[Refdb-cvs] CVS: refdb/src refdbdnote.c,1.25.2.9,1.25.2.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/refdb/refdb/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22073/src

Modified Files:
      Tag: Release_0_9_5_stable
	refdbdnote.c 
Log Message:
changed queries to honor share attribute

Index: refdbdnote.c
===================================================================
RCS file: /cvsroot/refdb/refdb/src/refdbdnote.c,v
retrieving revision 1.25.2.9
retrieving revision 1.25.2.10
diff -u -U2 -r1.25.2.9 -r1.25.2.10

--- refdbdnote.c	7 Sep 2005 23:45:02 -0000	1.25.2.9
+++ refdbdnote.c	21 Sep 2005 23:38:35 -0000	1.25.2.10
@@ -191,4 +191,5 @@
     andata.create_new = 1;
     andata.n_user_id = 0;
+    andata.share = 0;
     andata.conn = conn;
     andata.driver = dbi_conn_get_driver(conn);
@@ -2085,8 +2086,19 @@
   /* now assemble the SQL query string proper */
   if (n_privatelist) {
+    /* this list contains only the notes that belong to the user. We need not care about the share setting of the server or of extended notes */
     sprintf(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND t_user.user_name=\'%s\' AND ", ptr_clrequest->username);
   }
   else {
-    strcpy(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND t_user.user_name LIKE \'%\' AND ");
+    /* need to check the server and note share settings */
+    if (ptr_clrequest->share_default) {
+    /* if the server shares by default, we need to make sure the notes
+       of other users are not private */
+      sprintf(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND (t_user.user_name=\'%s\' OR (t_user.user_name!=\'%s\' AND t_note.note_share!=0)) AND ", ptr_clrequest->username, ptr_clrequest->username);
+    }
+    else {
+    /* if the server is paranoid by default, we need to make sure the
+       notes of other users are positively public */
+      sprintf(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND (t_user.user_name=\'%s\' OR (t_user.user_name!=\'%s\' AND t_note.note_share=1)) AND ", ptr_clrequest->username, ptr_clrequest->username);
+    }
   }
 
@@ -2106,5 +2118,4 @@
   }
 
-  /* see whether we need the user's list instead of the whole list */
   /* sort the output */
   if (strncmp(ptr_biblio_info->sort_string, "PY", 2) == 0) {



