Update of /cvsroot/basedb/basedb/include/classes
In directory sc8-pr-cvs1:/tmp/cvs-serv20384/include/classes
Modified Files:
item.inc.php news.inc.php raw.inc.php reporterlist.inc.php
user.inc.php
Log Message:
Fixed problems that were found while running as non-superuser
Index: item.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/include/classes/item.inc.php,v
retrieving revision 1.21
retrieving revision 1.22
diff -C2 -d -r1.21 -r1.22
*** item.inc.php 2 Feb 2003 15:31:51 -0000 1.21
--- item.inc.php 15 Feb 2003 11:29:06 -0000 1.22
***************
*** 303,311 ****
}
! // Returns an array with (name,removed,owner), plus
// gid,groupAccess,worldAccess if $sharing is true.
function getBasicFromId($type, $id, $sharing = true)
{
! $query = "SELECT name, removed, owner".
($sharing ? ", gid, `groupAccess`, `worldAccess`" : "").
" FROM $type WHERE id = ".(int)$id;
--- 303,311 ----
}
! // Returns an array with (id,name,removed,owner), plus
// gid,groupAccess,worldAccess if $sharing is true.
function getBasicFromId($type, $id, $sharing = true)
{
! $query = "SELECT id, name, removed, owner".
($sharing ? ", gid, `groupAccess`, `worldAccess`" : "").
" FROM $type WHERE id = ".(int)$id;
Index: news.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/include/classes/news.inc.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** news.inc.php 30 Dec 2002 22:09:16 -0000 1.6
--- news.inc.php 15 Feb 2003 11:29:07 -0000 1.7
***************
*** 74,78 ****
$query = "SELECT COUNT(*) FROM News n ".
! "WHERE ".db_true()." ".$search->getWhere();
$res = query($query);
if($row =& db_fetch_row($res)) $cnt = $row[0];
--- 74,79 ----
$query = "SELECT COUNT(*) FROM News n ".
! "WHERE ".Item::whereRemoved("n", 0)." ".
! $search->getWhere();
$res = query($query);
if($row =& db_fetch_row($res)) $cnt = $row[0];
***************
*** 92,96 ****
$query = "SELECT n.*, ug.`name` AS `userName` ".
"FROM News n, UserGroup ug ".
! "WHERE n.owner = ug.id";
$search->getWhere()." $ob ".$search->makeLimit();
--- 93,98 ----
$query = "SELECT n.*, ug.`name` AS `userName` ".
"FROM News n, UserGroup ug ".
! "WHERE n.owner = ug.id ".
! Item::whereRemovedAnd("n", 0)." ".
$search->getWhere()." $ob ".$search->makeLimit();
Index: raw.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/include/classes/raw.inc.php,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** raw.inc.php 3 Feb 2003 20:13:18 -0000 1.27
--- raw.inc.php 15 Feb 2003 11:29:07 -0000 1.28
***************
*** 346,349 ****
--- 346,350 ----
$search->makeWhere($fields);
$search->addExtraWhere(Item::whereRemoved("r", $removed));
+ $search->addExtraWhere(Item::whereShared("r", $user));
if($expid)
{
Index: reporterlist.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/include/classes/reporterlist.inc.php,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** reporterlist.inc.php 30 Jan 2003 16:45:21 -0000 1.11
--- reporterlist.inc.php 15 Feb 2003 11:29:07 -0000 1.12
***************
*** 389,393 ****
}
!
}
--- 389,396 ----
}
! function isShared($user, $write = 0)
! {
! return Experiment::isSharedId($this->experiment, $user, $write);
! }
}
Index: user.inc.php
===================================================================
RCS file: /cvsroot/basedb/basedb/include/classes/user.inc.php,v
retrieving revision 1.24
retrieving revision 1.25
diff -C2 -d -r1.24 -r1.25
*** user.inc.php 4 Feb 2003 18:28:59 -0000 1.24
--- user.inc.php 15 Feb 2003 11:29:07 -0000 1.25
***************
*** 248,252 ****
}
! // Superusers can edit anyone, but cannot be edited by normal user admins.
function mayEdit(&$user)
{
--- 248,252 ----
}
! /* // Superusers can edit anyone, but cannot be edited by normal user admins.
function mayEdit(&$user)
{
***************
*** 262,265 ****
--- 262,278 ----
{
return $this->mayEdit($user);
+ }*/
+
+ // Superusers can edit anyone, but cannot be edited by normal user admins.
+ function isShared($user, $write = 0)
+ {
+ $acc = (int)$write;
+ if(!$acc)
+ {
+ return $user->access($this->globalRead());
+ }
+ return $user->access(BUA_SUPERUSER) ||
+ $user->access($this->globalEdit()) &&
+ !$this->access(BUA_SUPERUSER);
}
}
|
