merge of 'b5a68a922e7dfe7ff0ee88a40ce86bf257337314'
and 'c0ba6ea9411e86e50582cdd4036256776349b556' Monotone-Parent: b5a68a922e7dfe7ff0ee88a40ce86bf257337314 Monotone-Parent: c0ba6ea9411e86e50582cdd4036256776349b556 Monotone-Revision: 2c8266b41b53ae4ece560d6f611a57376986383a Monotone-Author: wsourdeau@inverse.ca Monotone-Date: 2009-08-18T17:37:04 Monotone-Branch: ca.inverse.sogo
This commit is contained in:
commit
b7e5eef86f
|
@ -1,3 +1,11 @@
|
|||
2009-08-18 Wolfgang Sourdeau <wsourdeau@inverse.ca>
|
||||
|
||||
* SoObjects/SOGo/SOGoGCSFolder.m
|
||||
(-initializeQuickTablesAclsInContext:): don't give the right to
|
||||
view everything to users who can delete objects. This may cause
|
||||
deletion from working from a web method, but everyone who uses
|
||||
such as configuration will probably use DAV instead.
|
||||
|
||||
2009-08-18 Francis Lachapelle <flachapelle@inverse.ca>
|
||||
|
||||
* UI/Scheduler/UIxCalendarProperties.m ([UIxCalendarProperties
|
||||
|
|
|
@ -1171,10 +1171,8 @@ static NSArray *childRecordFields = nil;
|
|||
/* we only grant "userCanAccessAllObjects" for role "ObjectEraser" and
|
||||
not "ObjectCreator" because the latter doesn't imply we can read
|
||||
properties from subobjects or even know their existence. */
|
||||
userCanAccessAllObjects = ([[self ownerInContext: localContext]
|
||||
isEqualToString: login]
|
||||
|| [[self aclsForUser: login]
|
||||
containsObject: SOGoRole_ObjectEraser]);
|
||||
userCanAccessAllObjects
|
||||
= [[self ownerInContext: localContext] isEqualToString: login];
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue