$data[‘account_passwd’]) &&
!preg_match(’/^[0-9a-f]{32}$/’,$data[‘account_passwd’])) // md5 hash
{

  		$data['account_passwd'] = $GLOBALS['egw']->auth->encrypt_sql($data['account_passwd']);

  		$data['account_passwd'] = Api\Auth::encrypt_sql($data['account_passwd']);
  	}
  	$to_write['account_pwd'] = $data['account_passwd'];
  	$to_write['account_lastpwd_change'] = time();

Modified: trunk/egroupware/api/src/Acl.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Acl.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Acl.php (original)
+++ trunk/egroupware/api/src/Acl.php Wed May 11 21:23:14 2016
@@ -683,7 +683,7 @@
if (!$grantor) continue; // can happen if group has no members

					// Don't allow to override private with group ACL's!

```
  				$rights &= ~EGW_ACL_PRIVATE;
```

  				$rights &= ~self::PRIVAT;

  				if(!isset($grants[$grantor]))
  				{

Modified: trunk/egroupware/api/src/Auth.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Auth.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Auth.php (original)
+++ trunk/egroupware/api/src/Auth.php Wed May 11 21:23:14 2016
@@ -231,7 +231,7 @@
* @param string $old_passwd must be cleartext
* @param string $new_passwd must be cleartext
* @param int $account_id account id of user whose passwd should be changed

- @throws Exception\WrongUserinput if configured password strength is not meat

- @throws Exception\WrongUserInput if configured password strength is not meat
- @throws Exception from backends having extra requirements
- @return boolean true if password successful changed, false otherwise
  */
  @@ -239,7 +239,7 @@
  {
  if (($err = self::crackcheck($new_passwd,null,null,null,$account_id)))
  {

  	throw new Exception\WrongUserinput($err);

  	throw new Exception\WrongUserInput($err);
  }
  if (($ret = $this->backend->change_password($old_passwd, $new_passwd, $account_id)))
  {

@@ -256,7 +256,7 @@
// run changepwasswd hook
$GLOBALS[‘hook_values’] = array(
‘account_id’ => $account_id,

  		'account_lid' => accounts::id2name($account_id),

  		'account_lid' => Accounts::id2name($account_id),
  		'old_passwd'  => $old_passwd,
  		'new_passwd'  => $new_passwd,
  	);

Modified: trunk/egroupware/api/src/CalDAV.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/CalDAV.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/CalDAV.php (original)
+++ trunk/egroupware/api/src/CalDAV.php Wed May 11 21:23:14 2016
@@ -1278,7 +1278,7 @@
return $entry ? $entry : “404 Not found”;
}

  if (!Link::file_access($handler->app, $entry['id'], EGW_ACL_EDIT))

  if (!Link::file_access($handler->app, $entry['id'], Acl::EDIT))
  {
  	return '403 Forbidden';
  }

@@ -1386,7 +1386,7 @@
{
error_log(METHOD."(’$app’, $id, attach=".array2string($attach).", delete_via_put=".array2string($delete_via_put).’)’);

  if (!Link::file_access($app, $id, EGW_ACL_EDIT))

  if (!Link::file_access($app, $id, Acl::EDIT))
  {
  	error_log(__METHOD__."('$app', $id, ...) no rights to update attachments");
  	return;	// no rights --> nothing to do

@@ -1836,7 +1836,7 @@
$handler = self::app_handler($app);

	// TODO recursive locks on directories not supported yet

  if (!$id || !empty($options['depth']) || !$handler->check_access(EGW_ACL_EDIT,$id))

  if (!$id || !empty($options['depth']) || !$handler->check_access(Acl::EDIT,$id))
  {
  	return '409 Conflict';
  }

Modified: trunk/egroupware/api/src/CalDAV/Handler.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/CalDAV/Handler.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/CalDAV/Handler.php (original)
+++ trunk/egroupware/api/src/CalDAV/Handler.php Wed May 11 21:23:14 2016
@@ -58,9 +58,9 @@
* @var array
*/
var $method2acl = array(

```
  'GET' => EGW_ACL_READ,
```
```
  'PUT' => EGW_ACL_EDIT,
```
```
  'DELETE' => EGW_ACL_DELETE,
```

```
  'GET' => Api\Acl::READ,
```
```
  'PUT' => Api\Acl::EDIT,
```
```
  'DELETE' => Api\Acl::DELETE,
```
);
/**
- eGW application responsible for the handler
  @@ -212,7 +212,7 @@
  /**
- Check if user has the neccessary rights on an entry

- @param int $acl EGW_ACL_READ, EGW_ACL_EDIT or EGW_ACL_DELETE

- @param int $acl Api\Acl::READ, Api\Acl::EDIT or Api\Acl::DELETE
- @param array|int $entry entry-array or id
- @return boolean null if entry does not exist, false if no access, true if access permitted
  */
  @@ -291,7 +291,7 @@
  }
  $extra_acl = $this->method2acl[$method];
  if ($id && !($entry = $this->read($id, $options[‘path’])) && ($method != ‘PUT’ || $entry === false) ||

  	($extra_acl != EGW_ACL_READ && $this->check_access($extra_acl,$entry) === false))

  	($extra_acl != Api\Acl::READ && $this->check_access($extra_acl,$entry) === false))
  {
  	if ($return_no_access && !is_null($entry))
  	{

@@ -496,7 +496,7 @@
/**
* Get grants of current user and app
*

- @return array user-id => EGW_ACL_ADD|EGW_ACL_READ|EGW_ACL_EDIT|EGW_ACL_DELETE pairs

- @return array user-id => Api\Acl::ADD|Api\Acl::READ|Api\Acl::EDIT|Api\Acl::DELETE pairs
  */
  public function get_grants()
  {
  @@ -523,22 +523,22 @@
  }
  $priviledes = array(‘read-current-user-privilege-set’ => ‘read-current-user-privilege-set’);

  if (is_null($user) || $grants[$user] & EGW_ACL_READ)

  if (is_null($user) || $grants[$user] & Api\Acl::READ)
  {
  	$priviledes['read'] = 'read';
  	// allows on all calendars/addressbooks to write properties, as we store them on a per-user basis
  	// and only allow to modify explicit named properties in CalDAV, CardDAV or Calendarserver name-space
  	$priviledes['write-properties'] = 'write-properties';
  }

  if (is_null($user) || $grants[$user] & EGW_ACL_ADD)

  if (is_null($user) || $grants[$user] & Api\Acl::ADD)
  {
  	$priviledes['bind'] = 'bind';	// PUT for new resources
  }

  if (is_null($user) || $grants[$user] & EGW_ACL_EDIT)

  if (is_null($user) || $grants[$user] & Api\Acl::EDIT)
  {
  	$priviledes['write-content'] = 'write-content';	// otherwise iOS calendar does not allow to add events
  }

  if (is_null($user) || $grants[$user] & EGW_ACL_DELETE)

  if (is_null($user) || $grants[$user] & Api\Acl::DELETE)
  {
  	$priviledes['unbind'] = 'unbind';	// DELETE
  }

@@ -645,7 +645,7 @@
$privileges = array(‘read’, ‘read-current-user-privilege-set’);
if ($this->caldav->prop_requested(‘current-user-privilege-set’) === true && !isset($props[‘current-user-privilege-set’]))
{

  	if ($this->check_access(EGW_ACL_EDIT, $entry))

  	if ($this->check_access(Api\Acl::EDIT, $entry))
  	{
  		$privileges[] = 'write-content';
  	}

Modified: trunk/egroupware/api/src/CalDAV/Principals.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/CalDAV/Principals.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/CalDAV/Principals.php (original)
+++ trunk/egroupware/api/src/CalDAV/Principals.php Wed May 11 21:23:14 2016
@@ -921,7 +921,7 @@
{
$addressbooks[] = ‘/’;
}

  foreach(array_keys($GLOBALS['egw']->contacts->get_addressbooks(EGW_ACL_READ)) as $id)

  foreach(array_keys($GLOBALS['egw']->contacts->get_addressbooks(Api\Acl::READ)) as $id)
  {
  	if ((in_array('A',$addressbook_home_set) || in_array((string)$id,$addressbook_home_set)) &&
  		is_numeric($id) && ($owner = $this->accounts->id2name($id)))

@@ -1366,8 +1366,8 @@
case ‘users’:
case ‘groups’:
$account = $location = $this->accounts->name2id($account, ‘account_lid’, $account_type[0]);

  		$right = $what == 'write' ? EGW_ACL_EDIT : EGW_ACL_READ;

  		$mask = $what == 'write' ? EGW_ACL_EDIT : EGW_ACL_EDIT|EGW_ACL_READ;	// do NOT report write+read in read

  		$right = $what == 'write' ? Api\Acl::EDIT : Api\Acl::READ;

  		$mask = $what == 'write' ? Api\Acl::EDIT : Api\Acl::EDIT|Api\Acl::READ;	// do NOT report write+read in read
  		break;

  	case 'locations':

@@ -1522,13 +1522,13 @@
$set = array();
foreach($this->acl->get_grants($app, $app != ‘addressbook’, $account) as $account_id => $rights)
{

  	if ($account_id != $account && ($rights & EGW_ACL_READ) &&

  	if ($account_id != $account && ($rights & Api\Acl::READ) &&
  		($account_lid = $this->accounts->id2name($account_id)) &&
  		$this->accounts->visible($account_lid))	// only add visible accounts, gives error in iCal otherwise
  	{
  		$set[] = Api\CalDAV::mkprop('href', $this->base_uri.'/principals/'.
  			($account_id < 0 ? 'groups/' : 'users/').

  			$account_lid.'/'.$app.'-proxy-'.($rights & EGW_ACL_EDIT ? 'write' : 'read').'/');

  			$account_lid.'/'.$app.'-proxy-'.($rights & Api\Acl::EDIT ? 'write' : 'read').'/');
  	}
  }
  return $set;

@@ -1694,13 +1694,13 @@
/**
* Check if user has the neccessary rights on an entry
*

- @param int $acl EGW_ACL_READ, EGW_ACL_EDIT or EGW_ACL_DELETE

- @param int $acl Api\Acl::READ, Api\Acl::EDIT or Api\Acl::DELETE
- @param array|int $entry entry-array or id
- @return boolean null if entry does not exist, false if no access, true if access permitted
  */
  function check_access($acl,$entry)
  {

```
  if ($acl != EGW_ACL_READ)
```

  if ($acl != Api\Acl::READ)
  {
  	return false;
  }

Modified: trunk/egroupware/api/src/Categories.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Categories.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Categories.php (original)
+++ trunk/egroupware/api/src/Categories.php Wed May 11 21:23:14 2016
@@ -238,7 +238,7 @@
}

		// check for read permission

  	if(!$this->check_perms(EGW_ACL_READ, $cat, $globals === 'all_no_acl'))

  	if(!$this->check_perms(Acl::READ, $cat, $globals === 'all_no_acl'))
  	{
  		continue;
  	}

@@ -470,7 +470,7 @@
* Checks category permissions for a given list of commaseparated category ids
* and truncates it by the ones the user does not have the requested permission on
*

- @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}

- @param int $needed necessary ACL right: Acl::{READ|EDIT|DELETE}
- @param string $cat_list commaseparated list of category ids
- @return string truncated commaseparated list of category ids
  */
  @@ -487,7 +487,7 @@
  {
  foreach($cat_arr as $id=>$cat_id)
  {

  		if (!$this->check_perms($needed, $cat_id, false, $needed == EGW_ACL_READ))	// allow reading all global cats

  		if (!$this->check_perms($needed, $cat_id, false, $needed == Acl::READ))	// allow reading all global cats
  		{
  			unset($cat_arr[$id]);
  		}

@@ -503,7 +503,7 @@
*
* If the access of a category is set to private, one needs a private grant for the application
*

- @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}

- @param int $needed necessary ACL right: Acl::{READ|EDIT|DELETE}
- @param mixed $category category as array or the category_id
- @param boolean $no_acl_check =false if true, grants are NOT checked, gives access to all non-private categories of all users
- @param boolean $allow_global_read if true, global cats are allowed (independent of app) for reading
  @@ -525,7 +525,7 @@
  }
  
  // Read access to global categories

  if ($needed == EGW_ACL_READ && (($is_global=array_intersect(explode(',',$category['owner']),$this->global_owners)) ||

  if ($needed == Acl::READ && (($is_global=array_intersect(explode(',',$category['owner']),$this->global_owners)) ||
  	$no_acl_check && $category['access'] == 'public') &&	// no_acl_check only means public cats
  	($category['appname'] == self::GLOBAL_APPNAME || $category['appname'] == $this->app_name ||
  	$is_global && $allow_global_read))

@@ -558,7 +558,7 @@
foreach(explode(’,’,$category[‘owner’]) as $owner)
{
$owner_grant = $owner_grant || (($this->grants[$owner] & $needed) &&

  		($category['access'] == 'public' ||  ($this->grants[$owner] & EGW_ACL_PRIVATE)));

```
  		($category['access'] == 'public' ||  ($this->grants[$owner] & Acl::PRIVAT)));
  }
  return $acl_grant && $owner_grant;
```
}
@@ -704,7 +704,7 @@
if (isset($values[‘old_parent’]) && (int)$values[‘old_parent’] != (int)$values[‘parent’])
{
$ret = $this->check_consistency4update($values);

  	if ($ret !== true) throw new Exception\WrongUserinput($ret);

  	if ($ret !== true) throw new Exception\WrongUserInput($ret);
  	// everything seems in order -> proceed
  	$values['level'] = ($values['parent'] ? $this->id2name($values['parent'],'level')+1:0);
  	$this->adapt_level_in_subtree($values);

@@ -717,7 +717,7 @@
if ($values[‘parent’] > 0)
{
$ret = $this->check_consistency4update($values);

  		if ($ret !== true) throw new Exception\WrongUserinput($ret);

  		if ($ret !== true) throw new Exception\WrongUserInput($ret);

  		// everything seems in order -> proceed
  		$values['main']  = $this->id2name($values['parent'],'main');

@@ -1056,7 +1056,7 @@
static $cat2color = array();

	// ACL check

  $cats = $GLOBALS['egw']->categories->check_list(EGW_ACL_READ, $_cats);

  $cats = $GLOBALS['egw']->categories->check_list(Acl::READ, $_cats);

  if (!$cats) return null;

Modified: trunk/egroupware/api/src/Config.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Config.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Config.php (original)
+++ trunk/egroupware/api/src/Config.php Wed May 11 21:23:14 2016
@@ -66,7 +66,7 @@
/**
* reads the whole repository for $this->appname, appname has to be set via the constructor
*

- You can also use the static config::read($app) method, without instanciating the class.

- You can also use the static Config::read($app) method, without instanciating the class.
- @return array the whole config-array for that app
  */
  @@ -95,7 +95,7 @@
  if (!isset($this->config_data[$name])) // has been deleted
  {
  self::save_value($name, null, $this->appname, false);

  			//self::$db->delete(config::TABLE,array('config_app'=>$this->appname,'config_name'=>$name),__LINE__,__FILE__);

  			//self::$db->delete(self::TABLE,array('config_app'=>$this->appname,'config_name'=>$name),__LINE__,__FILE__);
  		}
  	}

@@ -126,9 +126,8 @@
{
if (!$app && (!isset($this) || !is_a($this,CLASS)))
{

  	throw new Exception\WrongParameter('$app parameter required for static call of config::save_value($name,$value,$app)!');

```
  }
```

  //echo "<p>config::save_value('$name','".print_r($value,True)."','$app')</p>\n";

  	throw new Exception\WrongParameter('$app parameter required for static call of Config::save_value($name,$value,$app)!');

  }
  if (!$app || isset($this) && is_a($this,__CLASS__) && $app == $this->appname)
  {
  	$app = $this->appname;

@@ -138,7 +137,7 @@
{
self::init_static();
}

  //echo "<p>config::save_value('$name','".print_r($value,True)."','$app')</p>\n";

  if (isset(self::$configs[$app][$name]) && self::$configs[$app][$name] === $value)
  {
  	return True;	// no change ==> exit

@@ -147,13 +146,13 @@
if (!isset($value) || $value === ‘’)
{
if (isset(self::$configs[$app])) unset(self::$configs[$app][$name]);

  	self::$db->delete(config::TABLE,array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);

  	self::$db->delete(self::TABLE,array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);
  }
  else
  {
  	self::$configs[$app][$name] = $value;
  	if(is_array($value)) $value = json_encode($value);

  	self::$db->insert(config::TABLE,array('config_value'=>$value),array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);

  	self::$db->insert(self::TABLE,array('config_value'=>$value),array('config_app'=>$app,'config_name'=>$name),__LINE__,__FILE__);
  }
  if ($update_cache)
  {

@@ -176,7 +175,7 @@
{
self::init_static();
}

  self::$db->delete(config::TABLE,array('config_app' => $this->appname),__LINE__,__FILE__);

  self::$db->delete(self::TABLE,array('config_app' => $this->appname),__LINE__,__FILE__);

  unset(self::$configs[$this->appname]);
  Cache::setInstance(__CLASS__, 'configs', self::$configs);

@@ -345,7 +344,7 @@
if (!(self::$configs = Cache::getInstance(CLASS, ‘configs’)) || !is_array(self::$configs[‘phpgwapi’]))
{
self::$configs = array();

  	foreach(self::$db->select(config::TABLE,'*',false,__LINE__,__FILE__) as $row)

  	foreach(self::$db->select(self::TABLE,'*',false,__LINE__,__FILE__) as $row)
  	{
  		self::$configs[$row['config_app']][$row['config_name']] = self::unserialize($row['config_value']);
  		//error_log(__METHOD__."() configs[$row[config_app]][$row[config_name]]=".array2string(self::$configs[$row['config_app']][$row['config_name']]));

Modified: trunk/egroupware/api/src/Contacts.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Contacts.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Contacts.php (original)
+++ trunk/egroupware/api/src/Contacts.php Wed May 11 21:23:14 2016
@@ -334,13 +334,13 @@
/**
* Get the availible addressbooks of the user
*

- @param int $required =EGW_ACL_READ required rights on the addressbook or multiple rights or’ed together,

- @param int $required =Acl::READ required rights on the addressbook or multiple rights or’ed together,
- to return only addressbooks fullfilling all the given rights
- @param string $extra_label first label if given (already translated)
- @param int $user =null account_id or null for current user
- @return array with owner => label pairs
  */

function get_addressbooks($required=EGW_ACL_READ,$extra_label=null,$user=null)

function get_addressbooks($required=Acl::READ,$extra_label=null,$user=null)
{
if (is_null($user))
{
@@ -371,11 +371,11 @@
asort($to_sort);
$addressbooks += $to_sort;
}

  if ($required != EGW_ACL_ADD &&	// do NOT allow to set accounts as default addressbook (AB can add accounts)

  if ($required != Acl::ADD &&	// do NOT allow to set accounts as default addressbook (AB can add accounts)
  	!$preferences['addressbook']['hide_accounts'] && (
  		($grants[0] & $required) == $required ||
  		$preferences['common']['account_selection'] == 'groupmembers' &&

  		$this->account_repository != 'ldap' && ($required & EGW_ACL_READ)))

  		$this->account_repository != 'ldap' && ($required & Acl::READ)))
  {
  	$addressbooks[0] = lang('Accounts');
  }

@@ -808,7 +808,7 @@
$id = is_array($c) ? $c[‘id’] : $c;

		$ok = false;

  	if ($this->check_perms(EGW_ACL_DELETE,$c,$deny_account_delete))

  	if ($this->check_perms(Acl::DELETE,$c,$deny_account_delete))
  	{
  		if (!($old = $this->read($id))) return false;
  		// check if we only mark contacts as deleted, or really delete them

@@ -895,7 +895,7 @@
{
$contact[‘private’] = 0;
}

  if(!$ignore_acl && !$this->check_perms($isUpdate ? EGW_ACL_EDIT : EGW_ACL_ADD,$contact))

  if(!$ignore_acl && !$this->check_perms($isUpdate ? Acl::EDIT : Acl::ADD,$contact))
  {
  	$this->error = 'access denied';
  	return false;

@@ -1087,7 +1087,7 @@
{
$data = null; // not found
}

  elseif (!$ignore_acl && !$this->check_perms(EGW_ACL_READ,$data))

  elseif (!$ignore_acl && !$this->check_perms(Acl::READ,$data))
  {
  	$data = false;	// no view perms
  }

@@ -1118,7 +1118,7 @@
* If the access of a contact is set to private, one need a private grant for a personal addressbook
* or the group membership for a group-addressbook
*

- @param int $needed necessary ACL right: EGW_ACL_{READ|EDIT|DELETE}

- @param int $needed necessary ACL right: Acl::{READ|EDIT|DELETE}
- @param mixed $contact contact as array or the contact-id
- @param boolean $deny_account_delete =false if true never allow to delete accounts
- @param int $user =null for which user to check, default current user
  @@ -1147,17 +1147,17 @@
  $owner = $contact[‘owner’];
  
  // allow the user to edit his own account

  if (!$owner && $needed == EGW_ACL_EDIT && $contact['account_id'] == $user && $this->own_account_acl)

  if (!$owner && $needed == Acl::EDIT && $contact['account_id'] == $user && $this->own_account_acl)
  {
  	$access = true;
  }
  // dont allow to delete own account (as admin handels it too)

  elseif (!$owner && $needed == EGW_ACL_DELETE && ($deny_account_delete || $contact['account_id'] == $user))

  elseif (!$owner && $needed == Acl::DELETE && ($deny_account_delete || $contact['account_id'] == $user))
  {
  	$access = false;
  }
  // for reading accounts (owner == 0) and account_selection == groupmembers, check if current user and contact are groupmembers

  elseif ($owner == 0 && $needed == EGW_ACL_READ &&

  elseif ($owner == 0 && $needed == Acl::READ &&
  	$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
  	!isset($GLOBALS['egw_info']['user']['apps']['admin']))
  {

@@ -1166,7 +1166,7 @@
else
{
$access = ($grants[$owner] & $needed) &&

  		(!$contact['private'] || ($grants[$owner] & EGW_ACL_PRIVATE) || in_array($owner,$memberships));

  		(!$contact['private'] || ($grants[$owner] & Acl::PRIVAT) || in_array($owner,$memberships));
  }
  //error_log(__METHOD__."($needed,$contact[id],$deny_account_delete,$user) returning ".array2string($access));
  return $access;

@@ -1176,7 +1176,7 @@
* Check access to the file store
*
* @param int|array $id id of entry or entry array

- @param int $check EGW_ACL_READ for read and EGW_ACL_EDIT for write or delete access

- @param int $check Acl::READ for read and Acl::EDIT for write or delete access
- @param string $rel_path =null currently not used in InfoLog
- @param int $user =null for which user to check, default current user
- @return boolean true if access is granted or false otherwise
  @@ -1410,7 +1410,7 @@
  }
  if ($fields)
  {

  		if (!$this->check_perms(EGW_ACL_EDIT,$member) || !$this->save($member))

  		if (!$this->check_perms(Acl::EDIT,$member) || !$this->save($member))
  		{
  			++$failed_members;
  		}

@@ -1765,7 +1765,7 @@
$target = $contacts[0];
unset($contacts[0]);
}

  if (!$this->check_perms(EGW_ACL_EDIT,$target))

  if (!$this->check_perms(Acl::EDIT,$target))
  {
  	echo $this->error = 'No edit permission for the target contact!';
  	return 0;

@@ -1809,7 +1809,7 @@
$success = 1;
foreach($contacts as $contact)
{

  	if (!$this->check_perms(EGW_ACL_DELETE,$contact))

  	if (!$this->check_perms(Acl::DELETE,$contact))
  	{
  		continue;
  	}

@@ -1875,7 +1875,7 @@
*/
function add_list($keys,$owner,$contacts=array(),array &$data=array())
{

  if (!$this->check_list(null,EGW_ACL_ADD|EGW_ACL_EDIT,$owner)) return false;

  if (!$this->check_list(null,Acl::ADD|Acl::EDIT,$owner)) return false;

  try {
  	$ret = parent::add_list($keys,$owner,$contacts,$data);

@@ -1899,7 +1899,7 @@
*/
function add2list($contact,$list,array $existing=null)
{

  if (!$this->check_list($list,EGW_ACL_EDIT)) return false;

  if (!$this->check_list($list,Acl::EDIT)) return false;

  unset(self::$list_cache[$list]);

@@ -1915,7 +1915,7 @@
*/
function remove_from_list($contact,$list=null)
{

  if ($list && !$this->check_list($list,EGW_ACL_EDIT)) return false;

  if ($list && !$this->check_list($list,Acl::EDIT)) return false;

  if ($list)
  {

@@ -1937,7 +1937,7 @@
*/
function delete_list($list)
{

  if (!$this->check_list($list,EGW_ACL_DELETE)) return false;

  if (!$this->check_list($list,Acl::DELETE)) return false;

  foreach((array)$list as $l)
  {

@@ -2050,7 +2050,7 @@
{
foreach ($old_categories as $cat_id)
{

  			if (!$this->categories->check_perms(EGW_ACL_READ, $cat_id))

  			if (!$this->categories->check_perms(Acl::READ, $cat_id))
  			{
  				$old_cats_preserve[] = $cat_id;
  			}

@@ -2108,7 +2108,7 @@
$cat_list = array();
foreach($cat_id_list as $cat_id)
{

  	if ($cat_id && $this->categories->check_perms(EGW_ACL_READ, $cat_id) &&

  	if ($cat_id && $this->categories->check_perms(Acl::READ, $cat_id) &&
  			($cat_name = $this->categories->id2name($cat_id)) && $cat_name != '--')
  	{
  		$cat_list[] = $cat_name;

Modified: trunk/egroupware/api/src/Contacts/Storage.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Contacts/Storage.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Contacts/Storage.php (original)
+++ trunk/egroupware/api/src/Contacts/Storage.php Wed May 11 21:23:14 2016
@@ -344,20 +344,20 @@
// ToDo: be more specific for ‘groupmembers’, they should be able to see the groupmembers
if (!in_array($preferences[‘common’][‘account_selection’], array(‘none’,‘groupmembers’)))
{

```
  		$grants[0] = EGW_ACL_READ;
```

  		$grants[0] = Api\Acl::READ;
  	}
  	// add account grants for admins (only for current user!)
  	if ($user == $this->user && $this->is_admin())	// admin rights can be limited by ACL!
  	{

  		$grants[0] = EGW_ACL_READ;	// admins always have read-access

  		if (!$GLOBALS['egw']->acl->check('account_access',16,'admin')) $grants[0] |= EGW_ACL_EDIT;

  		if (!$GLOBALS['egw']->acl->check('account_access',4,'admin'))  $grants[0] |= EGW_ACL_ADD;

  		if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= EGW_ACL_DELETE;

  		$grants[0] = Api\Acl::READ;	// admins always have read-access

  		if (!$GLOBALS['egw']->acl->check('account_access',16,'admin')) $grants[0] |= Api\Acl::EDIT;

  		if (!$GLOBALS['egw']->acl->check('account_access',4,'admin'))  $grants[0] |= Api\Acl::ADD;

  		if (!$GLOBALS['egw']->acl->check('account_access',32,'admin')) $grants[0] |= Api\Acl::DELETE;
  	}
  	// allow certain groups to edit contact-data of accounts
  	if (self::allow_account_edit($user))
  	{

  		$grants[0] |= EGW_ACL_READ|EGW_ACL_EDIT;

  		$grants[0] |= Api\Acl::READ|Api\Acl::EDIT;
  	}
  }
  else

@@ -985,12 +985,12 @@
/**
* Get the availible distribution lists for a user
*

- @param int $required =EGW_ACL_READ required rights on the list or multiple rights or’ed together,

- @param int $required =Api\Acl::READ required rights on the list or multiple rights or’ed together,
- to return only lists fullfilling all the given rights
- @param string $extra_labels =null first labels if given (already translated)
- @return array with id => label pairs or false if backend does not support lists
  */

function get_lists($required=EGW_ACL_READ,$extra_labels=null)

function get_lists($required=Api\Acl::READ,$extra_labels=null)
{
if (!method_exists($this->somain,‘get_lists’)) return false;

Modified: trunk/egroupware/api/src/DateTime.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/DateTime.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/DateTime.php (original)
+++ trunk/egroupware/api/src/DateTime.php Wed May 11 21:23:14 2016
@@ -556,7 +556,7 @@
self::$server_timezone = new DateTimeZone(‘Europe/Berlin’);
}
error_log(METHOD."() invalid server_timezone=’{$GLOBALS[‘egw_info’][‘server’][‘server_timezone’]}’ setting now ‘".self::$server_timezone->getName()."’!");

  	config::save_value('server_timezone',$GLOBALS['egw_info']['server']['server_timezone'] = self::$server_timezone->getName(),'phpgwapi');

  	Config::save_value('server_timezone',$GLOBALS['egw_info']['server']['server_timezone'] = self::$server_timezone->getName(),'phpgwapi');
  }
  if (!isset($GLOBALS['egw_info']['user']['preferences']['common']['tz']))
  {

Modified: trunk/egroupware/api/src/Egw.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Egw.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Egw.php (original)
+++ trunk/egroupware/api/src/Egw.php Wed May 11 21:23:14 2016
@@ -371,7 +371,7 @@
{
$GLOBALS[‘egw’]->session->destroy($sessionid);
}

  			throw new Exception\Redirect(egw::link('/logout.php'));

  			throw new Exception\Redirect(self::link('/logout.php'));
  		}
  		if ($currentapp == 'admin' || $GLOBALS['egw_info']['flags']['admin_only'])
  		{

Modified: trunk/egroupware/api/src/Etemplate/Widget/Taglist.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Etemplate/Widget/Taglist.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Etemplate/Widget/Taglist.php (original)
+++ trunk/egroupware/api/src/Etemplate/Widget/Taglist.php Wed May 11 21:23:14 2016
@@ -124,7 +124,7 @@
}
if($this->type == ‘taglist-email’ && $this->attrs[‘include_lists’] && is_numeric($val))
{

  			$lists = $GLOBALS['egw']->contacts->get_lists(EGW_ACL_READ);

  			$lists = $GLOBALS['egw']->contacts->get_lists(Api\Acl::READ);
  			if(!array_key_exists($val, $lists))
  			{
  				self::set_validation_error($form_name,lang("'%1' is NOT allowed ('%2')!",$val,implode("','",array_keys($lists))),'');

Modified: trunk/egroupware/api/src/Link.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Link.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Link.php (original)
+++ trunk/egroupware/api/src/Link.php Wed May 11 21:23:14 2016
@@ -1581,7 +1581,7 @@
* @param string $app
* @param int|string $id
* @param string $title title string or null

- @param int $file_access =null EGW_ACL_READ, EGW_ACL_EDIT or both or’ed together

- @param int $file_access =null Acl::READ, Acl::EDIT or both or’ed together
  */
  public static function set_cache($app,$id,$title,$file_access=null)
  {
  @@ -1682,12 +1682,12 @@
- @ToDo $rel_path is not yet implemented, as no app use it currently
- @param string $app
- @param string|int $id id of entry

- @param int $required =EGW_ACL_READ EGW_ACL_{READ|EDIT}

- @param int $required =Acl::READ Acl::{READ|EDIT}
- @param string $rel_path =null
- @param int $user =null default null = current user
- @return boolean true if access granted, false otherwise
  */

static function file_access($app,$id,$required=EGW_ACL_READ,$rel_path=null,$user=null)

static function file_access($app,$id,$required=Acl::READ,$rel_path=null,$user=null)
{
// are we called for an other user
if ($user && $user != $GLOBALS[‘egw_info’][‘user’][‘account_id’])
@@ -1709,15 +1709,15 @@
```
$cache =& self::get_cache($app,$id,'file_access');
```

  if (!isset($cache) || $required == EGW_ACL_EDIT && !($cache & $required))

  if (!isset($cache) || $required == Acl::EDIT && !($cache & $required))
  {
  	if(($method = self::get_registry($app,'file_access')))
  	{

  		$cache |= ExecMethod2($method,$id,$required,$rel_path) ? $required|EGW_ACL_READ : 0;

  		$cache |= ExecMethod2($method,$id,$required,$rel_path) ? $required|Acl::READ : 0;
  	}
  	else
  	{

  		$cache |= self::title($app,$id) ? EGW_ACL_READ|EGW_ACL_EDIT : 0;

  		$cache |= self::title($app,$id) ? Acl::READ|Acl::EDIT : 0;
  	}
  	//error_log(__METHOD__."($app,$id,$required,$rel_path) got $cache --> ".($cache & $required ? 'true' : 'false'));
  }

Modified: trunk/egroupware/api/src/Mail/Account.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Mail/Account.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Mail/Account.php (original)
+++ trunk/egroupware/api/src/Mail/Account.php Wed May 11 21:23:14 2016
@@ -892,7 +892,7 @@
/**
* Check which rights current user has on mail-account
*

- @param int $rights EGW_ACL_(READ|EDIT|DELETE)

- @param int $rights Api\Acl::(READ|EDIT|DELETE)
- @param array|Account $account account array or object
- @return boolean
  */
  @@ -920,12 +920,12 @@
  {
  switch($rights)
  {

```
  			case EGW_ACL_READ:
```

  			case Api\Acl::READ:
  				$access = true;
  				break;

```
  			case EGW_ACL_EDIT:
```
```
  			case EGW_ACL_DELETE:
```

```
  			case Api\Acl::EDIT:
```

  			case Api\Acl::DELETE:
  				// users have only edit/delete rights on accounts marked as user-editable AND belonging to them personally
  				if (!$account['acc_user_editable'])
  				{

Modified: trunk/egroupware/api/src/Mailer.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Mailer.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Mailer.php (original)
+++ trunk/egroupware/api/src/Mailer.php Wed May 11 21:23:14 2016
@@ -541,7 +541,7 @@
if (!isset($flowed)) $flowed = $this->_body && $this->_body->getType() != ‘multipart/encrypted’;

		// check if flowed is disabled in mail site configuration

  	if (($config = config::read('mail')) && $config['disable_rfc3676_flowed'])

  	if (($config = Config::read('mail')) && $config['disable_rfc3676_flowed'])
  	{
  		$flowed = false;
  	}

Modified: trunk/egroupware/api/src/Session.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Session.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Session.php (original)
+++ trunk/egroupware/api/src/Session.php Wed May 11 21:23:14 2016
@@ -937,7 +937,7 @@
$this->account_id = $GLOBALS[‘egw’]->accounts->name2id($this->account_lid,‘account_lid’,‘u’);
if (!$this->account_id)
{

  	if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) !accounts::name2id('$this->account_lid')");

  	if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) !accounts::name2id('$this->account_lid')");
  	return false;
  }

@@ -955,7 +955,7 @@

	if ($GLOBALS['egw']->accounts->is_expired($GLOBALS['egw_info']['user']))
	{

  	if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) accounts is expired");

  	if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) accounts is expired");
  	return false;
  }
  $this->passwd = base64_decode(Cache::getSession('phpgwapi', 'password'));

@@ -966,7 +966,7 @@
}
if ($this->account_domain != $GLOBALS[‘egw_info’][‘user’][‘domain’])
{

  	if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) wrong domain");

  	if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) wrong domain");
  	return false;
  }

@@ -975,7 +975,7 @@
if (strtoupper(substr(PHP_OS,0,3)) != ‘WIN’ && (!$GLOBALS[‘egw_info’][‘user’][‘session_ip’] ||
$GLOBALS[‘egw_info’][‘user’][‘session_ip’] != $this->getuser_ip()))
{

  		if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) wrong IP");

  		if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) wrong IP");
  		return false;
  	}
  }

@@ -988,7 +988,7 @@
}
if (!$this->account_lid)
{

  	if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) !account_lid");

  	if (self::ERROR_LOG_DEBUG) error_log("*** Session::verify($sessionid) !account_lid");
  	return false;
  }

@@ -1007,13 +1007,13 @@
$_REQUEST[self::EGW_SESSION_NAME] === $this->sessionid &&
(!isset($_COOKIE[self::EGW_SESSION_NAME]) || $_COOKIE[self::EGW_SESSION_NAME] !== $_REQUEST[self::EGW_SESSION_NAME]))
{

  	if (self::ERROR_LOG_DEBUG) error_log("--> session::verify($sessionid) SUCCESS, but NO required cookies set --> setting them now");

  	if (self::ERROR_LOG_DEBUG) error_log("--> Session::verify($sessionid) SUCCESS, but NO required cookies set --> setting them now");
  	self::egw_setcookie(self::EGW_SESSION_NAME,$this->sessionid);
  	self::egw_setcookie('kp3',$this->kp3);
  	self::egw_setcookie('domain',$this->account_domain);
  }

  if (self::ERROR_LOG_DEBUG) error_log("--> session::verify($sessionid) SUCCESS");

  if (self::ERROR_LOG_DEBUG) error_log("--> Session::verify($sessionid) SUCCESS");

  return true;

}

Modified: trunk/egroupware/api/src/Vfs/Links/StreamWrapper.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Vfs/Links/StreamWrapper.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Vfs/Links/StreamWrapper.php (original)
+++ trunk/egroupware/api/src/Vfs/Links/StreamWrapper.php Wed May 11 21:23:14 2016
@@ -111,8 +111,8 @@
// which gives him then read AND write access to the file store of the entry
else
{

  	// vfs & stream-wrapper use posix rights, Api\Link::file_access uses EGW_ACL_{EDIT|READ}!

  	$required = $check & Vfs::WRITABLE ? EGW_ACL_EDIT : EGW_ACL_READ;

  	// vfs & stream-wrapper use posix rights, Api\Link::file_access uses Api\Acl::{EDIT|READ}!

  	$required = $check & Vfs::WRITABLE ? Api\Acl::EDIT : Api\Acl::READ;
  	$access = Api\Link::file_access($app,$id,$required,$rel_path,Vfs::$user);
  	$what = "from Api\Link::file_access('$app',$id,$required,'$rel_path,".Vfs::$user.")";
  }

Modified: trunk/egroupware/api/src/Vfs/Sqlfs/StreamWrapper.php
URL: http://svn.stylite.de/viewvc/egroupware/trunk/egroupware/api/src/Vfs/Sqlfs/StreamWrapper.php?rev=56132&r1=56131&r2=56132&view=diff

— trunk/egroupware/api/src/Vfs/Sqlfs/StreamWrapper.php (original)
+++ trunk/egroupware/api/src/Vfs/Sqlfs/StreamWrapper.php Wed May 11 21:23:14 2016
@@ -1855,7 +1855,7 @@
{
return false;
}

  if (!Vfs::check_access($path,EGW_ACL_EDIT,$stat))

  if (!Vfs::check_access($path,Api\Acl::EDIT,$stat))
  {
  	return false;	// permission denied
  }

Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j

eGroupWare-cvs mailing list
eGroupWare-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-cvs