karsten/scattport-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix access check for projects

Browse Source
This commit is contained in:
Eike Foken
2011-09-08 16:00:49 +02:00
parent e106201d9d
commit 2a533dc9f1
2 changed files with 26 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
application/controllers/projects.php
View File

@@ -183,7 +183,8 @@ class Projects extends CI_Controller {
*/ */
private function _checkAccess($projectId) { private function _checkAccess($projectId) {
$project = $this->project->getById($projectId); $project = $this->project->getById($projectId);
return $this->access->isAdmin() || $project['public'] == 1; $share = $this->share->get($projectId, $this->session->userdata('user_id'));
return $this->access->isAdmin() || $project['public'] == 1 || isset($share['project_id']);
} }
} }

24
application/models/share.php
View File

@@ -35,6 +35,17 @@ class Share extends CI_Model {
parent::__construct(); parent::__construct();
} }
/**
* Gets a share by its primary key.
*
* @param string $projectId
* @param string $userId
* @return array
*/
public function get($projectId, $userId) {
return $this->db->get_where('shares', array('project_id' => $projectId, 'user_id' => $userId))->row_array();
}
/** /**
* Gets all share for a specific project. * Gets all share for a specific project.
* *
@@ -48,6 +59,19 @@ class Share extends CI_Model {
return $this->db->get_where('shares', array('project_id' => $projectId))->result_array(); return $this->db->get_where('shares', array('project_id' => $projectId))->result_array();
} }
/**
* Gets all share for a specific user.
*
* @param string $userId
* @return array
*/
public function getByUserId($userId) {
$this->db->select('shares.*, projects.name');
$this->db->join('projects', 'projects.id = shares.project_id', 'left');
return $this->db->get_where('shares', array('user_id' => $userId))->result_array();
}
/** /**
* Creates a share. * Creates a share.
* *