aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-01-07 16:26:50 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-01-07 16:26:50 +0000
commit2c23064e291fe525e1d9e1e3ecd1963dbcc4af60 (patch)
treee675ad62c79c1a93d1f3ff070b2d20001dba634a /engine/lib
parent730c231f93b897f05f7bd71dec0267322c9ada58 (diff)
downloadelgg-2c23064e291fe525e1d9e1e3ecd1963dbcc4af60.tar.gz
elgg-2c23064e291fe525e1d9e1e3ecd1963dbcc4af60.tar.bz2
Closes #286: Group access restrictions issue fixed, modified from patch supplied with #315
git-svn-id: https://code.elgg.org/elgg/trunk@2538 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/access.php48
1 files changed, 27 insertions, 21 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index a47cefd22..e8940b75c 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -71,31 +71,37 @@
$query .= " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)";
$tmp_access_array = array(2);
- if (isloggedin())
- $tmp_access_array[] = 1;
-
- if ($collections = get_data($query)) {
- foreach($collections as $collection)
- if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id;
+ if (isloggedin()) {
+ $tmp_access_array[] = 1;
+
+ // The following can only return sensible data if the user is logged in.
+
+ if ($collections = get_data($query)) {
+ foreach($collections as $collection)
+ if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id;
+
+ }
- }
+ $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag ";
+ $query .= " WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)";
+
+ if ($collections = get_data($query)) {
+ foreach($collections as $collection)
+ if (!empty($collection->id)) $tmp_access_array[] = $collection->id;
+ }
+
- $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag ";
- $query .= " WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)";
-
- if ($collections = get_data($query)) {
- foreach($collections as $collection)
- if (!empty($collection->id)) $tmp_access_array[] = $collection->id;
- }
-
-
- global $is_admin;
-
- if (isset($is_admin) && $is_admin == true) {
- $tmp_access_array[] = 0;
+ global $is_admin;
+
+ if (isset($is_admin) && $is_admin == true) {
+ $tmp_access_array[] = 0;
+ }
+
+ $access_array[$user_id] = $tmp_access_array;
}
+ else
+ return $tmp_access_array; // No user id logged in so we can only access public info
- $access_array[$user_id] = $tmp_access_array;
} else {
$tmp_access_array = $access_array[$user_id];