Fixes 9814 - again

src/Content/Widget/TagCloud.php

@@ -87,7 +87,7 @@ class TagCloud
 	 */
 	private static function tagadelic($uid, $count = 0, $owner_id = 0, $flags = '', $type = Tag::HASHTAG)
 	{
-		$sql_options = Item::getPermissionsSQLByUserId($uid);
+		$sql_options = Item::getPermissionsSQLByUserId($uid, 'post-view');
 		$limit = $count ? sprintf('LIMIT %d', intval($count)) : '';
 
 		if ($flags) {

src/Model/Item.php

@@ -3382,17 +3382,28 @@ class Item
 		return $condition;
 	}
 
-	public static function getPermissionsSQLByUserId($owner_id)
+	/**
+	 * Get a permission SQL string for the given user
+	 * 
+	 * @param int $owner_id 
+	 * @param string $table 
+	 * @return string 
+	 */
+	public static function getPermissionsSQLByUserId(int $owner_id, string $table = '')
 	{
 		$local_user = local_user();
 		$remote_user = Session::getRemoteContactID($owner_id);
 
+		if (!empty($table)) {
+			$table = DBA::quoteIdentifier($table) . '.';
+		}
+
 		/*
 		 * Construct permissions
 		 *
 		 * default permissions - anonymous user
 		 */
-		$sql = sprintf(" AND `private` != %d", self::PRIVATE);
+		$sql = sprintf(" AND " . $table . "`private` != %d", self::PRIVATE);
 
 		// Profile owner - everything is visible
 		if ($local_user && ($local_user == $owner_id)) {
@@ -3408,12 +3419,12 @@ class Item
 			$set = PermissionSet::get($owner_id, $remote_user);
 
 			if (!empty($set)) {
-				$sql_set = sprintf(" OR (`private` = %d AND `wall` AND `psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
+				$sql_set = sprintf(" OR (" . $table . "`private` = %d AND " . $table . "`wall` AND " . $table . "`psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
 			} else {
 				$sql_set = '';
 			}
 
-			$sql = sprintf(" AND (`private` != %d", self::PRIVATE) . $sql_set . ")";
+			$sql = sprintf(" AND (" . $table . "`private` != %d", self::PRIVATE) . $sql_set . ")";
 		}
 
 		return $sql;