From: <sy...@us...> - 2007-04-30 13:31:47
|
Update of /cvsroot/tikiwiki/tiki/lib In directory sc8-pr-cvs10.sourceforge.net:/tmp/cvs-serv20803/lib Modified Files: Tag: BRANCH-1-9 searchlib.php Log Message: [FIX]mysql search: was returning object with special perms for people with no global perm (ex: anonymous with tiki_p_view=n was able to see page with special perm, but anonymous with tiki_p_view=y was fine Index: searchlib.php =================================================================== RCS file: /cvsroot/tikiwiki/tiki/lib/searchlib.php,v retrieving revision 1.26.2.25 retrieving revision 1.26.2.26 diff -u -d -r1.26.2.25 -r1.26.2.26 --- searchlib.php 6 Aug 2006 09:48:27 -0000 1.26.2.25 +++ searchlib.php 30 Apr 2007 13:31:16 -0000 1.26.2.26 @@ -137,24 +137,24 @@ $sqlJoin .= " JOIN `users_objectpermissions` u ON u.`objectId` = md5(" . $this->db->concat("'$objType'", "lower($objKeyPerm)") . ") AND u.`objectType`= ? "; $bindJoin[] = $objType; - if ($globalPerm == 'y') { $sqlJoin = ' LEFT ' . $sqlJoin; $sqlFields .= ", count(u.`objectId`) as perms, max(u.`permName`=? and u.`groupName` IN ($groupStr)) as allow "; $bindFields[] = $permNameObj; $bindFields = array_merge($bindFields, $groupList); $sqlGroup = " GROUP BY $objKeyGroup "; - $sqlHaving = " HAVING perms=? or allow=? "; + $sqlHaving = " HAVING perms=?"; + if ($globalPerm == 'y') { + $sqlHaving .= " or "; + } else { + $sqlHaving .= " and "; + } + $sqlHaving .= "allow=? "; $bindHaving = array(0,1); - } else { - $sqlJoin = ' INNER ' . $sqlJoin; - $sqlJoin .= " AND u.`permName`=? "; - $bindJoin[] = $permNameObj; - } } - $chkCatPerm = $feature_search_show_forbidden_cat != 'y' && $tiki_p_admin != 'y' && !empty($objType) && !empty($objKeyCat) && !empty($objKeyGroup) && $feature_categories == 'y' && $globalPerm == 'y'; + $chkCatPerm = $feature_search_show_forbidden_cat != 'y' && $tiki_p_admin != 'y' && !empty($objType) && !empty($objKeyCat) && !empty($objKeyGroup) && $feature_categories == 'y'; if ($chkCatPerm) { @@ -176,7 +176,13 @@ $sqlGroup = " GROUP BY $objKeyGroup "; if ($chkObjPerm) { - $sqlHaving = " HAVING (perms=? AND (NOT categorized OR NOT forbidden)) or allow=? "; + $sqlHaving = " HAVING (perms=? AND (NOT categorized OR NOT forbidden))"; + if ($globalPerm == 'y') { + $sqlHaving .= " or "; + } else { + $sqlHaving .= " and "; + } + $sqlHaving .= "allow=? "; $bindHaving = array(0, 1); } else { $sqlHaving = " HAVING NOT categorized OR NOT forbidden "; |