[geeklog-cvs] geeklog: With SEC_hasAccess you now can specify a user id if you...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Dec 5 11:47:00 EST 2011
changeset 8453:87104da84532
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/87104da84532
user: Tom <websitemaster at cogeco.net>
date: Mon Dec 05 11:40:02 2011 -0500
description:
With SEC_hasAccess you now can specify a user id if you wish to check access for someone besides the current user.
diffstat:
system/lib-security.php | 21 ++++++++++++---------
1 files changed, 12 insertions(+), 9 deletions(-)
diffs (46 lines):
diff -r bc82c090e76b -r 87104da84532 system/lib-security.php
--- a/system/lib-security.php Mon Dec 05 11:34:27 2011 -0500
+++ b/system/lib-security.php Mon Dec 05 11:40:02 2011 -0500
@@ -323,22 +323,25 @@
* @param int $perm_group Permissions the gorup has
* @param int $perm_members Permissions logged in members have
* @param int $perm_anon Permissions anonymous users have
+* @param int $uid User id or 0 = current user
* @return int returns 3 for read/edit 2 for read only 0 for no access
*
*/
-function SEC_hasAccess($owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon)
+function SEC_hasAccess($owner_id,$group_id,$perm_owner,$perm_group,$perm_members,$perm_anon, $uid = 0)
{
global $_USER;
- // Cache current user id
- if (empty($_USER['uid'])) {
- $uid = 1;
- } else {
- $uid = $_USER['uid'];
+ if ($uid == 0) {
+ // Cache current user id
+ if (empty($_USER['uid'])) {
+ $uid = 1;
+ } else {
+ $uid = $_USER['uid'];
+ }
}
-
+
// If user is in Root group then return full access
- if (SEC_inGroup('Root')) {
+ if (SEC_inGroup('Root', $uid)) {
return 3;
}
@@ -346,7 +349,7 @@
if ($uid == $owner_id) return $perm_owner;
// Not private, if user is in group then give access
- if (SEC_inGroup($group_id)) {
+ if (SEC_inGroup($group_id, $uid)) {
return $perm_group;
} else {
if ($uid == 1) {
More information about the geeklog-cvs
mailing list