Commit a77cbbfa8f8aa9daf53be02e1ba536e65bfef0b9
1 parent
cfd1d223
KTS-1102: Folders returned that user doesn't have permission on.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5601 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
8 additions
and
6 deletions
lib/browse/PartialQuery.inc.php
| ... | ... | @@ -81,6 +81,7 @@ class BrowseQuery extends PartialQuery{ |
| 81 | 81 | // FIXME cache permission lookups, etc. |
| 82 | 82 | var $folder_id = -1; |
| 83 | 83 | var $sPermissionName = "ktcore.permissions.read"; |
| 84 | + var $sFolderPermissionName = "ktcore.permissions.folder_details"; | |
| 84 | 85 | |
| 85 | 86 | function BrowseQuery($iFolderId, $oUser = null, $aOptions = null) { |
| 86 | 87 | $this->folder_id = $iFolderId; |
| ... | ... | @@ -136,7 +137,7 @@ class BrowseQuery extends PartialQuery{ |
| 136 | 137 | } |
| 137 | 138 | |
| 138 | 139 | function _getFolderQuery($aOptions = null) { |
| 139 | - $res = KTSearchUtil::permissionToSQL($this->oUser, 'ktcore.permissions.folder_details', "F"); | |
| 140 | + $res = KTSearchUtil::permissionToSQL($this->oUser, $this->sFolderPermissionName, "F"); | |
| 140 | 141 | if (PEAR::isError($res)) { |
| 141 | 142 | return $res; |
| 142 | 143 | } |
| ... | ... | @@ -258,13 +259,14 @@ class SimpleSearchQuery extends PartialQuery { |
| 258 | 259 | function SimpleSearchQuery($sSearchableText) { $this->searchable_text = $sSearchableText; } |
| 259 | 260 | |
| 260 | 261 | function _getFolderQuery($aOptions = null) { |
| 261 | - $res = KTSearchUtil::permissionToSQL($this->oUser, 'ktcore.permissions.folder_details', "F"); | |
| 262 | + $oUser = User::get($_SESSION['userID']); | |
| 263 | + $res = KTSearchUtil::permissionToSQL($oUser, $this->sFolderPermissionName, "F"); | |
| 262 | 264 | if (PEAR::isError($res)) { |
| 263 | 265 | return $res; |
| 264 | 266 | } |
| 265 | 267 | list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $res; |
| 266 | 268 | |
| 267 | - $aPotentialWhere = array('MATCH (FST.folder_text) AGAINST (? IN BOOLEAN MODE) <> 0',$sPermissionString); | |
| 269 | + $aPotentialWhere = array($sPermissionString, 'MATCH (FST.folder_text) AGAINST (? IN BOOLEAN MODE) <> 0'); | |
| 268 | 270 | $aWhere = array(); |
| 269 | 271 | foreach ($aPotentialWhere as $sWhere) { |
| 270 | 272 | if (empty($sWhere)) { |
| ... | ... | @@ -286,7 +288,7 @@ class SimpleSearchQuery extends PartialQuery { |
| 286 | 288 | LEFT JOIN " . KTUtil::getTableName("folder_searchable_text") . " AS FST ON (F.id = FST.folder_id) |
| 287 | 289 | $sPermissionJoin $sWhere "; |
| 288 | 290 | $aParams = array($this->searchable_text); |
| 289 | - $aParams = kt_array_merge($aParams, $aPermissionParams); | |
| 291 | + $aParams = kt_array_merge($aPermissionParams, $aParams); | |
| 290 | 292 | return array($sQuery, $aParams); |
| 291 | 293 | } |
| 292 | 294 | |
| ... | ... | @@ -368,11 +370,11 @@ class SimpleSearchQuery extends PartialQuery { |
| 368 | 370 | |
| 369 | 371 | $aParams[] = $iBatchStart; |
| 370 | 372 | $aParams[] = $iBatchSize; |
| 371 | - | |
| 373 | + | |
| 372 | 374 | $q = array($sQuery, $aParams); |
| 373 | 375 | |
| 374 | 376 | $res = DBUtil::getResultArray($q); |
| 375 | - | |
| 377 | + | |
| 376 | 378 | return $res; |
| 377 | 379 | } |
| 378 | 380 | } | ... | ... |