From: <sy...@us...> - 2009-04-16 22:50:29
|
Revision: 18050 http://tikiwiki.svn.sourceforge.net/tikiwiki/?rev=18050&view=rev Author: sylvieg Date: 2009-04-16 22:50:20 +0000 (Thu, 16 Apr 2009) Log Message: ----------- [FIX]perm: mod-tracker_comment->todo perm on item+numrows to be satisfied Modified Paths: -------------- branches/3.0/lib/trackers/trackerlib.php Modified: branches/3.0/lib/trackers/trackerlib.php =================================================================== --- branches/3.0/lib/trackers/trackerlib.php 2009-04-16 20:39:14 UTC (rev 18049) +++ branches/3.0/lib/trackers/trackerlib.php 2009-04-16 22:50:20 UTC (rev 18050) @@ -333,6 +333,7 @@ } function list_last_comments($trackerId = 0, $itemId = 0, $offset, $maxRecords) { + global $user; $mid = "1=1"; $bindvars = array(); @@ -347,7 +348,10 @@ $query_cant = "select count(*) from `tiki_tracker_item_comments` t left join `tiki_tracker_items` a on t.`itemId`=a.`itemId` where $mid and a.`trackerId`=? order by t.`posted` desc"; } else { - $query = "select * from `tiki_tracker_item_comments` where $mid order by `posted` desc"; + if (!$this->user_has_perm_on_object($user, $trackerId, 'tracker', 'tiki_p_view_trackers') ) { + return array('cant'=>0); + } + $query = "select t.*, a.`trackerId` from `tiki_tracker_item_comments` t left join `tiki_tracker_items` a on t.`itemId`=a.`itemId` where $mid order by `posted` desc"; $query_cant = "select count(*) from `tiki_tracker_item_comments` where $mid"; } $result = $this->query($query,$bindvars,$maxRecords,$offset); @@ -355,6 +359,10 @@ $ret = array(); while ($res = $result->fetchRow()) { + if (!$trackerId && !$this->user_has_perm_on_object($user, $res['trackerId'], 'tracker', 'tiki_p_view_trackers') ) { + --$cant; + continue; + } $res["parsed"] = nl2br($res["data"]); $ret[] = $res; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |