[Phpslash-commit] CVS: phpslash-ft/class Story_admin.class,1.13,1.14
Brought to you by:
joestewart,
nhruby
From: Joe S. <joe...@us...> - 2003-03-26 20:27:44
|
Update of /cvsroot/phpslash/phpslash-ft/class In directory sc8-pr-cvs1:/tmp/cvs-serv897/phpslash-ft/class Modified Files: Story_admin.class Log Message: list only stories in sections that the user has permission Index: Story_admin.class =================================================================== RCS file: /cvsroot/phpslash/phpslash-ft/class/Story_admin.class,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** Story_admin.class 26 Mar 2003 18:16:09 -0000 1.13 --- Story_admin.class 26 Mar 2003 20:27:38 -0000 1.14 *************** *** 287,291 **** } $q .= " psl_commentcount commentcount ! WHERE story.story_id = commentcount.count_id AND author.author_id = story.user_id "; --- 287,291 ---- } $q .= " psl_commentcount commentcount ! WHERE story.story_id = commentcount.count_id AND author.author_id = story.user_id "; *************** *** 293,298 **** // if you're not a storyeditor, then you can only view your own stories. if (!$this->perm->have_perm("storylistothers")) { ! $q .= "AND '$user_id' = story.user_id ! AND '$user_id' = author.author_id "; } if ($author_id) { --- 293,298 ---- // if you're not a storyeditor, then you can only view your own stories. if (!$this->perm->have_perm("storylistothers")) { ! $q .= "AND '$user_id' = story.user_id ! AND '$user_id' = author.author_id "; } if ($author_id) { *************** *** 323,328 **** $topic_array = $topic->getTopics(); $section_array = $section->getSections(); ! ! $this->template->set_block("liststory", "each_author", "authors"); --- 323,328 ---- $topic_array = $topic->getTopics(); $section_array = $section->getSections(); ! ! $this->template->set_block("liststory", "each_author", "authors"); *************** *** 353,357 **** "SELECTED" => "" )); ! $this->template->parse("topics", "each_topic", "true"); while (list(, $cur_Topic) = each($topic_array)) { $this->template->set_var(array( --- 353,357 ---- "SELECTED" => "" )); ! $this->template->parse("topics", "each_topic", "true"); while (list(, $cur_Topic) = each($topic_array)) { $this->template->set_var(array( *************** *** 374,382 **** "SELECTED" => "" )); ! $this->template->parse("sections", "each_section", "true"); while (list(, $cur_Section) = each($section_array)) { $this->template->set_var(array( ! "SECTION_NAME" => $cur_Section[name], ! "SECTION_ID" => $cur_Section[id], "SELECTED" => "" )); --- 374,386 ---- "SELECTED" => "" )); ! $this->template->parse("sections", "each_section", "true"); while (list(, $cur_Section) = each($section_array)) { + if ((!$this->perm->have_perm("storyList && ". ALLSECTIONS)) && + (!$this->perm->have_perm("storyList && section_id".$cur_Section['id']))) { + continue; + } $this->template->set_var(array( ! "SECTION_NAME" => $cur_Section['name'], ! "SECTION_ID" => $cur_Section['id'], "SELECTED" => "" )); *************** *** 399,405 **** $story_id = $this->db->Record["story_id"]; ! $count++; ! if ( ($count > $first) and ($count <= ($first+$cmt_list)) ) { $view_url = $this->psl['rooturl'] . "/article.php3?story_id=$story_id"; --- 403,426 ---- $story_id = $this->db->Record["story_id"]; ! // $count++; ! // get story's sections ! $db2 = pslNew("slashDB"); ! $db2->query("SELECT section_id ! FROM psl_section_lut ! WHERE story_id = '$story_id' "); ! ! $ok = false; ! while ($db2->next_record()) { ! // permisssion to any of them? ! if (($this->perm->have_perm("storyList && ". ALLSECTIONS)) || ! ($this->perm->have_perm("storyList && section_id".$db2->Record['section_id']))) { ! $ok = true; ! $count++; ! // break; ! } ! } ! ! if ( ($count > $first) and ($count <= ($first+$cmt_list) and $ok) ) { $view_url = $this->psl['rooturl'] . "/article.php3?story_id=$story_id"; *************** *** 420,429 **** if ($i%2 == 0) { ! $this->template->parse("rows","row","true"); ! } else { $this->template->parse("rows","row2","true"); ! } ! $i++; ! } } --- 441,450 ---- if ($i%2 == 0) { ! $this->template->parse("rows","row","true"); ! } else { $this->template->parse("rows","row2","true"); ! } ! $i++; ! } } |