#100 Disallow user listing in MIM

0.7.x
open-accepted
nobody
5
2005-09-27
2005-07-26
Oscar
No

Hi there,

I created a small patch that adds a new ACL
(General->createmim), with which users can be
disallowed to send messages. They would need to select
a user from the list, and on the implementation I'm
working on, user listings are not allowed for certain
groups.

Also, when replying, this ACL can disallow users to
select any other user than the one the original message
came from.

The patch contains the following updated files:
moregroupware/modules/general/mim.php
moregroupware/modules/general/templates/default/html/mim_list.tpl

There's one new file:
moregroupware/modules/general/inc/rights.inc.php

The patch is based on the latest 0.7.3 release.

I love this product, but there's a bit finetuning for
my implementation, so more patches may follow :-)

Oscar

Discussion

  • Oscar

    Oscar - 2005-07-26

    Logged In: YES
    user_id=1309205

    Forgot the attachment :-/

     
  • Oscar

    Oscar - 2005-07-26

    Disallow user listing in MIM

     
    Attachments
  • Oscar

    Oscar - 2005-08-09

    Logged In: YES
    user_id=1309205

    I included an invalid file in the upload; the ACL name in
    modules/general/inc/rights.inc.php is wrong:
    To make this patch work, the ACL name "createmim" whould be
    changed to "listusers"

     
  • Franky Van Liedekerke

    Logged In: YES
    user_id=109671

    I will allow this patch, but what about users that upgrade
    from a previous version. Are they affected in any way?

     
  • Franky Van Liedekerke

    Logged In: YES
    user_id=109671

    Your patch has been accepted and added to CVS.

    Check out CVS or fetch a CVS snapshot to see the new code.

    --
    more.groupware developer team

     
  • Franky Van Liedekerke

    • status: open --> open-accepted
     
  • Oscar

    Oscar - 2005-10-17

    Logged In: YES
    user_id=1309205

    Yes, they are affected, since the default for the new
    "listusers" ACL is "denied" in this file.
    To prevent this, it might be a better choice to make "allow"
    the default by changing the value of 'listusers' from '0' to
    '1' in rights.inc.php.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks