From db10ee8e7883dc00c3e2f559532124f842f59e5d Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Sun, 8 Jan 2006 06:38:06 +0000
Subject: a few tweaks

---
 lib/class/album.class.php    |  1 -
 lib/class/playlist.class.php | 30 +++++++++++++++++++++++++++++-
 lib/class/user.class.php     |  2 +-
 3 files changed, 30 insertions(+), 3 deletions(-)

(limited to 'lib/class')

diff --git a/lib/class/album.class.php b/lib/class/album.class.php
index 86ef3af4..e6354bd4 100644
--- a/lib/class/album.class.php
+++ b/lib/class/album.class.php
@@ -477,7 +477,6 @@ class Album {
 				continue;
 			}
 
-//	                $snoopy->fetch($results[$key]);
 	                $data['url'] 	= $result[$key];
 			$data['mime']	= $mime;
 			
diff --git a/lib/class/playlist.class.php b/lib/class/playlist.class.php
index f0ef69ff..c89ac420 100644
--- a/lib/class/playlist.class.php
+++ b/lib/class/playlist.class.php
@@ -92,7 +92,7 @@ class Playlist {
 	 */
 	function get_items() { 
 
-		$sql = "SELECT * FROM playlist_data WHERE playlist='" . sql_escape($this->id) . "'";
+		$sql = "SELECT * FROM playlist_data WHERE playlist='" . sql_escape($this->id) . "' ORDER BY track";
 		$db_results = mysql_query($sql, dbh());
 
 		while ($r = mysql_fetch_assoc($db_results)) { 
@@ -197,6 +197,34 @@ class Playlist {
 
 	} // get_song_count
 
+	/**
+	 * has_access
+	 * This takes no arguments. It looks at the currently logged in user (_SESSION)
+	 * This accounts for admin powers and the access on a per list basis
+	 */
+	function has_access() { 
+
+		if (!$GLOBALS['user']->has_access(25)) { return false; }  
+
+		/* If they are a full admin, then they always get rights */
+		if ($GLOBALS['user']->has_access(100)) { return true; } 
+
+		if ($this->user == $GLOBALS['user']->username) { return true; } 
+
+		/* Check the Playlist_permission table */
+		$sql = "SELECT id FROM playlist_permission WHERE " . 
+			"playlist='" . sql_escape($this->id) . "' AND userid='" . sql_escape($GLOBALS['user']->username) . "'" . 
+			" AND level >= '25'";
+		$db_results = mysql_query($sql, dbh());
+
+		$results = mysql_fetch_row($db_results);
+
+		if ($results) { return true; }
+
+		return false;
+
+	} // has_access
+
 	/**
 	 * update_type
 	 * This updates the playlist type, it calls the generic update_item function 
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index 5a7fc306..2df961e9 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -723,7 +723,7 @@ class User {
 		  admin
 		*/
 		if ($this->has_access(100)) { 
-			$sql = "SELECT * FROM user WHERE (level='admin' OR level='100') AND username!='" . $this->username . "'";
+			$sql = "SELECT username FROM user WHERE (access='admin' OR access='100') AND username !='" . sql_escape($this->username) . "'";
 			$db_results = mysql_query($sql, dbh());
 			if (!mysql_num_rows($db_results)) { 
 				return false;
-- 
cgit