[Mantisbt-cvs] mantisbt/core user_api.php,1.61,1.62

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/mantisbt/mantisbt/core
In directory sc8-pr-cvs1:/tmp/cvs-serv9981/core

Modified Files:
	user_api.php 
Log Message:
Fix #3421: Users except admin can 'see' the projects disabled on the project bar

M code/user_api.php
(user_get_accessible_projects) Check project enabled flag for non-admins.

Index: user_api.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/core/user_api.php,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -d -r1.61 -r1.62

--- user_api.php	28 Oct 2003 10:37:15 -0000	1.61
+++ user_api.php	20 Nov 2003 10:38:07 -0000	1.62
@@ -516,11 +516,13 @@
 			$query = "SELECT DISTINCT( p.id )
 					  FROM $t_project_table p
 					  LEFT JOIN $t_project_user_list_table u
-					    ON p.id=u.project_id AND p.enabled=1
-					  WHERE p.view_state='$t_public'
-					    OR (p.view_state='$t_private'
-						    AND
-					        u.user_id='$c_user_id')
+					    ON p.id=u.project_id
+					  WHERE ( p.enabled = 1 ) AND 
+						( p.view_state='$t_public'
+						    OR (p.view_state='$t_private'
+							    AND
+						        u.user_id='$c_user_id' )
+						)
 					  ORDER BY p.name";
 		}
 




