aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--admin/include/functions.php9
-rw-r--r--include/functions_user.inc.php20
-rw-r--r--include/user.inc.php3
3 files changed, 29 insertions, 3 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php
index c2c386a78..80f329469 100644
--- a/admin/include/functions.php
+++ b/admin/include/functions.php
@@ -321,7 +321,7 @@ DELETE FROM '.IMAGES_TABLE.'
// - all the links to any group
// - all the favorites linked to this user
// - all sessions linked to this user
-// - all categories informations linked to this user
+// - calculated permissions linked to the user
function delete_user($user_id)
{
// destruction of the access linked to the user
@@ -352,6 +352,13 @@ DELETE FROM '.SESSIONS_TABLE.'
;';
pwg_query($query);
+ // deletion of calculated permissions linked to the user
+ $query = '
+DELETE FROM '.USER_FORBIDDEN_TABLE.'
+ WHERE user_id = '.$user_id.'
+;';
+ pwg_query($query);
+
// destruction of the user
$query = '
DELETE FROM '.USERS_TABLE.'
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 47c124f67..344231577 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -267,9 +267,10 @@ DELETE FROM '.FAVORITES_TABLE.'
* belongs to minus the categories directly authorized to the user
*
* @param int user_id
+ * @param string user_status
* @return string forbidden_categories
*/
-function calculate_permissions($user_id)
+function calculate_permissions($user_id, $user_status)
{
$private_array = array();
$authorized_array = array();
@@ -284,6 +285,23 @@ SELECT id
{
array_push($private_array, $row['id']);
}
+
+ // if user is not an admin, locked categories can be considered as private$
+ if ($user_status != 'admin')
+ {
+ $query = '
+SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE visible = \'false\'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ array_push($private_array, $row['id']);
+ }
+
+ $private_array = array_unique($private_array);
+ }
// retrieve category ids directly authorized to the user
$query = '
diff --git a/include/user.inc.php b/include/user.inc.php
index 0d969cec8..f64c28a46 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -128,7 +128,8 @@ if (!defined('IN_ADMIN') or !IN_ADMIN)
or !is_bool($user['need_update'])
or $user['need_update'] == true)
{
- $user['forbidden_categories'] = calculate_permissions($user['id']);
+ $user['forbidden_categories'] = calculate_permissions($user['id'],
+ $user['status']);
}
}