if ($share instanceof PEAR_Error) {
$notification->push($share, 'horde.error');
} elseif (!Horde_Auth::getAuth() ||
- (isset($share) && Horde_Auth::getAuth() != $share->get('owner'))) {
+ (isset($share) &&
+ !Horde_Auth::isAdmin() &&
+ Horde_Auth::getAuth() != $share->get('owner'))) {
exit('permission denied');
}
break;
$notification->push(_("Attempt to edit a non-existent share."), 'horde.error');
} else {
if (!Horde_Auth::getAuth() ||
- Horde_Auth::getAuth() != $share->get('owner')) {
+ (!Horde_Auth::isAdmin() &&
+ Horde_Auth::getAuth() != $share->get('owner'))) {
exit('permission denied');
}
$perm = &$share->getPermission();
require_once 'Horde/Group.php';
+// Exit if the user shouldn't be able to change share permissions.
+if (!empty($conf['share']['no_sharing'])) {
+ throw new Horde_Exception('Permission denied.');
+}
+
$shares = Horde_Share::singleton('kronolith');
$groups = Group::singleton();
$auth = Horde_Auth::singleton($conf['auth']['driver']);
if (is_a($share, 'PEAR_Error')) {
$notification->push($share, 'horde.error');
} elseif (!Horde_Auth::getAuth() ||
- (isset($share) && Horde_Auth::getAuth() != $share->get('owner'))) {
+ (isset($share) &&
+ !Horde_Auth::isAdmin() &&
+ Horde_Auth::getAuth() != $share->get('owner'))) {
exit('permission denied');
}
break;
$notification->push(_("Attempt to edit a non-existent share."), 'horde.error');
} else {
if (!Horde_Auth::getAuth() ||
- Horde_Auth::getAuth() != $share->get('owner')) {
+ (!Horde_Auth::isAdmin() &&
+ Horde_Auth::getAuth() != $share->get('owner'))) {
exit('permission denied');
}
$perm = &$share->getPermission();
projects / horde.git / commitdiff