From 61e2dd063670820935f777073116e39320a1da50 Mon Sep 17 00:00:00 2001
From: Michael M Slusarz <slusarz@curecanti.org>
Date: Thu, 27 Jan 2011 11:34:16 -0700
Subject: [PATCH] Bug #9542: Fix permissions usage in IMP

---
 imp/lib/Application.php | 32 ++++++++++++++++++++++++-------
 imp/lib/Compose.php     | 51 ++++++++++++++++++-------------------------------
 imp/lib/Folder.php      |  2 +-
 3 files changed, 45 insertions(+), 40 deletions(-)

diff --git a/imp/lib/Application.php b/imp/lib/Application.php
index b3342783d..9d281d72d 100644
--- a/imp/lib/Application.php
+++ b/imp/lib/Application.php
@@ -206,31 +206,49 @@ class IMP_Application extends Horde_Registry_Application
      *
      * @param string $permission  The permission to check.
      * @param mixed $allowed      The allowed permissions.
-     * @param array $opts         Additional options ('value').
+     * @param array $opts         Additional options:
+     *   - For 'max_recipients' and 'max_timelimit', 'value' is the number of
+     *     recipients in the current message.
      *
-     * @return mixed  The value of the specified permission.
+     * @return boolean  Does the user has permission?
      */
     public function hasPermission($permission, $allowed, $opts = array())
     {
         switch ($permission) {
         case 'create_folders':
-            $allowed = (bool)count(array_filter($allowed));
+            // No-op
             break;
 
         case 'max_folders':
-            $allowed = max($allowed);
             if (empty($opts['value'])) {
-                return ($allowed > count($GLOBALS['injector']->getInstance('IMP_Folder')->flist_IMP(array(), false)));
+                return ($allowed >= count($GLOBALS['injector']->getInstance('IMP_Folder')->flist_IMP(array(), false)));
             }
             break;
 
         case 'max_recipients':
+            if (isset($opts['value'])) {
+                return ($allowed >= $opts['value']);
+            }
+            break;
+
         case 'max_timelimit':
-            $allowed = max($allowed);
+            if (isset($opts['value'])) {
+                $sentmail = $GLOBALS['injector']->getInstance('IMP_Sentmail');
+                if (!($sentmail instanceof IMP_Sentmail_Base)) {
+                    Horde::logMessage('The permission for the maximum number of recipients per time period has been enabled, but no backend for the sent-mail logging has been configured for IMP.', 'ERR');
+                    return true;
+                }
+
+                try {
+                    $opts['value'] += $sentmail->numberOfRecipients($GLOBALS['conf']['sentmail']['params']['limit_period'], true);
+                } catch (IMP_Exception $e) {}
+
+                return ($allowed >= $opts['value']);
+            }
             break;
         }
 
-        return $allowed;
+        return (bool)$allowed;
     }
 
     /* Menu methods. */
diff --git a/imp/lib/Compose.php b/imp/lib/Compose.php
index c8d6e2560..8e4a27118 100644
--- a/imp/lib/Compose.php
+++ b/imp/lib/Compose.php
@@ -809,30 +809,17 @@ class IMP_Compose implements ArrayAccess, Countable, Iterator
     protected function _prepSendMessage($email, $headers = null,
                                         $message = null)
     {
-        $timelimit = $GLOBALS['injector']->getInstance('Horde_Perms')->hasAppPermission('max_timelimit');
-        if ($timelimit !== true) {
-            $sentmail = $GLOBALS['injector']->getInstance('IMP_Sentmail');
-            if (!($sentmail instanceof IMP_Sentmail_Base)) {
-                Horde::logMessage('The permission for the maximum number of recipients per time period has been enabled, but no backend for the sent-mail logging has been configured for IMP.', 'ERR');
-                throw new IMP_Compose_Exception(_("The system is not properly configured. A detailed error description has been logged for the administrator."));
-            }
-
-            try {
-                $recipients = $sentmail->numberOfRecipients($GLOBALS['conf']['sentmail']['params']['limit_period'], true);
-            } catch (IMP_Exception $e) {
-                $recipients = 0;
-            }
+        foreach (Horde_Mime_Address::parseAddressList($email) as $address) {
+            $recipients += isset($address['grounpname'])
+                ? count($address['addresses'])
+                : 1;
+        }
 
-            foreach (Horde_Mime_Address::parseAddressList($email) as $address) {
-                $recipients += isset($address['grounpname'])
-                    ? count($address['addresses'])
-                    : 1;
-            }
+        $perms = $GLOBALS['injector']->getInstance('Horde_Perms');
 
-            if ($recipients > $timelimit) {
-                Horde::permissionDeniedError('imp', 'max_timelimit');
-                throw new IMP_Compose_Exception(sprintf(_("You are not allowed to send messages to more than %d recipients within %d hours."), $timelimit, $GLOBALS['conf']['sentmail']['params']['limit_period']));
-            }
+        if (!$perms->hasAppPermission('max_timelimit', array('opts' => array('value' => $recipients)))) {
+            Horde::permissionDeniedError('imp', 'max_timelimit');
+            throw new IMP_Compose_Exception(sprintf(_("You are not allowed to send messages to more than %d recipients within %d hours."), $perms->getPermissions('max_timelimit'), $GLOBALS['conf']['sentmail']['params']['limit_period']));
         }
 
         /* Pass to hook to allow alteration of message details. */
@@ -1033,16 +1020,16 @@ class IMP_Compose implements ArrayAccess, Countable, Iterator
         /* Count recipients if necessary. We need to split email groups
          * because the group members count as separate recipients. */
         if ($exceed) {
-            $max_recipients = $GLOBALS['injector']->getInstance('Horde_Perms')->hasAppPermission('max_recipients');
-            if ($max_recipients !== true) {
-                $num_recipients = 0;
-                foreach ($addrlist as $recipient) {
-                    $num_recipients += count(explode(',', $recipient));
-                }
-                if ($num_recipients > $max_recipients) {
-                    Horde::permissionDeniedError('imp', 'max_recipients');
-                    throw new IMP_Compose_Exception(sprintf(_("You are not allowed to send messages to more than %d recipients."), $max_recipients));
-                }
+            $recipients = 0;
+            foreach ($addrlist as $recipient) {
+                $recipients += count(explode(',', $recipient));
+            }
+
+            $perms = $GLOBALS['injector']->getInstance('Horde_Perms');
+
+            if (!$perms->hasAppPermission('max_recipients', array('opts' => array('value' => $recipients)))) {
+                Horde::permissionDeniedError('imp', 'max_recipients');
+                throw new IMP_Compose_Exception(sprintf(_("You are not allowed to send messages to more than %d recipients."), $perms->getPermissions('max_recipients')));
             }
         }
 
diff --git a/imp/lib/Folder.php b/imp/lib/Folder.php
index 6f95a6e4c..1b89b743b 100644
--- a/imp/lib/Folder.php
+++ b/imp/lib/Folder.php
@@ -122,7 +122,7 @@ class IMP_Folder
             Horde::permissionDeniedError(
                 'imp',
                 'max_folders',
-                sprintf(_("You are not allowed to create more than %d folders."), $perms->hasAppPermission('max_folders', array('opts' => array('value' => true))))
+                sprintf(_("You are not allowed to create more than %d folders."), $perms->getPermissions('max_folders'))
             );
             return false;
         }
-- 
2.11.0