From 5ced59049a0eb547f981fbd8186055c138403021 Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Sun, 14 Feb 2010 19:28:16 +0100
Subject: [PATCH] MFB:   Only StandardPages support locking.   Fix permission
 check when editing pages.   Allow editing for the owner of the lock without
 having to unlock first.

---
 wicked/lib/Page.php              | 26 --------------------------
 wicked/lib/Page/EditPage.php     |  7 +++++--
 wicked/lib/Page/StandardPage.php | 34 ++++++++++++++++++++++++++++------
 wicked/lib/Wicked.php            | 11 +++++++++++
 4 files changed, 44 insertions(+), 34 deletions(-)

diff --git a/wicked/lib/Page.php b/wicked/lib/Page.php
index b57087047..79e0bd3ca 100644
--- a/wicked/lib/Page.php
+++ b/wicked/lib/Page.php
@@ -135,11 +135,6 @@ class Page {
             if (($pagePerms & Horde_Perms::EDIT) == 0) {
                 return false;
             }
-
-            /* Locked page. */
-            if ($this->isLocked()) {
-                return false;
-            }
             break;
 
         case WICKED_MODE_REMOVE:
@@ -156,27 +151,6 @@ class Page {
             }
             break;
 
-        case WICKED_MODE_LOCKING:
-            if ($browser->isRobot()) {
-                return false;
-            }
-
-            if (Horde_Auth::isAdmin()) {
-                return true;
-            }
-
-            if (($pagePerms & Horde_Perms::EDIT) == 0) {
-                return false;
-            }
-            break;
-
-        case WICKED_MODE_UNLOCKING:
-            if (Horde_Auth::isAdmin()) {
-                return true;
-            }
-
-            return false;
-
         // All other modes require READ permissions.
         default:
             if (Horde_Auth::isAdmin()) {
diff --git a/wicked/lib/Page/EditPage.php b/wicked/lib/Page/EditPage.php
index 7b8091d0f..eb7304819 100644
--- a/wicked/lib/Page/EditPage.php
+++ b/wicked/lib/Page/EditPage.php
@@ -59,7 +59,7 @@ class EditPage extends Page {
     {
         if ($mode == WICKED_MODE_EDIT) {
             $page = Page::getPage($this->referrer());
-            if ($page->isLocked(Horde_Auth::getAuth() ? Horde_Auth::getAuth() : $GLOBALS['browser']->getIPAddress())) {
+            if ($page->isLocked(Wicked::lockUser())) {
                 return false;
             }
         }
@@ -88,6 +88,9 @@ class EditPage extends Page {
         }
         if ($this->allows(WICKED_MODE_LOCKING)) {
             $page = Page::getPage($this->referrer());
+            if ($page->isLocked()) {
+                $page->unlock();
+            }
             $result = $page->lock();
             if (is_a($result, 'PEAR_Error')) {
                 $GLOBALS['notification']->push(sprintf(_("Page failed to lock: %s"), $result->getMessage()), 'horde.error');
@@ -179,7 +182,7 @@ class EditPage extends Page {
                 }
             }
 
-            if ($this->allows(WICKED_MODE_UNLOCKING)) {
+            if ($page->allows(WICKED_MODE_UNLOCKING)) {
                 $result = $page->unlock();
                 if (is_a($result, 'PEAR_Error')) {
                     $GLOBALS['notification']->push(sprintf(_("Page failed to unlock: %s"), $result->getMessage()), 'horde.error');
diff --git a/wicked/lib/Page/StandardPage.php b/wicked/lib/Page/StandardPage.php
index ef71e1d29..ebfbda324 100644
--- a/wicked/lib/Page/StandardPage.php
+++ b/wicked/lib/Page/StandardPage.php
@@ -127,10 +127,33 @@ class StandardPage extends Page {
      */
     function allows($mode)
     {
-        if ($mode == WICKED_MODE_UNLOCKING && $this->_lock &&
-            (Horde_Auth::getAuth() && Horde_Auth::getAuth() == $this->_lock['lock_owner']) ||
-            (!Horde_Auth::getAuth() && $GLOBALS['browser']->getIPAddress() == $this->_lock['lock_owner'])) {
-            return true;
+        switch ($mode) {
+        case WICKED_MODE_EDIT:
+            if ($this->isLocked()) {
+                return Wicked::lockUser() == $this->_lock['lock_owner'];
+            }
+            break;
+
+        case WICKED_MODE_LOCKING:
+            if ($GLOBALS['browser']->isRobot()) {
+                return false;
+            }
+            if (Horde_Auth::isAdmin()) {
+                return true;
+            }
+            if (($this->getPermissions() & PERMS_EDIT) == 0) {
+                return false;
+            }
+            break;
+
+        case WICKED_MODE_UNLOCKING:
+            if (Horde_Auth::isAdmin()) {
+                return true;
+            }
+            if ($this->_lock) {
+                return Wicked::lockUser() == $this->_lock['lock_owner'];
+            }
+            return false;
         }
         return parent::allows($mode);
     }
@@ -220,8 +243,7 @@ class StandardPage extends Page {
     function lock()
     {
         if ($this->_locks) {
-            $owner = Horde_Auth::getAuth() ? Horde_Auth::getAuth() : $GLOBALS['browser']->getIPAddress();
-            $id = $this->_locks->setLock($owner, 'wicked', $this->pageName(), $GLOBALS['conf']['wicked']['lock']['time'] * 60, Horde_Lock::TYPE_EXCLUSIVE);
+            $id = $this->_locks->setLock(Wicked::lockUser(), 'wicked', $this->pageName(), $GLOBALS['conf']['wicked']['lock']['time'] * 60, Horde_Lock::TYPE_EXCLUSIVE);
             if ($id) {
                 $this->_lock = $this->_locks->getLockInfo($id);
             } else {
diff --git a/wicked/lib/Wicked.php b/wicked/lib/Wicked.php
index c09c39986..0c2d40f65 100644
--- a/wicked/lib/Wicked.php
+++ b/wicked/lib/Wicked.php
@@ -214,4 +214,15 @@ class Wicked {
         return $_SESSION['wickedSession']['CAPTCHA'];
     }
 
+    /**
+     * Returns the user name that is used for locking, either the current user
+     * or the current IP address.
+     *
+     * @return string  The user name used for locking.
+     */
+    function lockUser()
+    {
+        return Horde_Auth::getAuth() ? Horde_Auth::getAuth() : $GLOBALS['browser']->getIPAddress();
+    }
+
 }
-- 
2.11.0