diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-02-28 19:27:37 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-02-28 19:27:37 +0000 |
| commit | f9e3b1360f40ada7645d6fdd0be6ee6c721269a0 (patch) | |
| tree | 3c9e1d5bc87fb84a87a06acc428d889c6a52da2b /lib | |
| parent | 2b49c1dfc894b77272128de9ea80f8f055d4bd47 (diff) | |
| download | ampache-f9e3b1360f40ada7645d6fdd0be6ee6c721269a0.tar.gz ampache-f9e3b1360f40ada7645d6fdd0be6ee6c721269a0.tar.bz2 ampache-f9e3b1360f40ada7645d6fdd0be6ee6c721269a0.zip | |
fixed playlist permission issue for users
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/class/playlist.class.php | 19 | ||||
| -rw-r--r-- | lib/class/update.class.php | 32 |
2 files changed, 37 insertions, 14 deletions
diff --git a/lib/class/playlist.class.php b/lib/class/playlist.class.php index 0eeb6d4a..5ee93800 100644 --- a/lib/class/playlist.class.php +++ b/lib/class/playlist.class.php @@ -61,7 +61,7 @@ class Playlist { */ function _get_info() { - $sql = "SELECT * FROM playlist WHERE id='" . sql_escape($this->id) . "'"; + $sql = "SELECT * FROM `playlist` WHERE `id`='" . sql_escape($this->id) . "'"; $db_results = mysql_query($sql, dbh()); $results = mysql_fetch_assoc($db_results); @@ -231,22 +231,13 @@ class Playlist { */ function has_access() { - if (!$GLOBALS['user']->has_access(25)) { return false; } - - /* If they are a full admin, then they always get rights */ + // Admin always have rights if ($GLOBALS['user']->has_access(100)) { return true; } - if ($this->user == $GLOBALS['user']->id) { return true; } - - /* Check the Playlist_permission table */ - $sql = "SELECT id FROM playlist_permission WHERE " . - "playlist='" . sql_escape($this->id) . "' AND userid='" . sql_escape($GLOBALS['user']->id) . "'" . - " AND level >= '25'"; - $db_results = mysql_query($sql, dbh()); - - $results = mysql_fetch_row($db_results); + // People under 25 don't get playlist access even if they created it + if (!$GLOBALS['user']->has_access(25)) { return false; } - if ($results) { return true; } + if ($this->user == $GLOBALS['user']->id) { return true; } return false; diff --git a/lib/class/update.class.php b/lib/class/update.class.php index daf5c300..bb93a9e5 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -355,6 +355,8 @@ class Update { $version[] = array('version' => '340001','description' => $update_string); + $update_string = '- Added Offset Limit to Preferences and removed from user table'; + return $version; } // populate_version @@ -2416,5 +2418,35 @@ class Update { } //update_340001 + /** + * update_340002 + * This update tweaks the preferences a little more and make sure that the + * min_object_count has a rational value + */ + function update_340002() { + + /* Add the offset_limit preference and remove it from the user table */ + $sql = "INSERT INTO `preferences` (`name`,`value`,`description`,`level`,`type`,`catagory`) " . + "VALUES ('offset_limit','50','Offset Limit','5','integer','interface')"; + $db_results = mysql_query($sql,dbh()); + + + // Fix the preferences for everyone + $sql = "SELECT `id` FROM `user`"; + $db_results = mysql_query($sql,dbh()); + + $user = new User(); + $user->fix_preferences('-1'); + + while ($r = mysql_fetch_assoc($db_results)) { + $user->fix_preferences($r['id']); + } + + $this->set_version('db_version','340002'); + + return true; + + } // update_340002 + } // end update class ?> |