Commit 95d15f89 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Check public access on profile views in can_view_view

parent 1f922f96
......@@ -1305,16 +1305,15 @@ function can_view_view($view_id, $user_id=null) {
if ($publicviews || $publicprofiles) {
$public = get_record_sql("
SELECT
v.id, v.type, va.*
v.id, v.type, a.*
FROM
{view} v
LEFT OUTER JOIN {view_access} a ON v.id = a.view
WHERE
v.id = ?
AND (a.accesstype = 'public' OR v.type = 'profile')
v.id = ? AND a.accesstype = 'public'
", array($view_id));
return $public &&
( ( $publicviews && $public->accesstype == 'public'
( ( $publicviews
&& ( $public->startdate == null || $public->startdate < $now )
&& ( $public->stopdate == null || $public->stopdate > $now )
)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment