Commit 58a5d7e7eff6192fb83b486e7e8199f218977377
1 parent
5817ec1a
WSA-123
"Allow user without read permissions on Root to see folders on which he does have permissions" Fixed. Folders allow READ and FOLDER_DETAIL permissions Committed By: Conrad Vermeulen Reviewed By: Martin Kirsten git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@8417 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
9 additions
and
5 deletions
ktapi/KTAPIFolder.inc.php
| @@ -78,14 +78,18 @@ class KTAPI_Folder extends KTAPI_FolderItem | @@ -78,14 +78,18 @@ class KTAPI_Folder extends KTAPI_FolderItem | ||
| 78 | return new KTAPI_Error(KTAPI_ERROR_FOLDER_INVALID,$folder); | 78 | return new KTAPI_Error(KTAPI_ERROR_FOLDER_INVALID,$folder); |
| 79 | } | 79 | } |
| 80 | 80 | ||
| 81 | - $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_READ); | ||
| 82 | - | ||
| 83 | - if (is_null($user) || PEAR::isError($user)) | 81 | + // A special case. We ignore permission checking on the root folder. |
| 82 | + if ($folderid != 1) | ||
| 84 | { | 83 | { |
| 85 | - $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_VIEW_FOLDER); | 84 | + $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_READ); |
| 85 | + | ||
| 86 | if (is_null($user) || PEAR::isError($user)) | 86 | if (is_null($user) || PEAR::isError($user)) |
| 87 | { | 87 | { |
| 88 | - return $user; | 88 | + $user = $ktapi->can_user_access_object_requiring_permission($folder, KTAPI_PERMISSION_VIEW_FOLDER); |
| 89 | + if (is_null($user) || PEAR::isError($user)) | ||
| 90 | + { | ||
| 91 | + return $user; | ||
| 92 | + } | ||
| 89 | } | 93 | } |
| 90 | } | 94 | } |
| 91 | 95 |