Commit c3c95b03 authored by Ben Bradshaw's avatar Ben Bradshaw
Browse files

[#3299] Fix for when multiple identical (or similar) permissions are set

on a view (i.e. permitting the public twice, allowing two time regions that overlap)
parent 2db6a777
......@@ -1408,7 +1408,7 @@ function can_view_view($view_id, $user_id=null, $usertoken=null, $mnettoken=null
// check public
$publicprofiles = get_config('allowpublicprofiles');
if ($publicviews || $publicprofiles) {
$public = get_record_sql("
$public = get_records_sql_array("
SELECT
v.id, v.type, a.*
FROM
......@@ -1416,15 +1416,18 @@ function can_view_view($view_id, $user_id=null, $usertoken=null, $mnettoken=null
LEFT OUTER JOIN {view_access} a ON v.id = a.view
WHERE
v.id = ? AND a.accesstype = 'public'
", array($view_id));
return $public &&
( ( $publicviews
&& ( $public->startdate == null || $public->startdate < $now )
&& ( $public->stopdate == null || $public->stopdate > $now )
)
||
( $publicprofiles && $public->type == 'profile' )
);
", array($view_id));
// If no public permissions
if ($public == false) {
return false;
}
foreach ($public as $k => $v) {
if ( ($v->startdate == null || $v->startdate < $dbnow) && ($v->stopdate == null || $v->stopdate > $dbnow) ) {
return ($publicviews || ($publicprofiles && $v->type == 'profile'));
}
}
}
return false;
}
......
......@@ -574,6 +574,12 @@ class View {
// View access
if ($accessdata) {
/*
* There should be a cleaner way to do this
* $accessdata_added ensures that the same access is not granted twice because the profile page
* gets very grumpy if there are duplicate access rules
*/
$accessdata_added = array();
foreach ($accessdata as $item) {
$accessrecord = new StdClass;
$accessrecord->view = $this->get('id');
......@@ -588,11 +594,17 @@ class View {
case 'loggedin':
case 'friends':
$accessrecord->accesstype = $item['type'];
insert_record('view_access', $accessrecord);
if (array_search($accessrecord, $accessdata_added) === false) {
insert_record('view_access', $accessrecord);
$accessdata_added[] = $accessrecord;
}
break;
case 'user':
$accessrecord->usr = $item['id'];
insert_record('view_access_usr', $accessrecord);
if (array_search($accessrecord, $accessdata_added) === false) {
insert_record('view_access_usr', $accessrecord);
$accessdata_added[] = $accessrecord;
}
break;
case 'group':
$accessrecord->group = $item['id'];
......@@ -604,11 +616,18 @@ class View {
}
$accessrecord->role = $item['role'];
}
insert_record('view_access_group', $accessrecord);
if (array_search($accessrecord, $accessdata_added) === false) {
insert_record('view_access_group', $accessrecord);
$accessdata_added[] = $accessrecord;
}
break;
case 'token':
$accessrecord->token = $item['id'];
insert_record('view_access_token', $accessrecord);
if (array_search($accessrecord, $accessdata_added) === false) {
insert_record('view_access_token', $accessrecord);
$accessdata_added[] = $accessrecord;
}
break;
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment