Commit a77cbbfa8f8aa9daf53be02e1ba536e65bfef0b9
1 parent
cfd1d223
KTS-1102: Folders returned that user doesn't have permission on.
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5601 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
8 additions
and
6 deletions
lib/browse/PartialQuery.inc.php
| @@ -81,6 +81,7 @@ class BrowseQuery extends PartialQuery{ | @@ -81,6 +81,7 @@ class BrowseQuery extends PartialQuery{ | ||
| 81 | // FIXME cache permission lookups, etc. | 81 | // FIXME cache permission lookups, etc. |
| 82 | var $folder_id = -1; | 82 | var $folder_id = -1; |
| 83 | var $sPermissionName = "ktcore.permissions.read"; | 83 | var $sPermissionName = "ktcore.permissions.read"; |
| 84 | + var $sFolderPermissionName = "ktcore.permissions.folder_details"; | ||
| 84 | 85 | ||
| 85 | function BrowseQuery($iFolderId, $oUser = null, $aOptions = null) { | 86 | function BrowseQuery($iFolderId, $oUser = null, $aOptions = null) { |
| 86 | $this->folder_id = $iFolderId; | 87 | $this->folder_id = $iFolderId; |
| @@ -136,7 +137,7 @@ class BrowseQuery extends PartialQuery{ | @@ -136,7 +137,7 @@ class BrowseQuery extends PartialQuery{ | ||
| 136 | } | 137 | } |
| 137 | 138 | ||
| 138 | function _getFolderQuery($aOptions = null) { | 139 | function _getFolderQuery($aOptions = null) { |
| 139 | - $res = KTSearchUtil::permissionToSQL($this->oUser, 'ktcore.permissions.folder_details', "F"); | 140 | + $res = KTSearchUtil::permissionToSQL($this->oUser, $this->sFolderPermissionName, "F"); |
| 140 | if (PEAR::isError($res)) { | 141 | if (PEAR::isError($res)) { |
| 141 | return $res; | 142 | return $res; |
| 142 | } | 143 | } |
| @@ -258,13 +259,14 @@ class SimpleSearchQuery extends PartialQuery { | @@ -258,13 +259,14 @@ class SimpleSearchQuery extends PartialQuery { | ||
| 258 | function SimpleSearchQuery($sSearchableText) { $this->searchable_text = $sSearchableText; } | 259 | function SimpleSearchQuery($sSearchableText) { $this->searchable_text = $sSearchableText; } |
| 259 | 260 | ||
| 260 | function _getFolderQuery($aOptions = null) { | 261 | function _getFolderQuery($aOptions = null) { |
| 261 | - $res = KTSearchUtil::permissionToSQL($this->oUser, 'ktcore.permissions.folder_details', "F"); | 262 | + $oUser = User::get($_SESSION['userID']); |
| 263 | + $res = KTSearchUtil::permissionToSQL($oUser, $this->sFolderPermissionName, "F"); | ||
| 262 | if (PEAR::isError($res)) { | 264 | if (PEAR::isError($res)) { |
| 263 | return $res; | 265 | return $res; |
| 264 | } | 266 | } |
| 265 | list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $res; | 267 | list($sPermissionString, $aPermissionParams, $sPermissionJoin) = $res; |
| 266 | 268 | ||
| 267 | - $aPotentialWhere = array('MATCH (FST.folder_text) AGAINST (? IN BOOLEAN MODE) <> 0',$sPermissionString); | 269 | + $aPotentialWhere = array($sPermissionString, 'MATCH (FST.folder_text) AGAINST (? IN BOOLEAN MODE) <> 0'); |
| 268 | $aWhere = array(); | 270 | $aWhere = array(); |
| 269 | foreach ($aPotentialWhere as $sWhere) { | 271 | foreach ($aPotentialWhere as $sWhere) { |
| 270 | if (empty($sWhere)) { | 272 | if (empty($sWhere)) { |
| @@ -286,7 +288,7 @@ class SimpleSearchQuery extends PartialQuery { | @@ -286,7 +288,7 @@ class SimpleSearchQuery extends PartialQuery { | ||
| 286 | LEFT JOIN " . KTUtil::getTableName("folder_searchable_text") . " AS FST ON (F.id = FST.folder_id) | 288 | LEFT JOIN " . KTUtil::getTableName("folder_searchable_text") . " AS FST ON (F.id = FST.folder_id) |
| 287 | $sPermissionJoin $sWhere "; | 289 | $sPermissionJoin $sWhere "; |
| 288 | $aParams = array($this->searchable_text); | 290 | $aParams = array($this->searchable_text); |
| 289 | - $aParams = kt_array_merge($aParams, $aPermissionParams); | 291 | + $aParams = kt_array_merge($aPermissionParams, $aParams); |
| 290 | return array($sQuery, $aParams); | 292 | return array($sQuery, $aParams); |
| 291 | } | 293 | } |
| 292 | 294 | ||
| @@ -368,11 +370,11 @@ class SimpleSearchQuery extends PartialQuery { | @@ -368,11 +370,11 @@ class SimpleSearchQuery extends PartialQuery { | ||
| 368 | 370 | ||
| 369 | $aParams[] = $iBatchStart; | 371 | $aParams[] = $iBatchStart; |
| 370 | $aParams[] = $iBatchSize; | 372 | $aParams[] = $iBatchSize; |
| 371 | - | 373 | + |
| 372 | $q = array($sQuery, $aParams); | 374 | $q = array($sQuery, $aParams); |
| 373 | 375 | ||
| 374 | $res = DBUtil::getResultArray($q); | 376 | $res = DBUtil::getResultArray($q); |
| 375 | - | 377 | + |
| 376 | return $res; | 378 | return $res; |
| 377 | } | 379 | } |
| 378 | } | 380 | } |