Do not display all project to a user if he has no rights for

_any_ project of the forge, but actually hide all... thanks
to René Klomp for this finding!
This commit is contained in:
Thomas Keller 2012-05-11 23:25:06 +02:00
parent 0826dab575
commit bcd515eed5
2 changed files with 17 additions and 4 deletions

View File

@ -1,3 +1,12 @@
# InDefero 1.3.3 - xxx xxx xx xx:xx 2012 UTC
## Bugfixes
- If an anonymous or authenticated user had no access
to any project in a forge, all projects were listed
for him (but still no one was actually accessible).
This has been fixed.
# InDefero 1.3.2 - Wed May 09 20:05 2012 UTC # InDefero 1.3.2 - Wed May 09 20:05 2012 UTC
## Bugfixes ## Bugfixes

View File

@ -443,10 +443,12 @@ class IDF_Views
} }
$projectIds = self::getUserVisibleProjectIds($user); $projectIds = self::getUserVisibleProjectIds($user);
if (count($projectIds) > 0) { if (count($projectIds) == 0) {
$sql->SAnd(new Pluf_SQL(sprintf($db->pfx.'idf_projects.id IN (%s)', implode(', ', $projectIds)))); return new ArrayObject();
} }
$sql->SAnd(new Pluf_SQL(sprintf($db->pfx.'idf_projects.id IN (%s)', implode(', ', $projectIds))));
$orderTypes = array( $orderTypes = array(
'name' => 'name ASC', 'name' => 'name ASC',
'activity' => 'value DESC, name ASC', 'activity' => 'value DESC, name ASC',
@ -470,10 +472,12 @@ class IDF_Views
$sql = new Pluf_SQL('project IS NULL'); $sql = new Pluf_SQL('project IS NULL');
$projectIds = self::getUserVisibleProjectIds($user); $projectIds = self::getUserVisibleProjectIds($user);
if (count($projectIds) > 0) { if (count($projectIds) == 0) {
$sql->SAnd(new Pluf_SQL(sprintf('idf_project_id IN (%s)', implode(', ', $projectIds)))); return new ArrayObject();
} }
$sql->SAnd(new Pluf_SQL(sprintf('idf_project_id IN (%s)', implode(', ', $projectIds))));
$tagList = Pluf::factory('IDF_Tag')->getList(array( $tagList = Pluf::factory('IDF_Tag')->getList(array(
'filter' => $sql->gen(), 'filter' => $sql->gen(),
'view' => 'join_projects', 'view' => 'join_projects',