Monotone-Parent: 0c6806493b569c14269ce32c78f49e2d8d0bd053

Monotone-Revision: 45a909a97ed4304fcd6107fccb0e129e9db8d87a Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2010-06-02T16:42:49 Monotone-Branch: ca.inverse.sogo
2010-06-02 16:42:49 +00:00 · 2010-06-02 16:42:49 +00:00 · 0a09a045c5
parent 64a0aa3d9c
commit 0a09a045c5
3 changed files with 39 additions and 29 deletions
--- a/11
+++ b/11
@ -1,5 +1,16 @@
 2010-06-02  Wolfgang Sourdeau  <wsourdeau@inverse.ca>

+	* SoObjects/SOGo/SOGoUserFolder.m (_subFoldersFromFolder:):
+	thanks to the change below, the ACL checking code is no longer
+	needed here, where we can now concentrate on returning subfolders
+	metadata.
+
+	* SoObjects/SOGo/SOGoParentFolder.m
+	(_fetchPersonalFolders:withChannel:): if the active user is not
+	the owner of the current parent folder, subfolders are returned
+	only when he/she has permissions set on them even for the
+	"personal" subfolder.
+
 	* SoObjects/SOGo/SOGoGCSFolder.m (-aclsForUser:forObjectAtPath:):
 	extracted db code into a new "_realAclsForUser:forObjectAtPath:"
 	private method. When the "None" special role is returned, we
--- a/SoObjects/SOGo/SOGoParentFolder.m
+++ b/SoObjects/SOGo/SOGoParentFolder.m
@ -175,10 +175,12 @@ static SoSecurityManager *sm = nil;
 {
  NSArray *attrs;
  NSDictionary *row;
-  BOOL hasPersonal;
+  BOOL hasPersonal, ignoreRights;
  SOGoGCSFolder *folder;
-  NSString *key;
+  NSString *key, *login;
  NSException *error;
+  SOGoUser *currentUser;
+  SoSecurityManager *securityManager;

  if (!subFolderClass)
    subFolderClass = [[self class] subFolderClass];
@ -187,23 +189,33 @@ static SoSecurityManager *sm = nil;
  error = [fc evaluateExpressionX: sql];
  if (!error)
    {
+      currentUser = [context activeUser];
+      login = [currentUser login];
+      ignoreRights = (activeUserIsOwner || [login isEqualToString: owner]
+                      || [currentUser isSuperUser]);
+      if (!ignoreRights)
+        securityManager = [SoSecurityManager sharedSecurityManager];
+
      attrs = [fc describeResults: NO];
-      row = [fc fetchAttributes: attrs withZone: NULL];
-      while (row)
+      while ((row = [fc fetchAttributes: attrs withZone: NULL]))
 	{
 	  key = [row objectForKey: @"c_path4"];
 	  if ([key isKindOfClass: [NSString class]])
 	    {
 	      folder = [subFolderClass objectWithName: key inContainer: self];
-	      hasPersonal = (hasPersonal || [key isEqualToString: @"personal"]);
+	      hasPersonal = (hasPersonal
+                             || [key isEqualToString: @"personal"]);
 	      [folder setOCSPath: [NSString stringWithFormat: @"%@/%@",
 					    OCSPath, key]];
+              if (ignoreRights
+                  || ![securityManager validatePermission: SOGoPerm_AccessObject
+                                                 onObject: folder
+                                                inContext: context])
 	      [subFolders setObject: folder forKey: key];
 	    }
-	  row = [fc fetchAttributes: attrs withZone: NULL];
 	}

-      if (!hasPersonal)
+      if (ignoreRights && !hasPersonal)
 	[self _createPersonalFolder];
    }

@ -382,11 +394,6 @@ static SoSecurityManager *sm = nil;
  return error;
 }

- (NSArray *) fetchContentObjectNames
-{
-  return nil;
-}
-
 - (id) lookupName: (NSString *) name
        inContext: (WOContext *) lookupContext
          acquire: (BOOL) acquire
--- a/SoObjects/SOGo/SOGoUserFolder.m
+++ b/SoObjects/SOGo/SOGoUserFolder.m
@ -27,7 +27,6 @@

 #import <NGObjWeb/NSException+HTTP.h>
 #import <NGObjWeb/SoClassSecurityInfo.h>
-#import <NGObjWeb/SoSecurityManager.h>
 #import <NGObjWeb/WOApplication.h>
 #import <NGObjWeb/WOContext+SoObjects.h>
 #import <NGObjWeb/WORequest.h>
@ -148,35 +147,28 @@
  NSMutableArray *folders;
  NSEnumerator *subfolders;
  SOGoFolder *currentFolder;
-  NSString *folderName, *folderOwner;
+  NSString *folderName;
+  Class subfolderClass;
  NSMutableDictionary *currentDictionary;
-  SoSecurityManager *securityManager;
-
-  folderOwner = [parentFolder ownerInContext: context];
-  securityManager = [SoSecurityManager sharedSecurityManager];

  folders = [NSMutableArray array];

+  subfolderClass = [[parentFolder class] subFolderClass];
+
  subfolders = [[parentFolder subFolders] objectEnumerator];
  while ((currentFolder = [subfolders nextObject]))
    {
-      if (![securityManager validatePermission: SOGoPerm_AccessObject
-			    onObject: currentFolder inContext: context]
-	  && [[currentFolder ownerInContext: context]
-	       isEqualToString: folderOwner]
-	  && [NSStringFromClass([currentFolder class]) compare: @"SOGoWebAppointmentFolder"] != NSOrderedSame)
+      if ([currentFolder isMemberOfClass: subfolderClass])
 	{
 	  folderName = [NSString stringWithFormat: @"/%@/%@",
 				 [parentFolder nameInContainer],
 				 [currentFolder nameInContainer]];
-	  currentDictionary
-	    = [NSMutableDictionary dictionaryWithCapacity: 3];
+	  currentDictionary = [NSMutableDictionary dictionaryWithCapacity: 4];
 	  [currentDictionary setObject: [currentFolder displayName]
-			     forKey: @"displayName"];
+                                forKey: @"displayName"];
 	  [currentDictionary setObject: folderName forKey: @"name"];
-	  [currentDictionary setObject: folderOwner forKey: @"owner"];
 	  [currentDictionary setObject: [currentFolder folderType]
-			     forKey: @"type"];
+                                forKey: @"type"];
 	  [folders addObject: currentDictionary];
 	}
    }
@ -587,7 +579,7 @@

 /* WebDAV */

- (NSArray *) fetchContentObjectNames
+- (NSArray *) toOneRelationshipKeys
 {
  SOGoSystemDefaults *sd;
  SOGoUser *currentUser;