From: Jan Schneider <jan@horde.org>
Date: Mon, 22 Feb 2010 15:21:36 +0000 (+0100)
Subject: Add option to disallow world permissions for user shares.
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=4522c96db7c6c657592867711ee40b61647c79da;p=horde.git

Add option to disallow world permissions for user shares.
---

diff --git a/horde/config/conf.xml b/horde/config/conf.xml
index 05747ea62..505b02fdf 100644
--- a/horde/config/conf.xml
+++ b/horde/config/conf.xml
@@ -1053,19 +1053,18 @@
   to.</configdescription>
   <configsection name="share">
    <configheader>Allow Sharing?</configheader>
-   <configboolean name="no_sharing" required="false" desc="Prevent
-   users from editing permissions on their shares. This will keep a
-   user from granting other users (or guests) access to their address
-   book, notebook, calendar, etc.">false</configboolean>
-
-   <configheader>Allow sharing with groups that users aren't members
-   of?</configheader>
+   <configboolean name="no_sharing" required="false" desc="Prevent users from
+   editing permissions on their shares. This will keep a user from granting
+   other users (or guests) access to their address book, notebook, calendar,
+   etc.">false</configboolean>
+   <configboolean name="world" required="false" desc="If you enable this
+   option, users will be able to share their resources with all (authenticated
+   and guest) users on the system.">true</configboolean>
    <configboolean name="any_group" required="false" desc="If you enable this
    option, users will be able to share their resources with any group,
    regardless of whether or not they are a member. If you disable it, users
    will only be able to share their resources with groups they are members
    of.">false</configboolean>
-
    <configheader>Share Caching</configheader>
    <configdescription>Enabling share caching improves performance because the
    share backend will only be queried once per session. But it also increases
@@ -1073,7 +1072,6 @@
    users log in the next time.</configdescription>
    <configboolean name="cache" required="false" desc="Enable share
    caching?">false</configboolean>
-
    <configheader>Shares Driver</configheader>
    <configdescription>
      You can use different driver types for the Horde Share
diff --git a/horde/docs/CHANGES b/horde/docs/CHANGES
index 1ba8391b5..ccf96e04e 100644
--- a/horde/docs/CHANGES
+++ b/horde/docs/CHANGES
@@ -2,6 +2,7 @@
 v4.0-cvs
 --------
 
+[jan] Add option to disallow world permissions for user shares.
 [mms] Allow Mozilla DNS prefetching to be turned off when displaying untrusted
       content (Ticket #8836).
 [jan] Store alarm dates in UTC (Bug #8381).
diff --git a/horde/services/shares/edit.php b/horde/services/shares/edit.php
index d86123f6e..a05bc7b36 100644
--- a/horde/services/shares/edit.php
+++ b/horde/services/shares/edit.php
@@ -89,48 +89,51 @@ case 'editform':
             }
         }
 
-        // Process default permissions.
-        if (Horde_Util::getFormData('default_show')) {
-            $perm->addDefaultPermission(Horde_Perms::SHOW, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::SHOW, false);
-        }
-        if (Horde_Util::getFormData('default_read')) {
-            $perm->addDefaultPermission(Horde_Perms::READ, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::READ, false);
-        }
-        if (Horde_Util::getFormData('default_edit')) {
-            $perm->addDefaultPermission(Horde_Perms::EDIT, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::EDIT, false);
-        }
-        if (Horde_Util::getFormData('default_delete')) {
-            $perm->addDefaultPermission(Horde_Perms::DELETE, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::DELETE, false);
-        }
+        if (Horde_Auth::isAdmin() ||
+            !empty($GLOBALS['conf']['shares']['world'])) {
+            // Process default permissions.
+            if (Horde_Util::getFormData('default_show')) {
+                $perm->addDefaultPermission(Horde_Perms::SHOW, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::SHOW, false);
+            }
+            if (Horde_Util::getFormData('default_read')) {
+                $perm->addDefaultPermission(Horde_Perms::READ, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::READ, false);
+            }
+            if (Horde_Util::getFormData('default_edit')) {
+                $perm->addDefaultPermission(Horde_Perms::EDIT, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::EDIT, false);
+            }
+            if (Horde_Util::getFormData('default_delete')) {
+                $perm->addDefaultPermission(Horde_Perms::DELETE, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::DELETE, false);
+            }
 
-        // Process guest permissions.
-        if (Horde_Util::getFormData('guest_show')) {
-            $perm->addGuestPermission(Horde_Perms::SHOW, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::SHOW, false);
-        }
-        if (Horde_Util::getFormData('guest_read')) {
-            $perm->addGuestPermission(Horde_Perms::READ, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::READ, false);
-        }
-        if (Horde_Util::getFormData('guest_edit')) {
-            $perm->addGuestPermission(Horde_Perms::EDIT, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::EDIT, false);
-        }
-        if (Horde_Util::getFormData('guest_delete')) {
-            $perm->addGuestPermission(Horde_Perms::DELETE, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::DELETE, false);
+            // Process guest permissions.
+            if (Horde_Util::getFormData('guest_show')) {
+                $perm->addGuestPermission(Horde_Perms::SHOW, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::SHOW, false);
+            }
+            if (Horde_Util::getFormData('guest_read')) {
+                $perm->addGuestPermission(Horde_Perms::READ, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::READ, false);
+            }
+            if (Horde_Util::getFormData('guest_edit')) {
+                $perm->addGuestPermission(Horde_Perms::EDIT, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::EDIT, false);
+            }
+            if (Horde_Util::getFormData('guest_delete')) {
+                $perm->addGuestPermission(Horde_Perms::DELETE, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::DELETE, false);
+            }
         }
 
         // Process creator permissions.
diff --git a/horde/templates/shares/edit.inc b/horde/templates/shares/edit.inc
index c3b0b7180..bff7a049f 100644
--- a/horde/templates/shares/edit.inc
+++ b/horde/templates/shares/edit.inc
@@ -50,6 +50,7 @@ if (isset($userperms[$owner])) {
   </td>
 </tr>
 
+<?php if (Horde_Auth::isAdmin() || !empty($GLOBALS['conf']['shares']['world'])): ?>
 <!-- Spacer -->
 <tr><td>&nbsp;</td></tr>
 
@@ -119,6 +120,7 @@ if (isset($userperms[$owner])) {
     <label for="guest_delete" class="hidden"><?php echo _("Delete") ?></label>
   </td>
 </tr>
+<?php endif; ?>
 
 <!-- Spacer -->
 <tr><td>&nbsp;</td></tr>
diff --git a/kronolith/perms.php b/kronolith/perms.php
index 868b54a22..aa95bd347 100644
--- a/kronolith/perms.php
+++ b/kronolith/perms.php
@@ -73,58 +73,61 @@ case 'editform':
             }
         }
 
-        // Process default permissions.
-        if (Horde_Util::getFormData('default_show')) {
-            $perm->addDefaultPermission(Horde_Perms::SHOW, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::SHOW, false);
-        }
-        if (Horde_Util::getFormData('default_read')) {
-            $perm->addDefaultPermission(Horde_Perms::READ, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::READ, false);
-        }
-        if (Horde_Util::getFormData('default_edit')) {
-            $perm->addDefaultPermission(Horde_Perms::EDIT, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::EDIT, false);
-        }
-        if (Horde_Util::getFormData('default_delete')) {
-            $perm->addDefaultPermission(Horde_Perms::DELETE, false);
-        } else {
-            $perm->removeDefaultPermission(Horde_Perms::DELETE, false);
-        }
-        if (Horde_Util::getFormData('default_delegate')) {
-            $perm->addDefaultPermission(Kronolith::PERMS_DELEGATE, false);
-        } else {
-            $perm->removeDefaultPermission(Kronolith::PERMS_DELEGATE, false);
-        }
+        if (Horde_Auth::isAdmin() ||
+            !empty($GLOBALS['conf']['shares']['world'])) {
+            // Process default permissions.
+            if (Horde_Util::getFormData('default_show')) {
+                $perm->addDefaultPermission(Horde_Perms::SHOW, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::SHOW, false);
+            }
+            if (Horde_Util::getFormData('default_read')) {
+                $perm->addDefaultPermission(Horde_Perms::READ, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::READ, false);
+            }
+            if (Horde_Util::getFormData('default_edit')) {
+                $perm->addDefaultPermission(Horde_Perms::EDIT, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::EDIT, false);
+            }
+            if (Horde_Util::getFormData('default_delete')) {
+                $perm->addDefaultPermission(Horde_Perms::DELETE, false);
+            } else {
+                $perm->removeDefaultPermission(Horde_Perms::DELETE, false);
+            }
+            if (Horde_Util::getFormData('default_delegate')) {
+                $perm->addDefaultPermission(Kronolith::PERMS_DELEGATE, false);
+            } else {
+                $perm->removeDefaultPermission(Kronolith::PERMS_DELEGATE, false);
+            }
 
-        // Process guest permissions.
-        if (Horde_Util::getFormData('guest_show')) {
-            $perm->addGuestPermission(Horde_Perms::SHOW, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::SHOW, false);
-        }
-        if (Horde_Util::getFormData('guest_read')) {
-            $perm->addGuestPermission(Horde_Perms::READ, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::READ, false);
-        }
-        if (Horde_Util::getFormData('guest_edit')) {
-            $perm->addGuestPermission(Horde_Perms::EDIT, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::EDIT, false);
-        }
-        if (Horde_Util::getFormData('guest_delete')) {
-            $perm->addGuestPermission(Horde_Perms::DELETE, false);
-        } else {
-            $perm->removeGuestPermission(Horde_Perms::DELETE, false);
-        }
-        if (Horde_Util::getFormData('guest_delegate')) {
-            $perm->addGuestPermission(Kronolith::PERMS_DELEGATE, false);
-        } else {
-            $perm->removeGuestPermission(Kronolith::PERMS_DELEGATE, false);
+            // Process guest permissions.
+            if (Horde_Util::getFormData('guest_show')) {
+                $perm->addGuestPermission(Horde_Perms::SHOW, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::SHOW, false);
+            }
+            if (Horde_Util::getFormData('guest_read')) {
+                $perm->addGuestPermission(Horde_Perms::READ, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::READ, false);
+            }
+            if (Horde_Util::getFormData('guest_edit')) {
+                $perm->addGuestPermission(Horde_Perms::EDIT, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::EDIT, false);
+            }
+            if (Horde_Util::getFormData('guest_delete')) {
+                $perm->addGuestPermission(Horde_Perms::DELETE, false);
+            } else {
+                $perm->removeGuestPermission(Horde_Perms::DELETE, false);
+            }
+            if (Horde_Util::getFormData('guest_delegate')) {
+                $perm->addGuestPermission(Kronolith::PERMS_DELEGATE, false);
+            } else {
+                $perm->removeGuestPermission(Kronolith::PERMS_DELEGATE, false);
+            }
         }
 
         // Process creator permissions.
diff --git a/kronolith/templates/perms/perms.inc b/kronolith/templates/perms/perms.inc
index 4865ccbec..8fcc9a947 100644
--- a/kronolith/templates/perms/perms.inc
+++ b/kronolith/templates/perms/perms.inc
@@ -40,6 +40,7 @@
   </td>
 </tr>
 
+<?php if (Horde_Auth::isAdmin() || !empty($GLOBALS['conf']['shares']['world'])): ?>
 <!-- Spacer -->
 <tr><td colspan="7">&nbsp;</td></tr>
 
@@ -121,6 +122,7 @@
   </td>
   <td>&nbsp;</td>
 </tr>
+<?php endif; ?>
 
 <!-- Spacer -->
 <tr><td colspan="7">&nbsp;</td></tr>