Update of /cvsroot/refdb/refdb/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv22073/src
Modified Files:
Tag: Release_0_9_5_stable
refdbdnote.c
Log Message:
changed queries to honor share attribute
Index: refdbdnote.c
===================================================================
RCS file: /cvsroot/refdb/refdb/src/refdbdnote.c,v
retrieving revision 1.25.2.9
retrieving revision 1.25.2.10
diff -u -U2 -r1.25.2.9 -r1.25.2.10
--- refdbdnote.c 7 Sep 2005 23:45:02 -0000 1.25.2.9
+++ refdbdnote.c 21 Sep 2005 23:38:35 -0000 1.25.2.10
@@ -191,4 +191,5 @@
andata.create_new = 1;
andata.n_user_id = 0;
+ andata.share = 0;
andata.conn = conn;
andata.driver = dbi_conn_get_driver(conn);
@@ -2085,8 +2086,19 @@
/* now assemble the SQL query string proper */
if (n_privatelist) {
+ /* this list contains only the notes that belong to the user. We need not care about the share setting of the server or of extended notes */
sprintf(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND t_user.user_name=\'%s\' AND ", ptr_clrequest->username);
}
else {
- strcpy(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND t_user.user_name LIKE \'%\' AND ");
+ /* need to check the server and note share settings */
+ if (ptr_clrequest->share_default) {
+ /* if the server shares by default, we need to make sure the notes
+ of other users are not private */
+ sprintf(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND (t_user.user_name=\'%s\' OR (t_user.user_name!=\'%s\' AND t_note.note_share!=0)) AND ", ptr_clrequest->username, ptr_clrequest->username);
+ }
+ else {
+ /* if the server is paranoid by default, we need to make sure the
+ notes of other users are positively public */
+ sprintf(sql_command, "SELECT DISTINCT t_note.note_id, t_note.note_key, t_note.note_title, t_note.note_user_id, t_note.note_date, t_note.note_content, t_note.note_content_type, t_note.note_content_xmllang, t_user.user_name FROM t_note,t_user WHERE t_note.note_user_id=t_user.user_id AND (t_user.user_name=\'%s\' OR (t_user.user_name!=\'%s\' AND t_note.note_share=1)) AND ", ptr_clrequest->username, ptr_clrequest->username);
+ }
}
@@ -2106,5 +2118,4 @@
}
- /* see whether we need the user's list instead of the whole list */
/* sort the output */
if (strncmp(ptr_biblio_info->sort_string, "PY", 2) == 0) {
|
