From 735f8e4036c0f3fd20efff3e23489891f6abb791 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Sun, 22 Aug 2004 19:22:53 +0000 Subject: [PATCH] fixed ACL for status offer, it respects now the regular read-access restrictions --- infolog/inc/class.soinfolog.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/infolog/inc/class.soinfolog.inc.php b/infolog/inc/class.soinfolog.inc.php index 9fc704b33b..92e1fe7849 100644 --- a/infolog/inc/class.soinfolog.inc.php +++ b/infolog/inc/class.soinfolog.inc.php @@ -128,7 +128,9 @@ // private: own entries plus the one user is responsible for if ($filter == 'private' || $filter == 'own') { - $filtermethod .= " OR (info_responsible=$this->user OR info_status = 'offer')". + $filtermethod .= " OR (info_responsible=$this->user". + ($filter == 'own' && count($public_user_list) ? // offer's should show up in own, eg. startpage, but need read-access + " OR info_status = 'offer' AND info_owner IN(" . implode(',',$public_user_list) . ')' : '').")". " AND (info_access='public'".($has_private_access?" OR $has_private_access":'').')'; } else // none --> all entrys user has rights to see