From: garvinhicking Date: Wed, 14 Sep 2005 08:28:44 +0000 (+0000) Subject: Some more ACL pushing. X-Git-Tag: 0.9~144 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=69977c53ae24b505226bcb77f7463dc19273c3e1;p=s9y.git Some more ACL pushing. --- diff --git a/include/functions_config.inc.php b/include/functions_config.inc.php index ee89d55..9b6cf0a 100644 --- a/include/functions_config.inc.php +++ b/include/functions_config.inc.php @@ -1016,7 +1016,9 @@ function serendipity_ACLCheck($authorid, $artifact_id, $artifact_type, $artifact case 'category': $artifact_sql['unique']= "atf.categoryid"; $artifact_sql['cond'] = "atf.categoryid = " . (int)$artifact_id; - $artifact_sql['where'] = "OR a.artifact_type IS NULL AND (atf.authorid = " . (int)$authorid . " OR atf.authorid = 0)"; + $artifact_sql['where'] = " ag.groupid = a.groupid + OR a.groupid = 0 + OR (a.artifact_type IS NULL AND (atf.authorid = " . (int)$authorid . " OR atf.authorid = 0))"; $artifact_sql['table'] = 'category'; } @@ -1028,7 +1030,6 @@ function serendipity_ACLCheck($authorid, $artifact_id, $artifact_type, $artifact ON ( a.artifact_type = '" . serendipity_db_escape_string($artifact_type) . "' AND a.artifact_id = " . (int)$artifact_id . " AND a.artifact_mode = '" . serendipity_db_escape_string($artifact_mode) . "' - AND (ag.groupid = a.groupid OR a.groupid = 0) ) WHERE {$artifact_sql['cond']} @@ -1072,7 +1073,6 @@ function serendipity_ACL_SQL(&$cond, $append_category = false) { ON ( acl_acc.artifact_mode = 'read' AND acl_acc.artifact_type = 'category' AND acl_acc.artifact_id = c.categoryid - AND acl_acc.groupid = " . $read_id_sql . " )"; if (empty($cond['and'])) { @@ -1084,6 +1084,7 @@ function serendipity_ACL_SQL(&$cond, $append_category = false) { // When in Admin-Mode, apply readership permissions. $cond['and'] .= " ( c.categoryid IS NULL + OR ( acl_acc.groupid = " . $read_id_sql . " ) OR ( acl_acc.artifact_id IS NULL " . (isset($serendipity['GET']['adminModule']) && $serendipity['GET']['adminModule'] == 'entries' &&