[geeklog-cvs] geeklog-1.3/plugins/staticpages functions.inc,1.18,1.19
dhaun at geeklog.net
dhaun at geeklog.net
Tue Mar 11 12:00:58 EST 2003
Update of /usr/cvs/geeklog/geeklog-1.3/plugins/staticpages
In directory internal.geeklog.net:/tmp/cvs-serv3643/plugins/staticpages
Modified Files:
functions.inc
Log Message:
Fixed problems with static pages permissions.
Index: functions.inc
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/plugins/staticpages/functions.inc,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -d -r1.18 -r1.19
*** functions.inc 9 Mar 2003 11:47:22 -0000 1.18
--- functions.inc 11 Mar 2003 17:00:56 -0000 1.19
***************
*** 103,107 ****
'statrow'=>'singlestat.thtml'));
if ($showsitestats == 1) {
! $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']} WHERE " . SP_getPerms ());
$A = DB_fetchArray ($result);
$total_pages = $A['cnt'];
--- 103,111 ----
'statrow'=>'singlestat.thtml'));
if ($showsitestats == 1) {
! $perms = SP_getPerms ();
! if (!empty ($perms)) {
! $perms = ' WHERE ' . $perms;
! }
! $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']}" . $perms);
$A = DB_fetchArray ($result);
$total_pages = $A['cnt'];
***************
*** 110,114 ****
$retval .= '<td align="right">' . $total_pages . ' </td></tr></table>';
} else {
! $result = DB_query ("SELECT sp_id,sp_title,sp_hits FROM {$_TABLES['staticpage']} WHERE sp_hits > 0 AND" . SP_getPerms() . ' ORDER BY sp_hits DESC LIMIT 10');
$nrows = DB_numRows ($result);
$retval .= COM_startBlock ($LANG_STATIC['stats_headline']);
--- 114,122 ----
$retval .= '<td align="right">' . $total_pages . ' </td></tr></table>';
} else {
! $perms = SP_getPerms ();
! if (!empty ($perms)) {
! $perms = ' AND ' . $perms;
! }
! $result = DB_query ("SELECT sp_id,sp_title,sp_hits FROM {$_TABLES['staticpage']} WHERE sp_hits > 0" . $perms . ' ORDER BY sp_hits DESC LIMIT 10');
$nrows = DB_numRows ($result);
$retval .= COM_startBlock ($LANG_STATIC['stats_headline']);
***************
*** 262,266 ****
if (SEC_hasRights ('staticpages.edit,staticpages.delete', 'OR')) {
! $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']} WHERE " . SP_getPerms ('','3'));
$A = DB_fetchArray ($result);
$total_pages = $A['cnt'];
--- 270,278 ----
if (SEC_hasRights ('staticpages.edit,staticpages.delete', 'OR')) {
! $perms = SP_getPerms ('', '3');
! if (!empty ($perms)) {
! $perms = ' WHERE ' . $perms;
! }
! $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']}" . $perms);
$A = DB_fetchArray ($result);
$total_pages = $A['cnt'];
***************
*** 272,276 ****
* Return SQL where statement with appropriate permissions
*
! * Takes User id and permission and returns SQL where clause which will return the appropriate objects.
* This assumes that the table has the following security structure:
* owner_id | mediumint(8)
--- 284,289 ----
* Return SQL where statement with appropriate permissions
*
! * Takes User id and permission and returns SQL where clause which will return
! * the appropriate objects.
* This assumes that the table has the following security structure:
* owner_id | mediumint(8)
***************
*** 289,314 ****
*
*/
! function SP_getPerms($table='',$access='2',$u_id='')
{
! global $_USER, $_GROUPS;
!
! if ($table != '') { $table .= '.'; }
! if ($u_id == '') {
! $uid = $_USER['uid'];
! $GROUPS = $_GROUPS;
! } else {
! $uid = $u_id;
! $GROUPS = SEC_getUserGroups($uid);
! }
! $where = "((" . $table . "perm_anon >= $access)";
! // check to see if anonymous user
! if ($uid > 1) {
! $where .= " OR (" . $table . "perm_members >= $access)";
! foreach ($GROUPS as $group) {
! $where .= " OR ((" . $table . "group_id = $group) AND (" . $table . "perm_group >= $access))";
! }
! $where .= " OR ((" . $table . "owner_id = $uid) AND (" . $table . "perm_owner >= $access))";
}
! return $where . ")";
}
--- 302,343 ----
*
*/
! function SP_getPerms ($table = '', $access = '2', $u_id = '')
{
! global $_USER, $_GROUPS;
!
! if ($table != '') { $table .= '.'; }
!
! if ($u_id == '') {
! $uid = $_USER['uid'];
! $GROUPS = $_GROUPS;
! } else {
! $uid = $u_id;
! $GROUPS = SEC_getUserGroups ($uid);
}
!
! if (SEC_inGroup ('Root', $uid)) {
! return '';
! }
!
! $sql = '(';
!
! if ($uid > 1) {
! $sql .= "((owner_id = '{$uid}') AND (perm_owner >= $access)) OR ";
!
! $groupList = '';
! foreach ($GROUPS as $grp) {
! $groupList .= $grp . ',';
! }
! $groupList = substr ($groupList, 0, -1);
! $sql .= "((group_id IN ($groupList)) AND (perm_group >= $access)) OR ";
!
! $sql .= "(perm_members >= $access)";
! } else {
! $sql .= "perm_anon >= $access";
! }
!
! $sql .= ')';
!
! return $sql;
}
More information about the geeklog-cvs
mailing list