aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/functions_user.inc.php20
-rw-r--r--include/user.inc.php3
2 files changed, 21 insertions, 2 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 47c124f67..344231577 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -267,9 +267,10 @@ DELETE FROM '.FAVORITES_TABLE.'
* belongs to minus the categories directly authorized to the user
*
* @param int user_id
+ * @param string user_status
* @return string forbidden_categories
*/
-function calculate_permissions($user_id)
+function calculate_permissions($user_id, $user_status)
{
$private_array = array();
$authorized_array = array();
@@ -284,6 +285,23 @@ SELECT id
{
array_push($private_array, $row['id']);
}
+
+ // if user is not an admin, locked categories can be considered as private$
+ if ($user_status != 'admin')
+ {
+ $query = '
+SELECT id
+ FROM '.CATEGORIES_TABLE.'
+ WHERE visible = \'false\'
+;';
+ $result = pwg_query($query);
+ while ($row = mysql_fetch_array($result))
+ {
+ array_push($private_array, $row['id']);
+ }
+
+ $private_array = array_unique($private_array);
+ }
// retrieve category ids directly authorized to the user
$query = '
diff --git a/include/user.inc.php b/include/user.inc.php
index 0d969cec8..f64c28a46 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -128,7 +128,8 @@ if (!defined('IN_ADMIN') or !IN_ADMIN)
or !is_bool($user['need_update'])
or $user['need_update'] == true)
{
- $user['forbidden_categories'] = calculate_permissions($user['id']);
+ $user['forbidden_categories'] = calculate_permissions($user['id'],
+ $user['status']);
}
}