diff options
| -rw-r--r-- | core/helpers/access.php | 3 | ||||
| -rw-r--r-- | core/tests/Access_Helper_Test.php | 12 |
2 files changed, 10 insertions, 5 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index 9154fa75..c2f7a76e 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -400,7 +400,8 @@ class access_Core { $tmp_item = ORM::factory("item") ->where("left <", $item->left) ->where("right >", $item->right) - ->where($field, self::DENY) + ->join("access_intents", "access_intents.item_id", "items.id") + ->where("access_intents.$field", self::DENY) ->orderby("left", "DESC") ->limit(1) ->find(); diff --git a/core/tests/Access_Helper_Test.php b/core/tests/Access_Helper_Test.php index aaf919b1..d7f014dc 100644 --- a/core/tests/Access_Helper_Test.php +++ b/core/tests/Access_Helper_Test.php @@ -197,14 +197,18 @@ class Access_Helper_Test extends Unit_Test_Case { public function revoked_view_permissions_cant_be_allowed_lower_down_test() { $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album"); + $album1 = album::create($root, rand(), "test album"); + $album2 = album::create($album1, rand(), "test album"); $root->reload(); access::deny(group::everybody(), "view", $root); - access::allow(group::everybody(), "view", $album); + access::allow(group::everybody(), "view", $album2); - $album->reload(); - $this->assert_false(access::group_can(group::everybody(), "view", $album)); + $album1->reload(); + $this->assert_false(access::group_can(group::everybody(), "view", $album1)); + + $album2->reload(); + $this->assert_false(access::group_can(group::everybody(), "view", $album2)); } public function can_edit_item_test() { |