harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

issue #216 - calendar sharing

Browse Source
This commit is contained in:
redmatrix
2016-02-24 18:54:52 -08:00
parent 6300f47cdc
commit c95d7c69eb
8 changed files with 425 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
include/security.php
View File

@@ -148,7 +148,7 @@ function change_channel($change_channel) {
* @return string additional SQL where statement
*/
function permissions_sql($owner_id, $remote_observer = null) {
function permissions_sql($owner_id, $remote_observer = null, $table = '') {
$local_channel = local_channel();
@@ -158,10 +158,14 @@ function permissions_sql($owner_id, $remote_observer = null) {
* default permissions - anonymous user
*/
$sql = " AND allow_cid = ''
AND allow_gid = ''
AND deny_cid = ''
AND deny_gid = ''
if($table)
$table .= '.';
$sql = " AND {$table}allow_cid = ''
AND {$table}allow_gid = ''
AND {$table}deny_cid = ''
AND {$table}deny_gid = ''
";
/**
@@ -193,8 +197,8 @@ function permissions_sql($owner_id, $remote_observer = null) {
}
$regexop = db_getfunc('REGEXP');
$sql = sprintf(
" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
" AND ( NOT ({$table}deny_cid like '%s' OR {$table}deny_gid $regexop '%s')
AND ( {$table}allow_cid like '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') )
)
",
dbesc(protect_sprintf( '%<' . $observer . '>%')),