From 2a533dc9f1d7870b1b911568616a3750a503afca Mon Sep 17 00:00:00 2001 From: Eike Foken Date: Thu, 8 Sep 2011 16:00:49 +0200 Subject: [PATCH] Fix access check for projects --- application/controllers/projects.php | 3 ++- application/models/share.php | 24 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/application/controllers/projects.php b/application/controllers/projects.php index c2b45c2..ceac588 100644 --- a/application/controllers/projects.php +++ b/application/controllers/projects.php @@ -183,7 +183,8 @@ class Projects extends CI_Controller { */ private function _checkAccess($projectId) { $project = $this->project->getById($projectId); - return $this->access->isAdmin() || $project['public'] == 1; + $share = $this->share->get($projectId, $this->session->userdata('user_id')); + return $this->access->isAdmin() || $project['public'] == 1 || isset($share['project_id']); } } diff --git a/application/models/share.php b/application/models/share.php index e1961fd..4d81d90 100644 --- a/application/models/share.php +++ b/application/models/share.php @@ -35,6 +35,17 @@ class Share extends CI_Model { parent::__construct(); } + /** + * Gets a share by its primary key. + * + * @param string $projectId + * @param string $userId + * @return array + */ + public function get($projectId, $userId) { + return $this->db->get_where('shares', array('project_id' => $projectId, 'user_id' => $userId))->row_array(); + } + /** * Gets all share for a specific project. * @@ -48,6 +59,19 @@ class Share extends CI_Model { return $this->db->get_where('shares', array('project_id' => $projectId))->result_array(); } + /** + * Gets all share for a specific user. + * + * @param string $userId + * @return array + */ + public function getByUserId($userId) { + $this->db->select('shares.*, projects.name'); + $this->db->join('projects', 'projects.id = shares.project_id', 'left'); + + return $this->db->get_where('shares', array('user_id' => $userId))->result_array(); + } + /** * Creates a share. *