/[SQLSession]/trunk/lib/SQLSession/Model/Query.pm
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /trunk/lib/SQLSession/Model/Query.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 71 by dpavlin, Thu Jan 25 21:16:49 2007 UTC revision 92 by dpavlin, Mon Feb 5 21:31:02 2007 UTC
# Line 61  sub current_user_can { Line 61  sub current_user_can {
61    
62          my ($action,$item,$name) = @_;          my ($action,$item,$name) = @_;
63    
64    #       warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n";
65    
66          # prevent deep recursion for next rule          # prevent deep recursion for next rule
67          if ( $action && $item && $name &&          if ( $action && $item && $action eq 'read' && $item eq 'column' ) {
68                  $action eq 'read' && $item eq 'column' && ( $name eq 'owner' || $name eq 'visible' )  #               return 1 if !defined($name);    # special case for my group by query -- might be security hole!
69          ) {                  return 1 if ( $name && $name =~ m/^(owner|visible)$/ );
                 return 1;  
70          }          }
71    
72          if ( $self->visible || $self->owner == $self->current_user->id ) {          if ( $self->visible || $self->owner == $self->current_user->id ) {
73                  return 1;                  return 1;
74          };          };
75    
76          return 1 if ( $self->visible && self->current_user->role('edit'));          return 1 if ( $self->visible && $self->current_user->role('edit'));
77            return 1 if ( $action eq 'create' && $self->current_user->role('edit'));
78    
79          return 1 if ( $self->current_user->is_superuser );          return 1 if ( $self->current_user->is_superuser );
80    
Legend:
Removed from v.71  
changed lines
  Added in v.92
  ViewVC Help
Powered by ViewVC 1.1.26