--- a/action/ajax.php Wed Jun 01 18:02:25 2016 +0200
+++ b/action/ajax.php Wed Jun 22 09:36:22 2016 +0200
@@ -48,19 +48,39 @@
$data['result'] = false;
$data['html'] = $this->getLang('unknown_error');
+ $acl = auth_quickaclcheck($id);
+ if($acl > AUTH_READ)
+ {
+ $write = true;
+ }
+ elseif($acl < AUTH_READ)
+ {
+ $data['result'] = false;
+ $data['html'] = $this->getLang('no_permission');
+ // Overwrite $action to bypass switch statement below
+ $action = 'invalid';
+ }
+ else
+ {
+ $write = false;
+ }
+
// Parse the requested action
switch($action)
{
// Add a new Contact
case 'newContact':
- if($this->hlp->addContactEntryToAddressbookForPage($id, $user, $params) === true)
+ if($write && ($this->hlp->addContactEntryToAddressbookForPage($id, $user, $params) === true))
{
$data['result'] = true;
}
else
{
$data['result'] = false;
- $data['html'] = $this->getLang('error_adding');
+ if(!$write)
+ $data['html'] = $this->getLang('no_permission');
+ else
+ $data['html'] = $this->getLang('error_adding');
}
break;
@@ -86,26 +106,32 @@
// Edit a contact
case 'editContact':
- if($this->hlp->editContactEntryToAddressbookForPage($id, $user, $params['uri'], $params) === true)
+ if($write && ($this->hlp->editContactEntryToAddressbookForPage($id, $user, $params['uri'], $params) === true))
{
$data['result'] = true;
}
else
{
$data['result'] = false;
- $data['html'] = $this->getLang('error_editing');
+ if(!$write)
+ $data['html'] = $this->getLang('no_permission');
+ else
+ $data['html'] = $this->getLang('error_editing');
}
break;
// Delete a Contact
case 'deleteContact':
- if($this->hlp->deleteContactEntryToAddressbookForPage($id, $user, $params['uri']) === true)
+ if($write && ($this->hlp->deleteContactEntryToAddressbookForPage($id, $user, $params['uri']) === true))
{
$data['result'] = true;
}
else
{
$data['result'] = false;
- $data['html'] = $this->getLang('error_deleting');
+ if(!$write)
+ $data['html'] = $this->getLang('no_permission');
+ else
+ $data['html'] = $this->getLang('error_deleting');
}
break;
// Get AJAX popup
--- a/helper.php Wed Jun 01 18:02:25 2016 +0200
+++ b/helper.php Wed Jun 22 09:36:22 2016 +0200
@@ -38,6 +38,7 @@
private function getContactByDetails($id, $type, $params = array())
{
+ $write = false;
if(strpos($id, 'webdav://') === 0)
{
$wdc =& plugin_load('helper', 'webdavclient');
@@ -52,9 +53,23 @@
return array('formattedname' => $this->getLang('wrong_type'), 'result' => false);
$entries = $wdc->getAddressbookEntries($connectionId);
+ $write = $settings['write'];
}
else
{
+ $acl = auth_quickaclcheck($id);
+ if($acl > AUTH_READ)
+ {
+ $write = true;
+ }
+ elseif($acl < AUTH_READ)
+ {
+ return array('formattedname' => $this->getLang('no_permission'), 'result' => false);
+ }
+ else
+ {
+ $write = false;
+ }
$addressbookid = $this->getAddressbookIdForPage($id);
$entries = $this->getAddressbookEntries($addressbookid);
}
@@ -76,7 +91,7 @@
|| $params['firstname'] === '')
{
// first name matched too or no first name given
- $info = $this->parseVcard($entry['contactdata'], $entry['uri']);
+ $info = $this->parseVcard($entry['contactdata'], $entry['uri'], $write);
return $info;
}
}
@@ -84,12 +99,12 @@
case 'formattedname':
if(trim(strtolower($entry['formattedname'])) == $params['formattedname'])
{
- $info = $this->parseVcard($entry['contactdata'], $entry['uri']);
+ $info = $this->parseVcard($entry['contactdata'], $entry['uri'], $write);
return $info;
}
break;
case 'email':
- $info = $this->parseVcard($entry['contactdata'], $entry['uri']);
+ $info = $this->parseVcard($entry['contactdata'], $entry['uri'], $write);
foreach($info['mail'] as $data)
{
if(trim(strtolower($data['mail'])) === $params['email'])
@@ -127,6 +142,7 @@
public function getContactByUri($id, $uri)
{
+ $write = false;
if(strpos($id, 'webdav://') === 0)
{
$wdc =& plugin_load('helper', 'webdavclient');
@@ -141,16 +157,30 @@
return array('formattedname' => $this->getLang('wrong_type'), 'result' => false);
$row = $wdc->getAddressbookEntryByUri($connectionId, $uri);
+ $write = $settings['write'];
}
else
{
+ $acl = auth_quickaclcheck($id);
+ if($acl > AUTH_READ)
+ {
+ $write = true;
+ }
+ elseif($acl < AUTH_READ)
+ {
+ return array('formattedname' => $this->getLang('no_permission'), 'result' => false);
+ }
+ else
+ {
+ $write = false;
+ }
$addressbookid = $this->getAddressbookIdForPage($id);
$row = $this->getAddressbookEntryByUri($addressbookid, $uri);
}
if($row === false)
return array('formattedname' => sprintf($this->getLang('contact_not_found'), 'ID='.$id.' URI='.$uri), 'result' => false);
- $info = $this->parseVcard($row['contactdata'], $row['uri']);
+ $info = $this->parseVcard($row['contactdata'], $row['uri'], $write);
$info['result'] = true;
return $info;
}
@@ -447,7 +477,7 @@
return false;
}
- public function parseVcard($card, $uri)
+ public function parseVcard($card, $uri, $write)
{
require_once(DOKU_PLUGIN.'davcard/vendor/autoload.php');
@@ -546,7 +576,8 @@
'note' => $note,
'title' => $title,
'url' => $url,
- 'result' => true
+ 'result' => true,
+ 'write' => $write
);
}
--- a/lang/en/lang.php Wed Jun 01 18:02:25 2016 +0200
+++ b/lang/en/lang.php Wed Jun 22 09:36:22 2016 +0200
@@ -15,6 +15,7 @@
$lang['error_editing'] = 'Error editing contact';
$lang['error_deleting'] = 'Error deleting contact';
$lang['invalid_options'] = 'invalid options given';
+$lang['no_permission'] = 'You do not have permission to read this address book';
$lang['telvoice'] = 'Voice';
$lang['telhome'] = 'Home';
$lang['telmsg'] = 'Message';
--- a/script.js Wed Jun 01 18:02:25 2016 +0200
+++ b/script.js Wed Jun 22 09:36:22 2016 +0200
@@ -50,7 +50,7 @@
function(e)
{
dw_davcard__modals.id = addressbookpage;
- dw_davcard__modals.showEditContactDialog(null, false);
+ dw_davcard__modals.showEditContactDialog(null, false, true);
e.preventDefault();
return '';
}
@@ -89,6 +89,7 @@
attachEditDialog : function($link) {
dw_davcard__modals.showLoadingDialog();
dw_davcard__modals.id = $link.data('davcardid');
+ var write = $link.data('write');
jQuery.post(
DOKU_BASE + 'lib/exe/ajax.php',
{
@@ -107,7 +108,7 @@
if(result === true)
{
dw_davcard__modals.hideLoadingDialog();
- dw_davcard__modals.showEditContactDialog(data['contactdata'], true);
+ dw_davcard__modals.showEditContactDialog(data['contactdata'], true, write);
}
else
{
@@ -119,7 +120,7 @@
);
},
- showEditContactDialog : function(entry, edit) {
+ showEditContactDialog : function(entry, edit, write) {
if(dw_davcard__modals.$editContactDialog)
return;
@@ -309,6 +310,12 @@
);
};
}
+ // Remove create/edit buttons if we are read only
+ if(!write)
+ {
+ delete dialogButtons['create'];
+ delete dialogButtons['edit'];
+ }
dialogButtons[LANG.plugins.davcard['cancel']] = function() {
dw_davcard__modals.hideEditContactDialog();
};
--- a/syntax/book.php Wed Jun 01 18:02:25 2016 +0200
+++ b/syntax/book.php Wed Jun 22 09:36:22 2016 +0200
@@ -121,16 +121,18 @@
global $ID;
if($format !== 'xhtml')
return false;
+
+ $R->doc .= '<div class="davcardAddressbookAddNew"><a href="#" class="davcardAddressbookAddNew">'.$this->getLang('add_new').'</a></div>';
- // FIXME: Check if the user has write permissions on the page!
-
- $R->doc .= '<div class="davcardAddressbookAddNew"><a href="#" class="davcardAddressbookAddNew">'.$this->getLang('add_new').'</a></div>';
+ // FIXME: Add new is not yet permission checked and does not support
+ // included address books!
$R->doc .= '<div id="davcardAddressbookList" data-addressbookpage="'.$ID.'">';
$R->doc .= '<table class="davcardAddressbookTable">';
$R->doc .= '<tr><th>'.$this->getLang('name').'</th><th>'.$this->getLang('address').'</th><th>'.$this->getLang('phone').'</th><th>'.$this->getLang('email').'</th></tr>';
foreach($data['id'] as $id)
{
+ $write = false;
if(strpos($id, 'webdav://') === 0)
{
$wdc =& plugin_load('helper', 'webdavclient');
@@ -153,16 +155,30 @@
continue;
}
$entries = $wdc->getAddressbookEntries($connectionId);
+ $write = $settings['write'];
}
else
{
+ $acl = auth_quickaclcheck($id);
+ if($acl > AUTH_READ)
+ {
+ $write = true;
+ }
+ elseif($acl < AUTH_READ)
+ {
+ continue;
+ }
+ else
+ {
+ $write = false;
+ }
$addressbookid = $this->hlp->getAddressbookIdForPage($id);
$entries = $this->hlp->getAddressbookEntries($addressbookid);
}
foreach($entries as $entry)
{
$contactdata = $this->hlp->parseVcard($entry['contactdata'], $entry['uri']);
- $R->doc .= '<tr><td><a href="#" class="plugin_davcard_edit_vcard" data-davcardid="'.$id.'" data-davcarduri="'.$entry['uri'].'">'.$entry['formattedname'].'</a></td><td>';
+ $R->doc .= '<tr><td><a href="#" class="plugin_davcard_edit_vcard" data-davcardid="'.$id.'" data-davcarduri="'.$entry['uri'].'" data-write="'.($write ? 'true' : 'false').'">'.$entry['formattedname'].'</a></td><td>';
if(count($contactdata['addr']) > 0)
{
$R->doc .= '<span class="adr">';
--- a/syntax/card.php Wed Jun 01 18:02:25 2016 +0200
+++ b/syntax/card.php Wed Jun 22 09:36:22 2016 +0200
@@ -147,7 +147,7 @@
}
$R->doc .= '<a class="url fn plugin_davcard_url" href="#" data-davcarduri="'
- .$contactdata['uri'].'" data-davcardid="'.$data['id'].'">'.$contactdata['formattedname'];
+ .$contactdata['uri'].'" data-davcardid="'.$data['id'].'" data-write="'.$contactdata['write'].'">'.$contactdata['formattedname'];
$R->doc .= '<span class="plugin_davcard_popup vcard">';
if(count($contactdata['addr']) > 0)
{