diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-31 00:47:15 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-31 00:47:15 +0000 |
| commit | bfb040a46394e1a91318f39926923e027167362f (patch) | |
| tree | fbcc4a1cc6da28be3ddc99a46ca5912ea66e6c12 /core/helpers | |
| parent | ad719b9b6f3391da1ba7e481890317cdc409c616 (diff) | |
Fix a bug where we were accidentally allowing view permissions when
allowing or resetting permission further down in the tree. This bug
was introduced when I refactored the view permission cache into the
items table. Updated test to catch it.
Diffstat (limited to 'core/helpers')
| -rw-r--r-- | core/helpers/access.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index 9154fa75..c2f7a76e 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -400,7 +400,8 @@ class access_Core { $tmp_item = ORM::factory("item") ->where("left <", $item->left) ->where("right >", $item->right) - ->where($field, self::DENY) + ->join("access_intents", "access_intents.item_id", "items.id") + ->where("access_intents.$field", self::DENY) ->orderby("left", "DESC") ->limit(1) ->find(); |