From be875127e9cd1de82e29d5691bc5225ee5482d9f Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Wed, 3 Feb 2010 17:47:37 +0100
Subject: [PATCH] Allow admins to edit any share permission.

---
 horde/services/shares/edit.php |  7 +++++--
 kronolith/perms.php            | 12 ++++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/horde/services/shares/edit.php b/horde/services/shares/edit.php
index 1d1355f83..d86123f6e 100644
--- a/horde/services/shares/edit.php
+++ b/horde/services/shares/edit.php
@@ -55,7 +55,9 @@ case 'edit':
     if ($share instanceof PEAR_Error) {
         $notification->push($share, 'horde.error');
     } elseif (!Horde_Auth::getAuth() ||
-              (isset($share) && Horde_Auth::getAuth() != $share->get('owner'))) {
+              (isset($share) &&
+               !Horde_Auth::isAdmin() &&
+               Horde_Auth::getAuth() != $share->get('owner'))) {
         exit('permission denied');
     }
     break;
@@ -66,7 +68,8 @@ case 'editform':
         $notification->push(_("Attempt to edit a non-existent share."), 'horde.error');
     } else {
         if (!Horde_Auth::getAuth() ||
-            Horde_Auth::getAuth() != $share->get('owner')) {
+            (!Horde_Auth::isAdmin() &&
+             Horde_Auth::getAuth() != $share->get('owner'))) {
             exit('permission denied');
         }
         $perm = &$share->getPermission();
diff --git a/kronolith/perms.php b/kronolith/perms.php
index 796734b6c..1805a265c 100644
--- a/kronolith/perms.php
+++ b/kronolith/perms.php
@@ -14,6 +14,11 @@ Horde_Registry::appInit('kronolith');
 
 require_once 'Horde/Group.php';
 
+// Exit if the user shouldn't be able to change share permissions.
+if (!empty($conf['share']['no_sharing'])) {
+    throw new Horde_Exception('Permission denied.');
+}
+
 $shares = Horde_Share::singleton('kronolith');
 $groups = Group::singleton();
 $auth = Horde_Auth::singleton($conf['auth']['driver']);
@@ -34,7 +39,9 @@ case 'edit':
     if (is_a($share, 'PEAR_Error')) {
         $notification->push($share, 'horde.error');
     } elseif (!Horde_Auth::getAuth() ||
-              (isset($share) && Horde_Auth::getAuth() != $share->get('owner'))) {
+              (isset($share) &&
+               !Horde_Auth::isAdmin() &&
+               Horde_Auth::getAuth() != $share->get('owner'))) {
         exit('permission denied');
     }
     break;
@@ -45,7 +52,8 @@ case 'editform':
         $notification->push(_("Attempt to edit a non-existent share."), 'horde.error');
     } else {
         if (!Horde_Auth::getAuth() ||
-            Horde_Auth::getAuth() != $share->get('owner')) {
+            (!Horde_Auth::isAdmin() &&
+             Horde_Auth::getAuth() != $share->get('owner'))) {
             exit('permission denied');
         }
         $perm = &$share->getPermission();
-- 
2.11.0