diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions_user.inc.php | 20 | ||||
| -rw-r--r-- | include/user.inc.php | 3 |
2 files changed, 21 insertions, 2 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index 47c124f67..344231577 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -267,9 +267,10 @@ DELETE FROM '.FAVORITES_TABLE.' * belongs to minus the categories directly authorized to the user * * @param int user_id + * @param string user_status * @return string forbidden_categories */ -function calculate_permissions($user_id) +function calculate_permissions($user_id, $user_status) { $private_array = array(); $authorized_array = array(); @@ -284,6 +285,23 @@ SELECT id { array_push($private_array, $row['id']); } + + // if user is not an admin, locked categories can be considered as private$ + if ($user_status != 'admin') + { + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE visible = \'false\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($private_array, $row['id']); + } + + $private_array = array_unique($private_array); + } // retrieve category ids directly authorized to the user $query = ' diff --git a/include/user.inc.php b/include/user.inc.php index 0d969cec8..f64c28a46 100644 --- a/include/user.inc.php +++ b/include/user.inc.php @@ -128,7 +128,8 @@ if (!defined('IN_ADMIN') or !IN_ADMIN) or !is_bool($user['need_update']) or $user['need_update'] == true) { - $user['forbidden_categories'] = calculate_permissions($user['id']); + $user['forbidden_categories'] = calculate_permissions($user['id'], + $user['status']); } } |