#100 Disallow user listing in MIM

0.7.x
open-accepted
nobody
5
2005-09-27
2005-07-26
Oscar
No

Hi there,

I created a small patch that adds a new ACL
(General->createmim), with which users can be
disallowed to send messages. They would need to select
a user from the list, and on the implementation I'm
working on, user listings are not allowed for certain
groups.

Also, when replying, this ACL can disallow users to
select any other user than the one the original message
came from.

The patch contains the following updated files:
moregroupware/modules/general/mim.php
moregroupware/modules/general/templates/default/html/mim_list.tpl

There's one new file:
moregroupware/modules/general/inc/rights.inc.php

The patch is based on the latest 0.7.3 release.

I love this product, but there's a bit finetuning for
my implementation, so more patches may follow :-)

Oscar

Discussion

  • Oscar
    Oscar
    2005-07-26

    Logged In: YES
    user_id=1309205

    Forgot the attachment :-/

     
  • Oscar
    Oscar
    2005-07-26

    Disallow user listing in MIM

     
    Attachments
  • Oscar
    Oscar
    2005-08-09

    Logged In: YES
    user_id=1309205

    I included an invalid file in the upload; the ACL name in
    modules/general/inc/rights.inc.php is wrong:
    To make this patch work, the ACL name "createmim" whould be
    changed to "listusers"

     
  • Logged In: YES
    user_id=109671

    I will allow this patch, but what about users that upgrade
    from a previous version. Are they affected in any way?

     
  • Logged In: YES
    user_id=109671

    Your patch has been accepted and added to CVS.

    Check out CVS or fetch a CVS snapshot to see the new code.

    --
    more.groupware developer team

     
    • status: open --> open-accepted
     
  • Oscar
    Oscar
    2005-10-17

    Logged In: YES
    user_id=1309205

    Yes, they are affected, since the default for the new
    "listusers" ACL is "denied" in this file.
    To prevent this, it might be a better choice to make "allow"
    the default by changing the value of 'listusers' from '0' to
    '1' in rights.inc.php.