Changeset 177 for trunk/lib/ACL.inc.php


Ignore:
Timestamp:
Jun 22, 2006 6:10:45 PM (18 years ago)
Author:
scdev
Message:

Q - Fixed bug in ACL (checking ancestors for access cascade). Modified App::raiseMsg so duplicate msgs will not be set.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/lib/ACL.inc.php

    r175 r177  
    638638                LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id)
    639639                LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id)
    640                 WHERE aro_tbl.lft <= (SELECT lft FROM aro_tbl WHERE name = '" . $db->escapeString($aro) . "')
    641                 AND aco_tbl.lft <= (SELECT lft FROM aco_tbl WHERE name = '" . $db->escapeString($aco) . "')
    642                 AND axo_tbl.lft <= (SELECT lft FROM axo_tbl WHERE name = '" . $db->escapeString($axo) . "')
     640                WHERE (aro_tbl.lft <= (SELECT lft FROM aro_tbl WHERE name = '" . $db->escapeString($aro) . "') AND aro_tbl.rgt >= (SELECT rgt FROM aro_tbl WHERE name = '" . $db->escapeString($aro) . "'))
     641                AND (aco_tbl.lft <= (SELECT lft FROM aco_tbl WHERE name = '" . $db->escapeString($aco) . "') AND aco_tbl.rgt >= (SELECT rgt FROM aco_tbl WHERE name = '" . $db->escapeString($aco) . "'))
     642                AND (axo_tbl.lft <= (SELECT lft FROM axo_tbl WHERE name = '" . $db->escapeString($axo) . "') AND axo_tbl.rgt >= (SELECT rgt FROM axo_tbl WHERE name = '" . $db->escapeString($axo) . "'))
    643643                ORDER BY aro_tbl.aro_id DESC, aco_tbl.aco_id DESC, axo_tbl.axo_id DESC
    644644                LIMIT 1
    645645            ");
    646646            if (!list($access) = mysql_fetch_row($qid)) {
     647                $this->cache->set($cache_hash, 'deny');
    647648                $app->logMsg(sprintf('Access denyed: %s -> %s -> %s. No records found.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__);
    648649                return false;
Note: See TracChangeset for help on using the changeset viewer.