diff options
author | plegall <plg@piwigo.org> | 2005-01-08 11:23:52 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2005-01-08 11:23:52 +0000 |
commit | 971d0c5a9593d2a8d8ad0eff70c9dba1ca06a606 (patch) | |
tree | ac5ab17972444902a0dfb128eace09f9a11e6b86 /include | |
parent | baf609b26a5c17dbaf5a7f04c9ed95b128b928aa (diff) |
- deletion of calculated permissions when deleting a user
- taking into account locked categories during permissions calculation
git-svn-id: http://piwigo.org/svn/trunk@680 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r-- | include/functions_user.inc.php | 20 | ||||
-rw-r--r-- | include/user.inc.php | 3 |
2 files changed, 21 insertions, 2 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 47c124f67..344231577 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -267,9 +267,10 @@ DELETE FROM '.FAVORITES_TABLE.' * belongs to minus the categories directly authorized to the user * * @param int user_id + * @param string user_status * @return string forbidden_categories */ -function calculate_permissions($user_id) +function calculate_permissions($user_id, $user_status) { $private_array = array(); $authorized_array = array(); @@ -284,6 +285,23 @@ SELECT id { array_push($private_array, $row['id']); } + + // if user is not an admin, locked categories can be considered as private$ + if ($user_status != 'admin') + { + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE visible = \'false\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($private_array, $row['id']); + } + + $private_array = array_unique($private_array); + } // retrieve category ids directly authorized to the user $query = ' diff --git a/include/user.inc.php b/include/user.inc.php index 0d969cec8..f64c28a46 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -128,7 +128,8 @@ if (!defined('IN_ADMIN') or !IN_ADMIN) or !is_bool($user['need_update']) or $user['need_update'] == true) { - $user['forbidden_categories'] = calculate_permissions($user['id']); + $user['forbidden_categories'] = calculate_permissions($user['id'], + $user['status']); } } |