Commit 6339d399 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Check group id in can edit/view artefact functions

parent 182f2913
......@@ -523,7 +523,7 @@ class User {
public function can_view_artefact($a) {
if ($this->get('admin')
|| $this->get('id') == $a->get('owner')
|| ($this->get('id') and $this->get('id') == $a->get('owner'))
|| $this->is_institutional_admin($a->get('institution'))) {
return true;
}
......@@ -531,7 +531,7 @@ class User {
// Only group artefacts can have artefact_access_role & artefact_access_usr records
return (bool) count_records_sql("SELECT COUNT(*) FROM {artefact_access_role} ar
INNER JOIN {group_member} g ON ar.role = g.role
WHERE ar.artefact = ? AND g.member = ? AND ar.can_view = 1", array($a->get('id'), $this->get('id')))
WHERE ar.artefact = ? AND g.member = ? AND ar.can_view = 1 AND g.group = ?", array($a->get('id'), $this->get('id'), $a->get('group')))
|| record_exists('artefact_access_usr', 'usr', $this->get('id'), 'artefact', $a->get('id'));
}
return false;
......@@ -539,18 +539,22 @@ class User {
public function can_edit_artefact($a) {
if ($this->get('admin')
|| $this->get('id') === $a->get('owner')
|| ($this->get('id') and $this->get('id') == $a->get('owner'))
|| $this->is_institutional_admin($a->get('institution'))) {
return true;
}
$group = $a->get('group');
if ($group) {
return count_records_sql("SELECT COUNT(*) FROM {artefact_access_role} ar
INNER JOIN {group_member} g ON ar.role = g.role
WHERE ar.artefact = ? AND g.member = ? AND ar.can_edit = 1 AND g.group = ?", array($a->get('id'), $this->get('id'), $group));
/*
require_once(get_config('docroot') . 'lib/group.php');
$role = group_user_access($group, $this->get('id'));
if ($role) {
$aperms = $a->get('rolepermissions');
return $aperms->{$role}->edit;
}
} */
}
return false;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment