From 7b4a6232cac2d23d2aecf7aeca06643429e1805d Mon Sep 17 00:00:00 2001 From: rvelices Date: Sat, 1 Apr 2006 01:24:21 +0000 Subject: fix: allow adviser message was not allowing cookies to be sent fix: cookie deletion on logout uses ini_get (on some systems ini_set(cookie_path) is ignored) bug 322: locked category is visible to all the users/groups that have been assigned the permissions git-svn-id: http://piwigo.org/svn/trunk@1117 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions_user.inc.php | 43 +++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) (limited to 'include/functions_user.inc.php') diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php index c1e601aeb..cfa4d53aa 100644 --- a/include/functions_user.inc.php +++ b/include/functions_user.inc.php @@ -300,23 +300,6 @@ SELECT id array_push($private_array, $row['id']); } - // if user is not an admin, locked categories can be considered as private$ - if (!is_admin($user_status)) - { - $query = ' -SELECT id - FROM '.CATEGORIES_TABLE.' - WHERE visible = \'false\' -;'; - $result = pwg_query($query); - while ($row = mysql_fetch_array($result)) - { - array_push($private_array, $row['id']); - } - - $private_array = array_unique($private_array); - } - // retrieve category ids directly authorized to the user $query = ' SELECT cat_id @@ -345,10 +328,28 @@ SELECT cat_id // only unauthorized private categories are forbidden $forbidden_array = array_diff($private_array, $authorized_array); - // at least, the list contains -1 values. This category does not exists so - // where clauses such as "WHERE category_id NOT IN(-1)" will always be - // true. - array_push($forbidden_array, '-1'); + // if user is not an admin, locked categories are forbidden + if (!is_admin($user_status)) + { + $query = ' +SELECT id + FROM '.CATEGORIES_TABLE.' + WHERE visible = \'false\' +;'; + $result = pwg_query($query); + while ($row = mysql_fetch_array($result)) + { + array_push($forbidden_array, $row['id']); + } + $forbidden_array = array_unique($forbidden_array); + } + + if ( empty($forbidden_array) ) + {// at least, the list contains -1 values. This category does not exists so + // where clauses such as "WHERE category_id NOT IN(-1)" will always be + // true. + array_push($forbidden_array, '-1'); + } return implode(',', $forbidden_array); } -- cgit v1.2.3