oc-contacts: Add edit/delete own and Folder Contact/Owner sharing perm
By storing these custom MAPI roles in the ACL. An extension field called 'X-OPENCHANGE-CREATOR' is created in the vcard to validate the creator/owner of the contact in the shared folder.
This commit is contained in:
parent
dd32c659f6
commit
9d461d646f
|
@ -74,18 +74,34 @@
|
||||||
|
|
||||||
- (NSArray *) rolesForExchangeRights: (uint32_t) rights
|
- (NSArray *) rolesForExchangeRights: (uint32_t) rights
|
||||||
{
|
{
|
||||||
|
/* Limitations
|
||||||
|
|
||||||
|
Following rights are not supported by SOGo specifically:
|
||||||
|
|
||||||
|
- CreateSubfolders: No contacts subfolders
|
||||||
|
- FolderVisible: It is inferred by other rights when extracting
|
||||||
|
*/
|
||||||
NSMutableArray *roles;
|
NSMutableArray *roles;
|
||||||
|
|
||||||
roles = [NSMutableArray arrayWithCapacity: 6];
|
roles = [NSMutableArray arrayWithCapacity: 8];
|
||||||
if (rights & RightsCreateItems)
|
if (rights & RightsCreateItems)
|
||||||
[roles addObject: SOGoRole_ObjectCreator];
|
[roles addObject: SOGoRole_ObjectCreator];
|
||||||
if (rights & RightsDeleteAll)
|
if (rights & RightsDeleteAll)
|
||||||
[roles addObject: SOGoRole_ObjectEraser];
|
[roles addObject: SOGoRole_ObjectEraser];
|
||||||
|
if (rights & RightsDeleteOwn)
|
||||||
|
[roles addObject: MAPIStoreRightDeleteOwn];
|
||||||
if (rights & RightsEditAll)
|
if (rights & RightsEditAll)
|
||||||
[roles addObject: SOGoRole_ObjectEditor];
|
[roles addObject: SOGoRole_ObjectEditor];
|
||||||
|
if (rights & RightsEditOwn)
|
||||||
|
[roles addObject: MAPIStoreRightEditOwn];
|
||||||
if (rights & RightsReadItems)
|
if (rights & RightsReadItems)
|
||||||
[roles addObject: SOGoRole_ObjectViewer];
|
[roles addObject: SOGoRole_ObjectViewer];
|
||||||
|
|
||||||
|
if (rights & RightsFolderOwner)
|
||||||
|
[roles addObject: MAPIStoreRightFolderOwner];
|
||||||
|
if (rights & RightsFolderContact)
|
||||||
|
[roles addObject: MAPIStoreRightFolderContact];
|
||||||
|
|
||||||
return roles;
|
return roles;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,15 +111,28 @@
|
||||||
|
|
||||||
if ([roles containsObject: SOGoRole_ObjectCreator])
|
if ([roles containsObject: SOGoRole_ObjectCreator])
|
||||||
rights |= RightsCreateItems;
|
rights |= RightsCreateItems;
|
||||||
|
|
||||||
if ([roles containsObject: SOGoRole_ObjectEraser])
|
if ([roles containsObject: SOGoRole_ObjectEraser])
|
||||||
rights |= RightsDeleteAll | RightsDeleteOwn;
|
rights |= RightsDeleteAll | RightsDeleteOwn;
|
||||||
|
else if ([roles containsObject: MAPIStoreRightDeleteOwn])
|
||||||
|
rights |= RightsDeleteOwn;
|
||||||
|
|
||||||
if ([roles containsObject: SOGoRole_ObjectEditor])
|
if ([roles containsObject: SOGoRole_ObjectEditor])
|
||||||
rights |= RightsEditAll | RightsEditOwn;
|
rights |= RightsEditAll | RightsEditOwn;
|
||||||
|
else if ([roles containsObject: MAPIStoreRightEditOwn])
|
||||||
|
rights |= RightsEditOwn;
|
||||||
|
|
||||||
if ([roles containsObject: SOGoRole_ObjectViewer])
|
if ([roles containsObject: SOGoRole_ObjectViewer])
|
||||||
rights |= RightsReadItems;
|
rights |= RightsReadItems;
|
||||||
if (rights != 0)
|
if (rights != 0)
|
||||||
rights |= RoleNone; /* actually "folder visible" */
|
rights |= RoleNone; /* actually "folder visible" */
|
||||||
|
|
||||||
|
if ([roles containsObject: MAPIStoreRightFolderOwner])
|
||||||
|
rights |= RightsFolderOwner | RoleNone;
|
||||||
|
|
||||||
|
if ([roles containsObject: MAPIStoreRightFolderContact])
|
||||||
|
rights |= RightsFolderContact;
|
||||||
|
|
||||||
return rights;
|
return rights;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -31,9 +31,11 @@
|
||||||
#import <NGCards/NGVCardPhoto.h>
|
#import <NGCards/NGVCardPhoto.h>
|
||||||
#import <NGCards/NSArray+NGCards.h>
|
#import <NGCards/NSArray+NGCards.h>
|
||||||
#import <NGCards/NSString+NGCards.h>
|
#import <NGCards/NSString+NGCards.h>
|
||||||
|
#import <NGObjWeb/WOContext+SoObjects.h>
|
||||||
#import <Contacts/SOGoContactGCSEntry.h>
|
#import <Contacts/SOGoContactGCSEntry.h>
|
||||||
#import <Mailer/NSString+Mail.h>
|
#import <Mailer/NSString+Mail.h>
|
||||||
#import <SOGo/SOGoPermissions.h>
|
#import <SOGo/SOGoPermissions.h>
|
||||||
|
#import <SOGo/SOGoUser.h>
|
||||||
#import <SOGo/SOGoUserManager.h>
|
#import <SOGo/SOGoUserManager.h>
|
||||||
|
|
||||||
#import "MAPIStoreAttachment.h"
|
#import "MAPIStoreAttachment.h"
|
||||||
|
@ -1224,23 +1226,28 @@ enum { // [MS-OXOCNTC] 2.2.1.2.11
|
||||||
}
|
}
|
||||||
|
|
||||||
// ---------------------------------------------------------
|
// ---------------------------------------------------------
|
||||||
|
// Permissions
|
||||||
|
// ---------------------------------------------------------
|
||||||
|
|
||||||
|
- (NSString *) creator
|
||||||
|
{
|
||||||
|
return [[[sogoObject vCard] uniqueChildWithTag: @"x-openchange-creator"]
|
||||||
|
flattenedValuesForKey: @""];
|
||||||
|
}
|
||||||
|
|
||||||
|
- (NSString *) owner
|
||||||
|
{
|
||||||
|
return [self creator];
|
||||||
|
}
|
||||||
|
|
||||||
- (BOOL) subscriberCanReadMessage
|
- (BOOL) subscriberCanReadMessage
|
||||||
{
|
{
|
||||||
return [[self activeUserRoles] containsObject: SOGoRole_ObjectViewer];
|
return [[self activeUserRoles] containsObject: SOGoRole_ObjectViewer];
|
||||||
}
|
}
|
||||||
|
|
||||||
- (BOOL) subscriberCanModifyMessage
|
// ---------------------------------------------------------
|
||||||
{
|
// Save
|
||||||
NSArray *roles;
|
// ---------------------------------------------------------
|
||||||
|
|
||||||
roles = [self activeUserRoles];
|
|
||||||
|
|
||||||
return ((isNew
|
|
||||||
&& [roles containsObject: SOGoRole_ObjectCreator])
|
|
||||||
|| (!isNew && [roles containsObject: SOGoRole_ObjectEditor]));
|
|
||||||
}
|
|
||||||
|
|
||||||
- (void) saveDistList:(TALLOC_CTX *) memCtx
|
- (void) saveDistList:(TALLOC_CTX *) memCtx
|
||||||
{
|
{
|
||||||
[self warnWithFormat: @"IPM.DistList messages are ignored"];
|
[self warnWithFormat: @"IPM.DistList messages are ignored"];
|
||||||
|
@ -1584,6 +1591,14 @@ enum { // [MS-OXOCNTC] 2.2.1.2.11
|
||||||
if (value)
|
if (value)
|
||||||
[newCard setNote: value];
|
[newCard setNote: value];
|
||||||
|
|
||||||
|
/* Store the creator name for sharing purposes */
|
||||||
|
if (isNew)
|
||||||
|
{
|
||||||
|
value = [[[self context] activeUser] login];
|
||||||
|
[[newCard uniqueChildWithTag: @"x-openchange-creator"]
|
||||||
|
setSingleValue: value forKey: @""];
|
||||||
|
}
|
||||||
|
|
||||||
//
|
//
|
||||||
// we save the new/modified card
|
// we save the new/modified card
|
||||||
//
|
//
|
||||||
|
|
Loading…
Reference in a new issue