hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-18 07:23:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

User who can change status can see hidden status

Browse Source
This commit is contained in:
Romain Neutron
2012-01-31 16:58:39 +01:00
parent 6a3c186e2a
commit 716f377fdd
1 changed files with 16 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/classes/databox/status.class.php
View File

@@ -159,9 +159,21 @@ class databox_status
$statuses = array(); $statuses = array();
$sbas_ids = $user->ACL()->get_granted_sbas(); $sbas_ids = $user->ACL()->get_granted_sbas();
$see_all = array();
foreach ($sbas_ids as $databox) foreach ($sbas_ids as $databox)
{ {
$see_all[$databox->get_sbas_id()] = false;
foreach($databox->get_collections() as $collection)
{
if($user->ACL()->has_right_on_base($collection->get_base_id(), 'chgstatus'))
{
$see_all[$databox->get_sbas_id()] = true;
break;
}
}
try try
{ {
$statuses[$databox->get_sbas_id()] = $databox->get_statusbits(); $statuses[$databox->get_sbas_id()] = $databox->get_statusbits();
@@ -177,15 +189,15 @@ class databox_status
foreach ($statuses as $sbas_id => $status) foreach ($statuses as $sbas_id => $status)
{ {
$see_all = false; $see_this = isset($see_all[$sbas_id]) ? $see_all[$sbas_id] : false;
if ($user->ACL()->has_right_on_sbas($sbas_id, 'bas_modify_struct')) if ($user->ACL()->has_right_on_sbas($sbas_id, 'bas_modify_struct'))
$see_all = true; $see_this = true;
foreach ($status as $bit => $props) foreach ($status as $bit => $props)
{ {
if ($props['searchable'] == 0 && !$see_all) if ($props['searchable'] == 0 && !$see_this)
continue; continue;
$set = false; $set = false;