From 9ccfa37d3c080a1a1fd87819486ad09a693ce675 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 18 Jan 2021 20:19:13 +0000
Subject: [PATCH] Fixes 9814 - again

---
 src/Content/Widget/TagCloud.php |  2 +-
 src/Model/Item.php              | 19 +++++++++++++++----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/Content/Widget/TagCloud.php b/src/Content/Widget/TagCloud.php
index b2121a003c..c582c3eb61 100644
--- a/src/Content/Widget/TagCloud.php
+++ b/src/Content/Widget/TagCloud.php
@@ -87,7 +87,7 @@ class TagCloud
 	 */
 	private static function tagadelic($uid, $count = 0, $owner_id = 0, $flags = '', $type = Tag::HASHTAG)
 	{
-		$sql_options = Item::getPermissionsSQLByUserId($uid);
+		$sql_options = Item::getPermissionsSQLByUserId($uid, 'post-view');
 		$limit = $count ? sprintf('LIMIT %d', intval($count)) : '';
 
 		if ($flags) {
diff --git a/src/Model/Item.php b/src/Model/Item.php
index 888a81831a..eb4c713646 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -3382,17 +3382,28 @@ class Item
 		return $condition;
 	}
 
-	public static function getPermissionsSQLByUserId($owner_id)
+	/**
+	 * Get a permission SQL string for the given user
+	 * 
+	 * @param int $owner_id 
+	 * @param string $table 
+	 * @return string 
+	 */
+	public static function getPermissionsSQLByUserId(int $owner_id, string $table = '')
 	{
 		$local_user = local_user();
 		$remote_user = Session::getRemoteContactID($owner_id);
 
+		if (!empty($table)) {
+			$table = DBA::quoteIdentifier($table) . '.';
+		}
+
 		/*
 		 * Construct permissions
 		 *
 		 * default permissions - anonymous user
 		 */
-		$sql = sprintf(" AND `private` != %d", self::PRIVATE);
+		$sql = sprintf(" AND " . $table . "`private` != %d", self::PRIVATE);
 
 		// Profile owner - everything is visible
 		if ($local_user && ($local_user == $owner_id)) {
@@ -3408,12 +3419,12 @@ class Item
 			$set = PermissionSet::get($owner_id, $remote_user);
 
 			if (!empty($set)) {
-				$sql_set = sprintf(" OR (`private` = %d AND `wall` AND `psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
+				$sql_set = sprintf(" OR (" . $table . "`private` = %d AND " . $table . "`wall` AND " . $table . "`psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
 			} else {
 				$sql_set = '';
 			}
 
-			$sql = sprintf(" AND (`private` != %d", self::PRIVATE) . $sql_set . ")";
+			$sql = sprintf(" AND (" . $table . "`private` != %d", self::PRIVATE) . $sql_set . ")";
 		}
 
 		return $sql;