* SoObjects/Appointments/SOGoAppointmentObject.m (_handleResourcesConflicts):
Deny access to resources if the resource's ACL don't allow the organizer to read its freebusy info. Without this, sogo would always auto-accept invitations from 'unprivileged' users, potentially bypassing the multiplebooking parameter. Monotone-Parent: 8ac367dca61f0a4a66df59c7c786dd0f5016050d Monotone-Revision: 1f2bd4b4727f3158ab77ca76322cd555967d326a Monotone-Author: jraby@inverse.ca Monotone-Date: 2012-05-15T14:36:52
This commit is contained in:
parent
5d149a53c7
commit
9b814bc58c
|
@ -1,3 +1,11 @@
|
||||||
|
2012-05-15 Jean Raby <jraby@inverse.ca>
|
||||||
|
|
||||||
|
* SoObjects/Appointments/SOGoAppointmentObject.m (_handleResourcesConflicts):
|
||||||
|
Deny access to resources if the resource's ACL don't allow the organizer
|
||||||
|
to read its freebusy info.
|
||||||
|
Without this, sogo would always auto-accept invitations from 'unprivileged'
|
||||||
|
users, potentially bypassing the multiplebooking parameter.
|
||||||
|
|
||||||
2012-05-14 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
2012-05-14 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||||
|
|
||||||
* UI/WebServerResources/UIxContactsUserFolders.js: folder ids are
|
* UI/WebServerResources/UIxContactsUserFolders.js: folder ids are
|
||||||
|
|
|
@ -67,4 +67,5 @@ vtodo_class2 = "(Confidential task)";
|
||||||
= "%{Attendee} %{SentByText}has not yet decided upon your event invitation.";
|
= "%{Attendee} %{SentByText}has not yet decided upon your event invitation.";
|
||||||
|
|
||||||
/* Resources */
|
/* Resources */
|
||||||
|
"Cannot access resource: \"%{Cn} %{SystemEmail}\"" = "Cannot access resource: \"%{Cn} %{SystemEmail}\"";
|
||||||
"Maximum number of simultaneous bookings (%{NumberOfSimultaneousBookings}) reached for resource \"%{Cn} %{SystemEmail}\". The conflicting event is \"%{EventTitle}\", and starts on %{StartDate}." = "Maximum number of simultaneous bookings (%{NumberOfSimultaneousBookings}) reached for resource \"%{Cn} %{SystemEmail}\". The conflicting event is \"%{EventTitle}\", and starts on %{StartDate}.";
|
"Maximum number of simultaneous bookings (%{NumberOfSimultaneousBookings}) reached for resource \"%{Cn} %{SystemEmail}\". The conflicting event is \"%{EventTitle}\", and starts on %{StartDate}." = "Maximum number of simultaneous bookings (%{NumberOfSimultaneousBookings}) reached for resource \"%{Cn} %{SystemEmail}\". The conflicting event is \"%{EventTitle}\", and starts on %{StartDate}.";
|
|
@ -67,4 +67,5 @@ vtodo_class2 = "(Tâche confidentielle)";
|
||||||
= "%{Attendee} %{SentByText}choisit de reporter sa décision par rapport à votre invitation.";
|
= "%{Attendee} %{SentByText}choisit de reporter sa décision par rapport à votre invitation.";
|
||||||
|
|
||||||
/* Resources */
|
/* Resources */
|
||||||
|
"Cannot access resource: \"%{Cn} %{SystemEmail}\"" = "Impossible d'accéder à la resource: \"%{Cn} %{SystemEmail}\"";
|
||||||
"Maximum number of simultaneous bookings (%{NumberOfSimultaneousBookings}) reached for resource \"%{Cn} %{SystemEmail}\"." = "Le nombre maximum (%{NumberOfSimultaneousBookings}) de réservation(s) simultanée(s) a été atteint pour la ressource \"%{Cn} %{SystemEmail}\".";
|
"Maximum number of simultaneous bookings (%{NumberOfSimultaneousBookings}) reached for resource \"%{Cn} %{SystemEmail}\"." = "Le nombre maximum (%{NumberOfSimultaneousBookings}) de réservation(s) simultanée(s) a été atteint pour la ressource \"%{Cn} %{SystemEmail}\".";
|
|
@ -467,6 +467,18 @@
|
||||||
folder = [[SOGoUser userWithLogin: currentUID]
|
folder = [[SOGoUser userWithLogin: currentUID]
|
||||||
personalCalendarFolderInContext: context];
|
personalCalendarFolderInContext: context];
|
||||||
|
|
||||||
|
// Deny access to the resource if the ACLs don't allow the user
|
||||||
|
if (![folder aclSQLListingFilter])
|
||||||
|
{
|
||||||
|
NSDictionary *values;
|
||||||
|
NSString *reason;
|
||||||
|
|
||||||
|
values = [NSDictionary dictionaryWithObjectsAndKeys:
|
||||||
|
[user cn], @"Cn",
|
||||||
|
[user systemEmail], @"SystemEmail"];
|
||||||
|
reason = [values keysWithFormat: [self labelForKey: @"Cannot access resource: \"%{Cn} %{SystemEmail}\""]];
|
||||||
|
return [NSException exceptionWithHTTPStatus:403 reason: reason];
|
||||||
|
}
|
||||||
|
|
||||||
fbInfo = [NSMutableArray arrayWithArray: [folder fetchFreeBusyInfosFrom: start
|
fbInfo = [NSMutableArray arrayWithArray: [folder fetchFreeBusyInfosFrom: start
|
||||||
to: end]];
|
to: end]];
|
||||||
|
|
Loading…
Reference in a new issue