From 2c23064e291fe525e1d9e1e3ecd1963dbcc4af60 Mon Sep 17 00:00:00 2001 From: marcus Date: Wed, 7 Jan 2009 16:26:50 +0000 Subject: Closes #286: Group access restrictions issue fixed, modified from patch supplied with #315 git-svn-id: https://code.elgg.org/elgg/trunk@2538 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/access.php | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) (limited to 'engine') diff --git a/engine/lib/access.php b/engine/lib/access.php index a47cefd22..e8940b75c 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -71,31 +71,37 @@ $query .= " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; $tmp_access_array = array(2); - if (isloggedin()) - $tmp_access_array[] = 1; - - if ($collections = get_data($query)) { - foreach($collections as $collection) - if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id; + if (isloggedin()) { + $tmp_access_array[] = 1; + + // The following can only return sensible data if the user is logged in. + + if ($collections = get_data($query)) { + foreach($collections as $collection) + if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id; + + } - } + $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag "; + $query .= " WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; + + if ($collections = get_data($query)) { + foreach($collections as $collection) + if (!empty($collection->id)) $tmp_access_array[] = $collection->id; + } + - $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag "; - $query .= " WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; - - if ($collections = get_data($query)) { - foreach($collections as $collection) - if (!empty($collection->id)) $tmp_access_array[] = $collection->id; - } - - - global $is_admin; - - if (isset($is_admin) && $is_admin == true) { - $tmp_access_array[] = 0; + global $is_admin; + + if (isset($is_admin) && $is_admin == true) { + $tmp_access_array[] = 0; + } + + $access_array[$user_id] = $tmp_access_array; } + else + return $tmp_access_array; // No user id logged in so we can only access public info - $access_array[$user_id] = $tmp_access_array; } else { $tmp_access_array = $access_array[$user_id]; -- cgit v1.2.3