diff options
| -rw-r--r-- | admin/include/functions.php | 9 | ||||
| -rw-r--r-- | include/functions_user.inc.php | 20 | ||||
| -rw-r--r-- | include/user.inc.php | 3 |
3 files changed, 29 insertions, 3 deletions
diff --git a/admin/include/functions.php b/admin/include/functions.php index c2c386a78..80f329469 100644 --- a/admin/include/functions.php +++ b/admin/include/functions.php @@ -321,7 +321,7 @@ DELETE FROM '.IMAGES_TABLE.' // - all the links to any group // - all the favorites linked to this user // - all sessions linked to this user -// - all categories informations linked to this user +// - calculated permissions linked to the user function delete_user($user_id) { // destruction of the access linked to the user @@ -352,6 +352,13 @@ DELETE FROM '.SESSIONS_TABLE.' ;'; pwg_query($query); + // deletion of calculated permissions linked to the user + $query = ' +DELETE FROM '.USER_FORBIDDEN_TABLE.' + WHERE user_id = '.$user_id.' +;'; + pwg_query($query); + // destruction of the user $query = ' DELETE FROM '.USERS_TABLE.' diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 47c124f67..344231577 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -267,9 +267,10 @@ DELETE FROM '.FAVORITES_TABLE.' * belongs to minus the categories directly authorized to the user * * @param int user_id + * @param string user_status * @return string forbidden_categories */ -function calculate_permissions($user_id) +function calculate_permissions($user_id, $user_status) { $private_array = array(); $authorized_array = array(); @@ -284,6 +285,23 @@ SELECT id { array_push($private_array, $row['id']); } + + // if user is not an admin, locked categories can be considered as private$ + if ($user_status != 'admin') + { + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE visible = \'false\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($private_array, $row['id']); + } + + $private_array = array_unique($private_array); + } // retrieve category ids directly authorized to the user $query = ' diff --git a/include/user.inc.php b/include/user.inc.php index 0d969cec8..f64c28a46 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -128,7 +128,8 @@ if (!defined('IN_ADMIN') or !IN_ADMIN) or !is_bool($user['need_update']) or $user['need_update'] == true) { - $user['forbidden_categories'] = calculate_permissions($user['id']); + $user['forbidden_categories'] = calculate_permissions($user['id'], + $user['status']); } } |