From 58a5d7e7eff6192fb83b486e7e8199f218977377 Mon Sep 17 00:00:00 2001
From: Conrad Vermeulen <conrad@knowledgetree.com>
Date: Tue, 6 May 2008 11:01:33 +0000
Subject: [PATCH] WSA-123 "Allow user without read permissions on Root to see folders on which he does have permissions" Fixed. Folders allow READ and FOLDER_DETAIL permissions

---
 ktapi/KTAPIFolder.inc.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/ktapi/KTAPIFolder.inc.php b/ktapi/KTAPIFolder.inc.php
index cb0813c..e13757c 100644
--- a/ktapi/KTAPIFolder.inc.php
+++ b/ktapi/KTAPIFolder.inc.php
@@ -78,14 +78,18 @@ class KTAPI_Folder extends KTAPI_FolderItem
 			return new KTAPI_Error(KTAPI_ERROR_FOLDER_INVALID,$folder);
 		}
 
-		$user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_READ);
-
-		if (is_null($user) || PEAR::isError($user))
+		// A special case. We ignore permission checking on the root folder.
+		if ($folderid != 1)
 		{
-		    $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_VIEW_FOLDER);
+		    $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_READ);
+
 		    if (is_null($user) || PEAR::isError($user))
 		    {
-                return $user;
+		        $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_VIEW_FOLDER);
+		        if (is_null($user) || PEAR::isError($user))
+		        {
+		            return $user;
+		        }
 		    }
 		}
 
--
libgit2 0.21.4