[geeklog-cvs] geeklog-1.3/plugins/staticpages functions.inc,1.18,1.19

dhaun at geeklog.net dhaun at geeklog.net
Tue Mar 11 12:00:58 EST 2003 

Update of /usr/cvs/geeklog/geeklog-1.3/plugins/staticpages
In directory internal.geeklog.net:/tmp/cvs-serv3643/plugins/staticpages

Modified Files:
	functions.inc 
Log Message:
Fixed problems with static pages permissions.


Index: functions.inc
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/plugins/staticpages/functions.inc,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -d -r1.18 -r1.19
*** functions.inc	9 Mar 2003 11:47:22 -0000	1.18
--- functions.inc	11 Mar 2003 17:00:56 -0000	1.19
***************
*** 103,107 ****
                                        'statrow'=>'singlestat.thtml'));
      if ($showsitestats == 1) {
!         $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']} WHERE " . SP_getPerms ());
          $A = DB_fetchArray ($result);
          $total_pages = $A['cnt'];
--- 103,111 ----
                                        'statrow'=>'singlestat.thtml'));
      if ($showsitestats == 1) {
!         $perms = SP_getPerms ();
!         if (!empty ($perms)) {
!             $perms = ' WHERE ' . $perms;
!         }
!         $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']}" . $perms);
          $A = DB_fetchArray ($result);
          $total_pages = $A['cnt'];
***************
*** 110,114 ****
          $retval .= '<td align="right">' . $total_pages . '  </td></tr></table>';
      } else {
!         $result = DB_query ("SELECT sp_id,sp_title,sp_hits FROM {$_TABLES['staticpage']} WHERE sp_hits > 0 AND" . SP_getPerms() . ' ORDER BY sp_hits DESC LIMIT 10');
          $nrows  = DB_numRows ($result);
          $retval .= COM_startBlock ($LANG_STATIC['stats_headline']);
--- 114,122 ----
          $retval .= '<td align="right">' . $total_pages . '  </td></tr></table>';
      } else {
!         $perms = SP_getPerms ();
!         if (!empty ($perms)) {
!             $perms = ' AND ' . $perms;
!         }
!         $result = DB_query ("SELECT sp_id,sp_title,sp_hits FROM {$_TABLES['staticpage']} WHERE sp_hits > 0" . $perms . ' ORDER BY sp_hits DESC LIMIT 10');
          $nrows  = DB_numRows ($result);
          $retval .= COM_startBlock ($LANG_STATIC['stats_headline']);
***************
*** 262,266 ****
  
      if (SEC_hasRights ('staticpages.edit,staticpages.delete', 'OR')) {
!         $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']} WHERE " . SP_getPerms ('','3'));
          $A = DB_fetchArray ($result);
          $total_pages = $A['cnt'];
--- 270,278 ----
  
      if (SEC_hasRights ('staticpages.edit,staticpages.delete', 'OR')) {
!         $perms = SP_getPerms ('', '3');
!         if (!empty ($perms)) {
!             $perms = ' WHERE ' . $perms;
!         }
!         $result = DB_query ("SELECT count(*) AS cnt FROM {$_TABLES['staticpage']}" . $perms);
          $A = DB_fetchArray ($result);
          $total_pages = $A['cnt'];
***************
*** 272,276 ****
  * Return SQL where statement with appropriate permissions
  *
! * Takes User id and permission and returns SQL where clause which will return the appropriate objects.
  * This assumes that the table has the following security structure:
  * owner_id        | mediumint(8)          
--- 284,289 ----
  * Return SQL where statement with appropriate permissions
  *
! * Takes User id and permission and returns SQL where clause which will return
! * the appropriate objects.
  * This assumes that the table has the following security structure:
  * owner_id        | mediumint(8)          
***************
*** 289,314 ****
  *
  */
! function SP_getPerms($table='',$access='2',$u_id='')
  {
! 	global $_USER, $_GROUPS;
! 	
! 	if ($table != '') { $table .= '.'; }
! 	if ($u_id == '') {
! 		$uid = $_USER['uid'];
! 		$GROUPS = $_GROUPS;
! 	} else {
! 		$uid = $u_id;
! 		$GROUPS = SEC_getUserGroups($uid);
! 	}
! 	$where = "((" . $table . "perm_anon >= $access)";
! 	// check to see if anonymous user
! 	if ($uid > 1) {
! 		$where .= " OR (" . $table . "perm_members >= $access)";
! 		foreach ($GROUPS as $group) {
! 			$where .= " OR ((" . $table . "group_id = $group) AND (" . $table . "perm_group >= $access))";
! 		}
! 		$where .= " OR ((" . $table . "owner_id = $uid) AND (" . $table . "perm_owner >= $access))";
  	}
! 	return $where . ")"; 
  }
  
--- 302,343 ----
  *
  */
! function SP_getPerms ($table = '', $access = '2', $u_id = '')
  {
!     global $_USER, $_GROUPS;
! 
!     if ($table != '') { $table .= '.'; }
! 
!     if ($u_id == '') {
!         $uid = $_USER['uid'];
!         $GROUPS = $_GROUPS;
!     } else {
!         $uid = $u_id;
!         $GROUPS = SEC_getUserGroups ($uid);
  	}
! 
!     if (SEC_inGroup ('Root', $uid)) {
!         return '';
!     }
! 
!     $sql = '(';
! 
!     if ($uid > 1) {
!         $sql .= "((owner_id = '{$uid}') AND (perm_owner >= $access)) OR ";
! 
!         $groupList = '';
!         foreach ($GROUPS as $grp) {
!             $groupList .= $grp . ',';
!         }
!         $groupList = substr ($groupList, 0, -1);
!         $sql .= "((group_id IN ($groupList)) AND (perm_group >= $access)) OR ";
! 
!         $sql .= "(perm_members >= $access)";
!     } else {
!         $sql .= "perm_anon >= $access";
!     }
! 
!     $sql .= ')';
! 
!     return $sql;
  }

More information about the geeklog-cvs mailing list