61 |
|
|
62 |
my ($action,$item,$name) = @_; |
my ($action,$item,$name) = @_; |
63 |
|
|
64 |
# warn "$action | $item | $name "; |
# warn "current_user_can $action | $item | ", $name ? $name : 'NO NAME', "\n"; |
65 |
|
|
66 |
# prevent deep recursion for next rule |
# prevent deep recursion for next rule |
67 |
if ( $action && $item && $name && |
if ( $action && $item && $action eq 'read' && $item eq 'column' ) { |
68 |
$action eq 'read' && $item eq 'column' && ( $name eq 'owner' || $name eq 'visible' ) |
# return 1 if !defined($name); # special case for my group by query -- might be security hole! |
69 |
) { |
return 1 if ( $name && $name =~ m/^(owner|visible)$/ ); |
|
return 1; |
|
70 |
} |
} |
71 |
|
|
72 |
if ( $self->visible || $self->owner == $self->current_user->id ) { |
if ( $self->visible || $self->owner == $self->current_user->id ) { |