From 427e1130b26a75a59b5e180e2008f5eace398920 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 22 Jul 2009 11:11:48 -0700
Subject: Modified the notification get_subscribers to ignore any users that
 don't have "view" access to the item the notification is being generated for.
 Fix for ticket: #538.

---
 modules/notification/helpers/notification.php      | 14 ++++++++++----
 modules/notification/helpers/notification_menu.php |  4 ++--
 2 files changed, 12 insertions(+), 6 deletions(-)

(limited to 'modules/notification/helpers')

diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php
index e246af2c..c3ffeb18 100644
--- a/modules/notification/helpers/notification.php
+++ b/modules/notification/helpers/notification.php
@@ -67,6 +67,8 @@ class notification {
   }
 
   static function get_subscribers($item) {
+    // @todo don't access the user table directly
+    // @todo only return distinct email addresses
     $users = ORM::factory("user")
       ->join("subscriptions", "users.id", "subscriptions.user_id")
       ->join("items", "subscriptions.item_id", "items.id")
@@ -77,9 +79,13 @@ class notification {
 
     $subscribers = array();
     foreach ($users as $user) {
-      $subscribers[] = $user->email;
+      Kohana::log("error", "user: $user->name");
+
+      if (access::user_can($user, "view", $item)) {
+        $subscribers[$user->email] = 1;
+      }
     }
-    return $subscribers;
+    return array_keys($subscribers);
   }
 
   static function send_item_updated($item) {
@@ -103,8 +109,8 @@ class notification {
         array("title" => $item->title, "parent_title" => $parent->title)) :
       ($item->is_photo() ?
        t("Photo %title added to %parent_title",
-         array("title" => $item->title, "parent_title" => $parent->title))
-       : t("Movie %title added to %parent_title",
+         array("title" => $item->title, "parent_title" => $parent->title)) :
+       t("Movie %title added to %parent_title",
            array("title" => $item->title, "parent_title" => $parent->title)));
 
     self::_notify_subscribers($item, $v->render(), $v->subject);
diff --git a/modules/notification/helpers/notification_menu.php b/modules/notification/helpers/notification_menu.php
index 87478b8a..73d1dd03 100644
--- a/modules/notification/helpers/notification_menu.php
+++ b/modules/notification/helpers/notification_menu.php
@@ -22,10 +22,10 @@ class notification_menu_Core {
     if (!user::active()->guest) {
       $item = $theme->item();
 
-      if ($item && $item->is_album()) {
+      if ($item && $item->is_album() && access::can("view", $item)) {
         $watching = notification::is_watching($item);
 
-        $watching ? $label = t("Remove notifications") : $label = t("Enable notifications");
+        $label = $watching ? t("Remove notifications") : t("Enable notifications");
 
         $menu->get("options_menu")
           ->append(Menu::factory("link")
-- 
cgit v1.2.3


From 5999ccb512d65ad9ae06a0a5542eb1123b44e9db Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 23 Jul 2009 08:40:00 -0700
Subject: Remove extra error log line

---
 modules/notification/helpers/notification.php | 2 --
 1 file changed, 2 deletions(-)

(limited to 'modules/notification/helpers')

diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php
index c3ffeb18..d91a37e8 100644
--- a/modules/notification/helpers/notification.php
+++ b/modules/notification/helpers/notification.php
@@ -79,8 +79,6 @@ class notification {
 
     $subscribers = array();
     foreach ($users as $user) {
-      Kohana::log("error", "user: $user->name");
-
       if (access::user_can($user, "view", $item)) {
         $subscribers[$user->email] = 1;
       }
-- 
cgit v1.2.3