/[SQLSession]/trunk/lib/SQLSession/Model/Query.pm
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Diff of /trunk/lib/SQLSession/Model/Query.pm

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 74 by dpavlin, Sun Jan 28 00:59:43 2007 UTC revision 92 by dpavlin, Mon Feb 5 21:31:02 2007 UTC
# Line 61  sub current_user_can { Line 61  sub current_user_can {
61    
62          my ($action,$item,$name) = @_;          my ($action,$item,$name) = @_;
63    
64  #       warn "$action | $item | $name ";  #       warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n";
65    
66          # prevent deep recursion for next rule          # prevent deep recursion for next rule
67          if ( $action && $item && $name &&          if ( $action && $item && $action eq 'read' && $item eq 'column' ) {
68                  $action eq 'read' && $item eq 'column' && ( $name eq 'owner' || $name eq 'visible' )  #               return 1 if !defined($name);    # special case for my group by query -- might be security hole!
69          ) {                  return 1 if ( $name && $name =~ m/^(owner|visible)$/ );
                 return 1;  
70          }          }
71    
72          if ( $self->visible || $self->owner == $self->current_user->id ) {          if ( $self->visible || $self->owner == $self->current_user->id ) {
Legend:
Removed from v.74  
changed lines
  Added in v.92
  ViewVC Help
Powered by ViewVC 1.1.26