Commit 46249173 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Deal with multiple views having the same secret url


Signed-off-by: default avatarRichard Mansfield <richardm@catalyst.net.nz>
parent 689e7e43
......@@ -1652,15 +1652,50 @@ function get_view_from_token($token, $visible=true) {
if (!$token) {
return false;
}
return get_field_sql('
$viewids = get_column_sql('
SELECT "view"
FROM {view_access}
WHERE token = ? AND visible = ?
AND (startdate IS NULL OR startdate < current_timestamp)
AND (stopdate IS NULL OR stopdate > current_timestamp)
', array($token, (int)$visible));
ORDER BY "view"
', array($token, (int)$visible)
);
if (empty($viewids)) {
return false;
}
if (count($viewids) > 1) {
// if any of the views are in collection(s), pick one of the ones
// with the lowest displayorder.
$order = get_column_sql('
SELECT cv.view
FROM {collection_view} cv
WHERE cv.view IN (' . join(',', $viewids) . ')
ORDER BY displayorder, collection',
array()
);
if ($order) {
return $order[0];
}
}
return $viewids[0];
}
/**
* Determine whether a view is accessible by a given token
*/
function view_has_token($view, $token) {
if (!$view || !$token) {
return false;
}
return record_exists_select(
'view_access',
'view = ? AND token = ? AND visible = ?
AND (startdate IS NULL OR startdate < current_timestamp)
AND (stopdate IS NULL OR stopdate > current_timestamp)',
array($view, $token, (int)$visible)
);
}
/**
* get the views that a user can see belonging
......
......@@ -119,7 +119,7 @@ addLoadEvent(function () {
EOF;
if ($artefact->get('allowcomments')) {
$anonfeedback = !$USER->is_logged_in() && $viewid == get_view_from_token(get_cookie('viewaccess:'.$viewid));
$anonfeedback = !$USER->is_logged_in() && view_has_token($viewid, get_cookie('viewaccess:'.$viewid));
$addfeedbackform = pieform(ArtefactTypeComment::add_comment_form(false, $artefact->get('approvecomments')));
}
$objectionform = pieform(objection_form());
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment