Index: openacs-4/packages/contacts/contacts.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/contacts/contacts.info,v
diff -u -r1.76 -r1.77
--- openacs-4/packages/contacts/contacts.info 2 Jun 2006 09:18:30 -0000 1.76
+++ openacs-4/packages/contacts/contacts.info 5 Jun 2006 08:13:27 -0000 1.77
@@ -7,14 +7,14 @@
f
f
-
+
Matthew Geddert
This application lets you collaboratively view, edit and categorize contacts.
- 2006-06-02
+ 2006-06-05
Contacts is an application for managing all those people and or organization you need to keep track of. It has a complete UI for storing and categorizing contacts. Each contact can have an arbitrary number of custom attributes associated with it, including other contacts (i.e. a certain contact "belongs" to a certain organization). It also functions as a service contract provider for attributes related to users in your system
0
-
+
@@ -26,8 +26,8 @@
-
+
@@ -79,6 +79,7 @@
+
Index: openacs-4/packages/contacts/catalog/contacts.en_US.ISO-8859-1.xml
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/contacts/catalog/contacts.en_US.ISO-8859-1.xml,v
diff -u -r1.83 -r1.84
--- openacs-4/packages/contacts/catalog/contacts.en_US.ISO-8859-1.xml 2 Jun 2006 09:18:30 -0000 1.83
+++ openacs-4/packages/contacts/catalog/contacts.en_US.ISO-8859-1.xml 5 Jun 2006 08:13:28 -0000 1.84
@@ -285,6 +285,7 @@
%attribute_pretty% zip/postal does not start with: <strong>%value%</strong>
<br><br>save this search as
Bulk update the selected contacts
+ You do not have permission to view other users searches
commented on in last ->
%comments.pretty_date% at %comments.pretty_time% -
Contact Administration
@@ -510,6 +511,7 @@
People or Organizations
people or organizations
Percent:
+ Permission Denied
Permissions
Permissions for default group
Person
Index: openacs-4/packages/contacts/tcl/contact-search-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/contacts/tcl/contact-search-procs.tcl,v
diff -u -r1.30 -r1.31
--- openacs-4/packages/contacts/tcl/contact-search-procs.tcl 19 May 2006 18:36:56 -0000 1.30
+++ openacs-4/packages/contacts/tcl/contact-search-procs.tcl 5 Jun 2006 08:13:28 -0000 1.31
@@ -50,6 +50,30 @@
return [db_string select_title {} -default {}]
}
+
+ad_proc -public contact::search::permitted {
+ {-search_id:required}
+ {-user_id ""}
+} {
+} {
+ if { $search_id ne "" } {
+ if { [db_0or1row select_search_info {}] } {
+ if { $user_id eq "" } {
+ set user_id [ad_conn user_id]
+ }
+ if { ![acs_user::site_wide_admin_p -user_id $user_id] && $owner_id ne $user_id && $owner_id ne $package_id } {
+ # the user is not site wide admin
+ # the user does not own the search
+ if { ![parameter::get -boolean -parameter "ViewOthersSearchesP" -default "0" -package_id $package_id] } {
+ ns_log notice "contact::search::permitted: user $user_id does not have permission to search_id $search_id (package $package_id owner $owner_id)"
+ ad_return_forbidden [_ contacts.Permission_Denied] "[_ contacts.lt_Cannot_view_others_searches]
"
+ ad_script_abort
+ }
+ }
+ }
+ }
+}
+
ad_proc -public contact::search::get {
-search_id:required
-array:required
@@ -408,7 +432,6 @@
}
}
-
ad_proc -public contact::search::query_clause {
{-and:boolean}
{-query ""}
@@ -525,6 +548,7 @@
{-limit_type_p "1"}
} {
} {
+ contact::search::permitted -search_id $search_id
if { $and_p } {
return [util_memoize [list ::contact::search::where_clause_not_cached \
-search_id $search_id \
Index: openacs-4/packages/contacts/tcl/contact-search-procs.xql
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/contacts/tcl/contact-search-procs.xql,v
diff -u -r1.18 -r1.19
--- openacs-4/packages/contacts/tcl/contact-search-procs.xql 19 May 2006 18:36:56 -0000 1.18
+++ openacs-4/packages/contacts/tcl/contact-search-procs.xql 5 Jun 2006 08:13:28 -0000 1.19
@@ -15,6 +15,17 @@
+
+
+ select cs.owner_id,
+ ao.package_id
+ from contact_searches cs,
+ acs_objects ao
+ where cs.search_id = ao.object_id
+ and cs.search_id = :search_id
+
+
+
select contact_searches.*, acs_objects.title, acs_objects.package_id
@@ -24,7 +35,6 @@
-
select type,
Index: openacs-4/packages/contacts/www/searches.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/contacts/www/searches.tcl,v
diff -u -r1.3 -r1.4
--- openacs-4/packages/contacts/www/searches.tcl 25 Nov 2005 18:12:21 -0000 1.3
+++ openacs-4/packages/contacts/www/searches.tcl 5 Jun 2006 08:13:28 -0000 1.4
@@ -9,14 +9,27 @@
{owner_id:optional}
{format "noraml"}
} -validate {
+ valid_owner_id -requires {owner_id} {
+ if { $owner_id ne [ad_conn user_id] && $owner_id ne [ad_conn package_id] } {
+ if { ![parameter::get -boolean -parameter "ViewOthersSearchesP" -default "0"] || ![acs_user::site_wide_admin_p] } {
+ ad_complain [_ contacts.lt_Cannot_view_others_searches]
+ }
+ }
+ }
}
set user_id [ad_conn user_id]
set package_id [ad_conn package_id]
if { ![exists_and_not_null owner_id] } {
set owner_id $user_id
}
-set owner_options [db_list_of_lists select_owner_options {}]
+
+if { [parameter::get -boolean -parameter "ViewOthersSearchesP" -default "0"] || [acs_user::site_wide_admin_p] } {
+ set owner_options [db_list_of_lists select_owner_options {}]
+} else {
+ set owner_options [list [list [_ contacts.My_Searches] $user_id]]
+}
+
set owner_options [concat [list [list [_ contacts.Public_Searches] "${package_id}"]] $owner_options]
template::list::create \