From: <vb...@us...> - 2003-11-20 10:38:51
|
Update of /cvsroot/mantisbt/mantisbt/core In directory sc8-pr-cvs1:/tmp/cvs-serv9981/core Modified Files: user_api.php Log Message: Fix #3421: Users except admin can 'see' the projects disabled on the project bar M code/user_api.php (user_get_accessible_projects) Check project enabled flag for non-admins. Index: user_api.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/core/user_api.php,v retrieving revision 1.61 retrieving revision 1.62 diff -u -d -r1.61 -r1.62 --- user_api.php 28 Oct 2003 10:37:15 -0000 1.61 +++ user_api.php 20 Nov 2003 10:38:07 -0000 1.62 @@ -516,11 +516,13 @@ $query = "SELECT DISTINCT( p.id ) FROM $t_project_table p LEFT JOIN $t_project_user_list_table u - ON p.id=u.project_id AND p.enabled=1 - WHERE p.view_state='$t_public' - OR (p.view_state='$t_private' - AND - u.user_id='$c_user_id') + ON p.id=u.project_id + WHERE ( p.enabled = 1 ) AND + ( p.view_state='$t_public' + OR (p.view_state='$t_private' + AND + u.user_id='$c_user_id' ) + ) ORDER BY p.name"; } |