diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-01-08 06:38:06 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-01-08 06:38:06 +0000 |
| commit | db10ee8e7883dc00c3e2f559532124f842f59e5d (patch) | |
| tree | 45f82abd3c60ae598a9f829035d2424ffe0d5794 /lib | |
| parent | 2bb59dfa45f008846305c62962616bd3fff3884d (diff) | |
| download | ampache-db10ee8e7883dc00c3e2f559532124f842f59e5d.tar.gz ampache-db10ee8e7883dc00c3e2f559532124f842f59e5d.tar.bz2 ampache-db10ee8e7883dc00c3e2f559532124f842f59e5d.zip | |
a few tweaks
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/class/album.class.php | 1 | ||||
| -rw-r--r-- | lib/class/playlist.class.php | 30 | ||||
| -rw-r--r-- | lib/class/user.class.php | 2 |
3 files changed, 30 insertions, 3 deletions
diff --git a/lib/class/album.class.php b/lib/class/album.class.php index 86ef3af4..e6354bd4 100644 --- a/lib/class/album.class.php +++ b/lib/class/album.class.php @@ -477,7 +477,6 @@ class Album { continue; } -// $snoopy->fetch($results[$key]); $data['url'] = $result[$key]; $data['mime'] = $mime; diff --git a/lib/class/playlist.class.php b/lib/class/playlist.class.php index f0ef69ff..c89ac420 100644 --- a/lib/class/playlist.class.php +++ b/lib/class/playlist.class.php @@ -92,7 +92,7 @@ class Playlist { */ function get_items() { - $sql = "SELECT * FROM playlist_data WHERE playlist='" . sql_escape($this->id) . "'"; + $sql = "SELECT * FROM playlist_data WHERE playlist='" . sql_escape($this->id) . "' ORDER BY track"; $db_results = mysql_query($sql, dbh()); while ($r = mysql_fetch_assoc($db_results)) { @@ -198,6 +198,34 @@ class Playlist { } // get_song_count /** + * has_access + * This takes no arguments. It looks at the currently logged in user (_SESSION) + * This accounts for admin powers and the access on a per list basis + */ + function has_access() { + + if (!$GLOBALS['user']->has_access(25)) { return false; } + + /* If they are a full admin, then they always get rights */ + if ($GLOBALS['user']->has_access(100)) { return true; } + + if ($this->user == $GLOBALS['user']->username) { return true; } + + /* Check the Playlist_permission table */ + $sql = "SELECT id FROM playlist_permission WHERE " . + "playlist='" . sql_escape($this->id) . "' AND userid='" . sql_escape($GLOBALS['user']->username) . "'" . + " AND level >= '25'"; + $db_results = mysql_query($sql, dbh()); + + $results = mysql_fetch_row($db_results); + + if ($results) { return true; } + + return false; + + } // has_access + + /** * update_type * This updates the playlist type, it calls the generic update_item function */ diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 5a7fc306..2df961e9 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -723,7 +723,7 @@ class User { admin */ if ($this->has_access(100)) { - $sql = "SELECT * FROM user WHERE (level='admin' OR level='100') AND username!='" . $this->username . "'"; + $sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username !='" . sql_escape($this->username) . "'"; $db_results = mysql_query($sql, dbh()); if (!mysql_num_rows($db_results)) { return false; |