From 3c094f62a071292bcedd274d8ca9a402c68da814 Mon Sep 17 00:00:00 2001 From: niekt0 Date: Sun, 15 Jan 2012 01:52:55 +0100 Subject: [PATCH] fixed bug in permissions (node was displayed even with external_access=no) --- wwwroot/backend/mysql/permissions.inc | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/wwwroot/backend/mysql/permissions.inc b/wwwroot/backend/mysql/permissions.inc index 14bc7d4..6ef9596 100644 --- a/wwwroot/backend/mysql/permissions.inc +++ b/wwwroot/backend/mysql/permissions.inc @@ -58,6 +58,20 @@ public static function checkPerms($node) { $perms['node_system_access'] = $qr_np->getString('node_system_access'); $perms['node_external_access'] = $qr_np->getString('node_external_access'); + // external access must go first + if ($user_id == "") { + if ($perms['node_system_access'] != 'private' + && $perms['node_external_access'] == 'yes') { + $perms['r'] = 1; + $perms['w'] = 0; + break; + } else { + $perms['r'] = 0; + $perms['w'] = 0; + break; + } + } + // r/w prava podla system accessu if ($perms['node_system_access'] == 'public') { $perms['r'] = 1; @@ -79,14 +93,6 @@ public static function checkPerms($node) { break; } - if ($perms['node_system_access'] != 'private' - && (empty($_SESSION['user_id'])) - && $perms['node_external_access'] == 'yes') { - $perms['r'] = 1; - $perms['w'] = 0; - break; - } - } // if ($perms['node_permission'] == '' && $perms['node_system_access'] == '') else { // ked som v public alebo moderated fore a dalsie nadradene su uz privatne -- 2.30.2