fix(Calendar) getMultiple does not take role rights into account

tine20 · Apr 29, 2022 · 2c13677 · 2c13677
1 parent 83d1c03
commit 2c13677
Show file tree

Hide file tree

Showing 2 changed files with 58 additions and 1 deletion.
diff --git a/tests/tine20/Calendar/Controller/EventTests.php b/tests/tine20/Calendar/Controller/EventTests.php
@@ -2614,6 +2614,47 @@ public function testModLogUndo()
         } catch (Tinebase_Exception_NotFound $tenf) {}
     }
 
+    public function testRoleRights()
+    {
+        $newRole = Tinebase_Role::getInstance()->create(new Tinebase_Model_Role([
+            'name' => 'unittest',
+        ]));
+        $newRole->members = [[
+            'id' => '',
+            'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP,
+            'account_id' => Tinebase_Group::getInstance()->getDefaultGroup()->getId(),
+        ]];
+        Tinebase_Role::getInstance()->update($newRole);
+        Tinebase_Acl_Roles::getInstance()->resetClassCache();
+
+        $sharedContainer = $this->_getTestContainer('Calendar', Calendar_Model_Event::class, true);
+        $event = $this->_getEvent();
+        $event->container_id = $sharedContainer->getId();
+        $createdEvent = $this->_controller->create($event);
+
+        Tinebase_Container::getInstance()->setGrants($sharedContainer, new Tinebase_Record_RecordSet(
+            Tinebase_Model_Grants::class, [[
+            'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_ROLE,
+            'account_id' => $newRole->getId(),
+            //'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_GROUP,
+            //'account_id' => Tinebase_Group::getInstance()->getDefaultGroup()->getId(),
+            Tinebase_Model_Grants::GRANT_READ => true,
+            Tinebase_Model_Grants::GRANT_EDIT => true,
+            Tinebase_Model_Grants::GRANT_ADMIN => true,
+            Tinebase_Model_Grants::GRANT_ADD => true,
+        ]]), true, false);
+
+        Tinebase_Core::setUser($this->_getPersona('sclever'));
+        $scleverEvent = $this->_controller->get($createdEvent->getId());
+        $this->assertTrue($scleverEvent->{Tinebase_Model_Grants::GRANT_DELETE});
+        $scleverEvent = $this->_controller->search(new Calendar_Model_EventFilter([['field' => 'id', 'operator' => 'equals', 'value' => $createdEvent->getId()]]))->getFirstRecord();
+        $this->assertNotNull($scleverEvent);
+        $this->assertTrue($scleverEvent->{Tinebase_Model_Grants::GRANT_DELETE});
+        $scleverEvent = $this->_controller->getMultiple([$createdEvent->getId()])->getFirstRecord();
+        $this->assertNotNull($scleverEvent);
+        $this->assertTrue($scleverEvent->{Tinebase_Model_Grants::GRANT_DELETE});
+    }
+
     public function testGetPrivateEventInSharedContainer()
     {
         $sharedContainer = $this->_getTestContainer('Calendar', Calendar_Model_Event::class, true);

diff --git a/tine20/Calendar/Backend/Sql.php b/tine20/Calendar/Backend/Sql.php
@@ -141,7 +141,23 @@ public function getByProperty($_value, $_property = 'name', $_getDeleted = FALSE
 
         return $result;
     }
-
+
+    /**
+     * Get multiple entries
+     *
+     * @param string|array $_id Ids
+     * @param array $_containerIds all allowed container ids that are added to getMultiple query
+     * @return Tinebase_Record_RecordSet
+     *
+     * @todo get custom fields here as well
+     */
+    public function getMultiple($_id, $_containerIds = NULL)
+    {
+        return $this->search(new Calendar_Model_EventFilter([
+            ['field' => 'id', 'operator' => 'in', 'value' => (array)$_id],
+        ]));
+    }
+
     /**
      * Calendar optimized search function
      *