[Phpslash-commit] CVS: phpslash-ft/class Story_admin.class,1.13,1.14

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/phpslash/phpslash-ft/class
In directory sc8-pr-cvs1:/tmp/cvs-serv897/phpslash-ft/class

Modified Files:
	Story_admin.class 
Log Message:
list only stories in sections that the user has permission

Index: Story_admin.class
===================================================================
RCS file: /cvsroot/phpslash/phpslash-ft/class/Story_admin.class,v
retrieving revision 1.13
retrieving revision 1.14
diff -C2 -d -r1.13 -r1.14
*** Story_admin.class	26 Mar 2003 18:16:09 -0000	1.13
--- Story_admin.class	26 Mar 2003 20:27:38 -0000	1.14
***************
*** 287,291 ****
        }
        $q .= "       psl_commentcount commentcount
!               WHERE story.story_id = commentcount.count_id 
                  AND author.author_id = story.user_id ";
  
--- 287,291 ----
        }
        $q .= "       psl_commentcount commentcount
!               WHERE story.story_id = commentcount.count_id
                  AND author.author_id = story.user_id ";
  
***************
*** 293,298 ****
        // if you're not a storyeditor, then you can only view your own stories.
        if (!$this->perm->have_perm("storylistothers")) {
!          $q .= "AND '$user_id' = story.user_id  
!                 AND '$user_id' = author.author_id "; 
        }
        if ($author_id) {
--- 293,298 ----
        // if you're not a storyeditor, then you can only view your own stories.
        if (!$this->perm->have_perm("storylistothers")) {
!          $q .= "AND '$user_id' = story.user_id
!                 AND '$user_id' = author.author_id ";
        }
        if ($author_id) {
***************
*** 323,328 ****
        $topic_array   = $topic->getTopics();
        $section_array = $section->getSections();
!       
!       
  
        $this->template->set_block("liststory", "each_author", "authors");
--- 323,328 ----
        $topic_array   = $topic->getTopics();
        $section_array = $section->getSections();
! 
! 
  
        $this->template->set_block("liststory", "each_author", "authors");
***************
*** 353,357 ****
          "SELECTED"    => ""
        ));
!       $this->template->parse("topics", "each_topic", "true");      
        while (list(, $cur_Topic) = each($topic_array)) {
           $this->template->set_var(array(
--- 353,357 ----
          "SELECTED"    => ""
        ));
!       $this->template->parse("topics", "each_topic", "true");
        while (list(, $cur_Topic) = each($topic_array)) {
           $this->template->set_var(array(
***************
*** 374,382 ****
          "SELECTED"    => ""
        ));
!       $this->template->parse("sections", "each_section", "true");            
        while (list(, $cur_Section) = each($section_array)) {
           $this->template->set_var(array(
!            "SECTION_NAME" => $cur_Section[name],
!            "SECTION_ID"   => $cur_Section[id],
             "SELECTED"   => ""
           ));
--- 374,386 ----
          "SELECTED"    => ""
        ));
!       $this->template->parse("sections", "each_section", "true");
        while (list(, $cur_Section) = each($section_array)) {
+          if ((!$this->perm->have_perm("storyList && ". ALLSECTIONS)) &&
+              (!$this->perm->have_perm("storyList && section_id".$cur_Section['id']))) {
+             continue;
+          }
           $this->template->set_var(array(
!            "SECTION_NAME" => $cur_Section['name'],
!            "SECTION_ID"   => $cur_Section['id'],
             "SELECTED"   => ""
           ));
***************
*** 399,405 ****
  
           $story_id = $this->db->Record["story_id"];
!          $count++;
  
!          if ( ($count > $first)  and ($count <= ($first+$cmt_list))  ) {
  
              $view_url   = $this->psl['rooturl'] . "/article.php3?story_id=$story_id";
--- 403,426 ----
  
           $story_id = $this->db->Record["story_id"];
!          // $count++;
  
!          // get story's sections
!          $db2 = pslNew("slashDB");
!          $db2->query("SELECT section_id
!                              FROM psl_section_lut
!                            WHERE story_id = '$story_id' ");
! 
!          $ok = false;
!          while ($db2->next_record()) {
!             // permisssion to any of them?
!             if (($this->perm->have_perm("storyList && ". ALLSECTIONS)) ||
!                ($this->perm->have_perm("storyList && section_id".$db2->Record['section_id']))) {
!                $ok = true;
!                $count++;
!                // break;
!             }
!          }
! 
!          if ( ($count > $first)  and ($count <= ($first+$cmt_list) and $ok)  ) {
  
              $view_url   = $this->psl['rooturl'] . "/article.php3?story_id=$story_id";
***************
*** 420,429 ****
  
              if ($i%2 == 0) {
! 	            $this->template->parse("rows","row","true");
! 	         } else {
                 $this->template->parse("rows","row2","true");
! 	         }
! 	         $i++;
! 	      }
        }
  
--- 441,450 ----
  
              if ($i%2 == 0) {
!                $this->template->parse("rows","row","true");
!             } else {
                 $this->template->parse("rows","row2","true");
!             }
!             $i++;
!          }
        }