Fix ACLs management of folders in Administration
The active (super) user was not able to add herself to the ACLs of a different user because we were removing the active user from the users search instead of removing the folder's owner.pull/228/head
Francis Lachapelle
parent
e997923c31
commit
0d95267fe5
6
NEWS
6
NEWS
|
|
@ -1,3 +1,9 @@
|
|||
3.2.5 (2016-12-DD)
|
||||
------------------
|
||||
|
||||
Bug fixes
|
||||
- [web] fixed confusion between owner and active user in ACLs management of Administration module
|
||||
|
||||
3.2.4 (2016-12-01)
|
||||
------------------
|
||||
|
||||
|
|
|
|||
|
|
@ -535,14 +535,14 @@
|
|||
{
|
||||
NSString *uid;
|
||||
NSDictionary *contact;
|
||||
NSString *contactInfo, *login;
|
||||
NSString *contactInfo, *owner;
|
||||
NSMutableArray *jsonResponse;
|
||||
NSMutableDictionary *jsonLine;
|
||||
NSArray *allUsers;
|
||||
int count, max;
|
||||
BOOL activeUserIsInDomain;
|
||||
|
||||
login = [[context activeUser] login];
|
||||
owner = [[self clientObject] ownerInContext: context];
|
||||
activeUserIsInDomain = ([domain length] == 0 || [[[context activeUser] domain] isEqualToString: domain]);
|
||||
|
||||
// We sort our array - this is pretty useful for the Web
|
||||
|
|
@ -556,8 +556,8 @@
|
|||
contact = [allUsers objectAtIndex: count];
|
||||
uid = [contact objectForKey: @"c_uid"];
|
||||
|
||||
// We do NOT return the current authenticated user
|
||||
if (!activeUserIsInDomain || ![uid isEqualToString: login])
|
||||
// We do NOT return the owner from which the search is performed
|
||||
if (!activeUserIsInDomain || ![uid isEqualToString: owner])
|
||||
{
|
||||
jsonLine = [NSMutableDictionary dictionary];
|
||||
if ([domain length])
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@
|
|||
}
|
||||
|
||||
function userFilter($query) {
|
||||
return User.$filter($query, stateFolder.$acl.users, { dry: true });
|
||||
return User.$filter($query, stateFolder.$acl.users, { dry: true, uid: vm.user.uid });
|
||||
}
|
||||
|
||||
function removeUser(user) {
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@
|
|||
* @return a promise of an array of matching User objects
|
||||
*/
|
||||
User.$filter = function(search, excludedUsers, options) {
|
||||
var _this = this, param = {search: search};
|
||||
var _this = this, resource = User.$$resource, param = {search: search};
|
||||
|
||||
if (!options || !options.dry) {
|
||||
if (!search) {
|
||||
|
|
@ -57,8 +57,11 @@
|
|||
}
|
||||
User.$query = search;
|
||||
}
|
||||
else if (options && options.uid) {
|
||||
resource = User.$$resource.userResource(options.uid);
|
||||
}
|
||||
|
||||
return User.$$resource.fetch(null, 'usersSearch', param).then(function(response) {
|
||||
return resource.fetch(null, 'usersSearch', param).then(function(response) {
|
||||
var results, index, user, users,
|
||||
compareUids = function(data) {
|
||||
return this.uid == data.uid;
|
||||
|
|
|
|||
Loading…
Reference in New Issue