WSA-123

"Allow user without read permissions on Root to see folders on which he does have permissions" Fixed. Folders allow READ and FOLDER_DETAIL permissions Committed By: Conrad Vermeulen Reviewed By: Martin Kirsten git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8417 c91229c3-7414-0410-bfa2-8a42b809f60b

WSA-123
"Allow user without read permissions on Root to see folders on which he does have permissions" Fixed. Folders allow READ and FOLDER_DETAIL permissions Committed By: Conrad Vermeulen Reviewed By: Martin Kirsten git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8417 c91229c3-7414-0410-bfa2-8a42b809f60b
Conrad Vermeulen
1 parent 5817ec1a
Showing 1 changed file with 9 additions and 5 deletions
ktapi/KTAPIFolder.inc.php
@@ -78,14 +78,18 @@ class KTAPI_Folder extends KTAPI_FolderItem
 			return new KTAPI_Error(KTAPI_ERROR_FOLDER_INVALID,$folder);
 		}
  
-		$user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_READ);
-
-		if (is_null($user) || PEAR::isError($user))
+		// A special case. We ignore permission checking on the root folder.
+		if ($folderid != 1)
 		{
-		    $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_VIEW_FOLDER);
+		    $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_READ);
+
 		    if (is_null($user) || PEAR::isError($user))
 		    {
-                return $user;
+		        $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_VIEW_FOLDER);
+		        if (is_null($user) || PEAR::isError($user))
+		        {
+		            return $user;
+		        }
 		    }
 		}