Contacts: Document usage of OC_Contacts_App::getAddressbook

Remove redundant access checks and add comments to the calls to OC_Contacts_App::getAddressbook that are access checks

Contacts: Document usage of OC_Contacts_App::getAddressbook
6eb1427a · Bart Visscher · b77132ed · 6eb1427a · 6eb1427a · 6eb1427a
Commit 6eb1427a authored 13 years ago by Bart Visscher
--- a/apps/contacts/ajax/addcard.php
+++ b/apps/contacts/ajax/addcard.php
@@ -34,7 +34,7 @@ OC_JSON::checkAppEnabled('contacts');
 $l=new OC_L10N('contacts');

 $aid = $_POST['id'];
-$addressbook = OC_Contacts_App::getAddressbook( $aid );
+OC_Contacts_App::getAddressbook( $aid ); // is owner access check

 $fn = trim($_POST['fn']);
 $values = $_POST['value'];

--- a/apps/contacts/ajax/addcontact.php
+++ b/apps/contacts/ajax/addcontact.php
@@ -40,7 +40,7 @@ OC_JSON::checkAppEnabled('contacts');
 $l=new OC_L10N('contacts');

 $aid = $_POST['aid'];
-$addressbook = OC_Contacts_App::getAddressbook( $aid );
+OC_Contacts_App::getAddressbook( $aid ); // is owner access check

 $fn = trim($_POST['fn']);
 $n = trim($_POST['n']);

--- a/apps/contacts/ajax/deletebook.php
+++ b/apps/contacts/ajax/deletebook.php
@@ -30,7 +30,7 @@ OC_JSON::checkAppEnabled('contacts');

 //$id = $_GET['id'];
 $id = $_POST['id'];
-$addressbook = OC_Contacts_App::getAddressbook( $id );
+OC_Contacts_App::getAddressbook( $id ); // is owner access check

 OC_Contacts_Addressbook::delete($id);
 OC_JSON::success(array('data' => array( 'id' => $id )));
--- a/apps/contacts/ajax/updateaddressbook.php
+++ b/apps/contacts/ajax/updateaddressbook.php
@@ -15,6 +15,7 @@ OC_JSON::checkLoggedIn();
 OC_JSON::checkAppEnabled('contacts');

 $bookid = $_POST['id'];
+OC_Contacts_App::getAddressbook($bookid); // is owner access check

 if(!OC_Contacts_Addressbook::edit($bookid, $_POST['name'], null)) {
 	OC_JSON::error(array('data' => array('message' => $l->t('Error updating addressbook.'))));

--- a/apps/contacts/export.php
+++ b/apps/contacts/export.php
@@ -14,10 +14,6 @@ $contact = isset($_GET['contactid']) ? $_GET['contactid'] : NULL;
 $nl = "\n";
 if(isset($book)){
 	$addressbook = OC_Contacts_App::getAddressbook($book);
-	if($addressbook['userid'] != OC_User::getUser()){
-		OC_JSON::error();
-		exit;
-	}
 	$cardobjects = OC_Contacts_VCard::all($book);
 	header('Content-Type: text/directory');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '_', $addressbook['displayname']) . '.vcf'); 
@@ -27,12 +23,6 @@ if(isset($book)){
 	}
 }elseif(isset($contact)){	
 	$data = OC_Contacts_App::getContactObject($contact);
-	$addressbookid = $data['addressbookid'];
-	$addressbook = OC_Contacts_App::getAddressbook($addressbookid);
-	if($addressbook['userid'] != OC_User::getUser()){
-		OC_JSON::error();
-		exit;
-	}
 	header('Content-Type: text/directory');
 	header('Content-Disposition: inline; filename=' . str_replace(' ', '_', $data['fullname']) . '.vcf'); 
 	echo $data['carddata'];