[geeklog-cvs] geeklog-1.3/system/classes search.class.php,1.6,1.7
geeklog-cvs-admin at lists.geeklog.net
geeklog-cvs-admin at lists.geeklog.net
Wed Jul 2 14:10:59 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/system/classes
In directory internal.geeklog.net:/tmp/cvs-serv32205/classes
Modified Files:
search.class.php
Log Message:
When searching stories or comments to stores, we need to check the topic permissions.
Index: search.class.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/system/classes/search.class.php,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** search.class.php 25 Jun 2003 08:39:02 -0000 1.6
--- search.class.php 2 Jul 2003 18:10:57 -0000 1.7
***************
*** 150,154 ****
$this->_author = DB_getItem($_TABLES['users'],'uid',"username='" . $this->_author . "'");
}
!
/**
* Performs search on all stories
--- 150,184 ----
$this->_author = DB_getItem($_TABLES['users'],'uid',"username='" . $this->_author . "'");
}
!
! /**
! * Create SQL to check the topic permissions of the current user.
! *
! * @author Dirk Haun <dirk AT haun-online DOT de>
! * @access private
! *
! */
! function _checkTopicPermissions ()
! {
! global $_TABLES;
!
! $topicsql = '';
!
! $tresult = DB_query ("SELECT tid FROM {$_TABLES['topics']}"
! . COM_getPermSQL ());
! $trows = DB_numRows ($tresult);
! if ($trows > 0) {
! $tids = array ();
! for ($i = 0; $i < $trows; $i++) {
! $T = DB_fetchArray ($tresult);
! $tids[] = $T['tid'];
! }
! if (sizeof ($tids) > 0) {
! $topicsql = "AND (tid IN ('" . implode ("','", $tids) . "')) ";
! }
! }
!
! return $topicsql;
! }
!
/**
* Performs search on all stories
***************
*** 184,188 ****
if ($this->_type == 'all' OR $this->_type == 'stories') {
! $sql = "SELECT sid,title,introtext,bodytext,hits,uid,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon,UNIX_TIMESTAMP(date) as day,'story' as type FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) ";
if (!empty ($this->_query)) {
if($this->_keyType == 'phrase') {
--- 214,218 ----
if ($this->_type == 'all' OR $this->_type == 'stories') {
! $sql = "SELECT sid,title,introtext,bodytext,hits,uid,group_id,owner_id,perm_owner,perm_group,perm_members,perm_anon,UNIX_TIMESTAMP(date) as day,'story' as type FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) " . $this->_checkTopicPermissions ();
if (!empty ($this->_query)) {
if($this->_keyType == 'phrase') {
***************
*** 238,248 ****
$sql .= "AND (uid = '$this->_author') ";
}
! $permsql .= 'AND (';
! if (!empty ($_USER['uid'])) {
! $permsql .= "(owner_id = {$_USER['uid']} AND perm_owner >= 2) OR ";
! $permsql .= "(group_id IN ($groupList) AND perm_group >= 2) OR ";
! $permsql .= "(perm_members >= 2) OR ";
! }
! $permsql .= "(perm_anon >= 2)) ";
$sql .= $permsql;
$sql .= "ORDER BY date desc";
--- 268,272 ----
$sql .= "AND (uid = '$this->_author') ";
}
! $permsql = COM_getPermSQL ('AND');
$sql .= $permsql;
$sql .= "ORDER BY date desc";
***************
*** 250,254 ****
$result_stories = DB_query($sql);
$nrows_stories = DB_numRows($result_stories);
! $result_count = DB_query("SELECT count(*) FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW()) " . $permsql);
$B = DB_fetchArray($result_count);
$story_results = new Plugin();
--- 274,278 ----
$result_stories = DB_query($sql);
$nrows_stories = DB_numRows($result_stories);
! $result_count = DB_query("SELECT count(*) FROM {$_TABLES['stories']} WHERE (draft_flag = 0) AND (date <= NOW())" . $permsql);
$B = DB_fetchArray($result_count);
$story_results = new Plugin();
***************
*** 296,305 ****
{
global $LANG09, $_CONF, $_TABLES, $_USER, $_GROUPS;
!
if ($this->_type == 'all' OR $this->_type == 'comments') {
! $stsql = '';
$stwhere = '';
!
$groupList = '';
if (!empty ($_USER['uid'])) {
--- 320,331 ----
{
global $LANG09, $_CONF, $_TABLES, $_USER, $_GROUPS;
!
if ($this->_type == 'all' OR $this->_type == 'comments') {
! $stsql = COM_getPermSQL ('AND', 0, 2, $_TABLES['stories']);
! $stsql .= $this->_checkTopicPermissions ();
!
$stwhere = '';
!
$groupList = '';
if (!empty ($_USER['uid'])) {
***************
*** 310,339 ****
}
if (!empty ($_USER['uid'])) {
- $stsql .= "({$_TABLES['stories']}.owner_id = {$_USER['uid']} AND {$_TABLES['stories']}.perm_owner >= 2) OR ";
- $stsql .= "({$_TABLES['stories']}.group_id IN ($groupList) AND {$_TABLES['stories']}.perm_group >= 2) OR ";
- $stsql .= "({$_TABLES['stories']}.perm_members >= 2) OR ";
$stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL) OR ";
}
- $stsql .= "({$_TABLES['stories']}.perm_anon >= 2)";
$stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
! $posql = '';
$powhere = '';
if (!empty ($_USER['uid'])) {
- $posql .= "({$_TABLES['pollquestions']}.owner_id = {$_USER['uid']} AND {$_TABLES['pollquestions']}.perm_owner >= 2) OR ";
- $posql .= "({$_TABLES['pollquestions']}.group_id IN ($groupList) AND {$_TABLES['pollquestions']}.perm_group >= 2) OR ";
- $posql .= "({$_TABLES['pollquestions']}.perm_members >= 2) OR ";
$powhere .= "({$_TABLES['pollquestions']}.owner_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_owner IS NOT NULL) OR ";
$powhere .= "({$_TABLES['pollquestions']}.group_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_group IS NOT NULL) OR ";
$powhere .= "({$_TABLES['pollquestions']}.perm_members IS NOT NULL) OR ";
}
- $posql .= "({$_TABLES['pollquestions']}.perm_anon >= 2)";
$powhere .= "({$_TABLES['pollquestions']}.perm_anon IS NOT NULL)";
$sql = "SELECT {$_TABLES['stories']}.sid,{$_TABLES['comments']}.title,comment,pid,{$_TABLES['comments']}.uid,type as comment_type,UNIX_TIMESTAMP({$_TABLES['comments']}.date) as day,'comment' as type FROM {$_TABLES['comments']} ";
! $sql .= "LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid) AND (" . $stsql . ")) ";
! $sql .= "LEFT JOIN {$_TABLES['pollquestions']} ON ((qid = {$_TABLES['comments']}.sid) AND (" . $posql . ")) ";
$sql .= "WHERE ";
$sql .= " (comment like '%$this->_query%' ";
--- 336,357 ----
}
if (!empty ($_USER['uid'])) {
$stwhere .= "({$_TABLES['stories']}.owner_id IS NOT NULL AND {$_TABLES['stories']}.perm_owner IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.group_id IS NOT NULL AND {$_TABLES['stories']}.perm_group IS NOT NULL) OR ";
$stwhere .= "({$_TABLES['stories']}.perm_members IS NOT NULL) OR ";
}
$stwhere .= "({$_TABLES['stories']}.perm_anon IS NOT NULL)";
! $posql = COM_getPermSQL ('AND', 0, 2, $_TABLES['pollquestions']);
$powhere = '';
if (!empty ($_USER['uid'])) {
$powhere .= "({$_TABLES['pollquestions']}.owner_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_owner IS NOT NULL) OR ";
$powhere .= "({$_TABLES['pollquestions']}.group_id IS NOT NULL AND {$_TABLES['pollquestions']}.perm_group IS NOT NULL) OR ";
$powhere .= "({$_TABLES['pollquestions']}.perm_members IS NOT NULL) OR ";
}
$powhere .= "({$_TABLES['pollquestions']}.perm_anon IS NOT NULL)";
$sql = "SELECT {$_TABLES['stories']}.sid,{$_TABLES['comments']}.title,comment,pid,{$_TABLES['comments']}.uid,type as comment_type,UNIX_TIMESTAMP({$_TABLES['comments']}.date) as day,'comment' as type FROM {$_TABLES['comments']} ";
! $sql .= "LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . $stsql . ") ";
! $sql .= "LEFT JOIN {$_TABLES['pollquestions']} ON ((qid = {$_TABLES['comments']}.sid)" . $posql . ") ";
$sql .= "WHERE ";
$sql .= " (comment like '%$this->_query%' ";
***************
*** 353,357 ****
$sql .= "ORDER BY {$_TABLES['comments']}.date DESC";
$result_comments = DB_query($sql);
! $sql = "SELECT count(*) FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid) AND (" . $stsql . ")) LEFT JOIN {$_TABLES['pollquestions']} ON ((qid = {$_TABLES['comments']}.sid) AND (" . $posql . ")) WHERE ((" . $stwhere . ") OR (" . $powhere . "))";
$result_count = DB_query($sql);
$B = DB_fetchArray ($result_count);
--- 371,375 ----
$sql .= "ORDER BY {$_TABLES['comments']}.date DESC";
$result_comments = DB_query($sql);
! $sql = "SELECT count(*) FROM {$_TABLES['comments']} LEFT JOIN {$_TABLES['stories']} ON (({$_TABLES['stories']}.sid = {$_TABLES['comments']}.sid)" . $stsql . ") LEFT JOIN {$_TABLES['pollquestions']} ON ((qid = {$_TABLES['comments']}.sid)" . $posql . ") WHERE ((" . $stwhere . ") OR (" . $powhere . "))";
$result_count = DB_query($sql);
$B = DB_fetchArray ($result_count);
More information about the geeklog-cvs
mailing list