make roles inheritable
Principals can have any roles of the set {Admin, Group, Public, Resource}. I’m especially interested in the Admin role. You can make a group Admin (by simply clicking the ‘Administrator’ checkbox in the web interface). Why should a group be Admin? That only makes sense, when that role is inheritable. When you have an LDAP group for your IT department, then you want to grant and revoke admin rights on DAViCal as well as all other services automatically, just by managing membership of that LDAP group.
In fact, users only have admin rights on the DAViCal interface, when they themselves are Admin—no matter which groups they are member of. This is not so cool.
In inc/DAViCalSession.php,
at the end of the function GetRoles(),
you could insert this:
$sql = 'SELECT role_name FROM (((group_member JOIN dav_principal first_dav_principal ON group_member.group_id=first_dav_principal.principal_id) JOIN role_member ON first_dav_principal.user_no=role_member.user_no) JOIN roles ON roles.role_no=role_member.role_no) JOIN dav_principal second_dav_principal ON group_member.member_id=second_dav_principal.principal_id WHERE second_dav_principal.user_no = '.$this->user_no; $qry = new AwlQuery( $sql ); if ( $qry->Exec('DAViCalSession') && $qry->rows() > 0 ) { while( $role = $qry->Fetch() ) { $this->roles[$role->role_name] = 1; } }
Then every user, who is member of a group with admin rights, will get admin rights. Actually, one would expect that this inheritance never ends, so this has to be implemented recursively. But this is too removed from reality for me now. It solves my case and I just want to drop this here as an idea.
P.S.: Or, to only inherit Admin: //$this->roles[$role->role_name] = 1; if($role->role_name=='Admin') $this->roles['Admin'] = 1;