Fixes 9814 - again

This commit is contained in:
Michael 2021-01-18 20:19:13 +00:00
parent 6eb7677ac5
commit 9ccfa37d3c
2 changed files with 16 additions and 5 deletions

View file

@ -87,7 +87,7 @@ class TagCloud
*/ */
private static function tagadelic($uid, $count = 0, $owner_id = 0, $flags = '', $type = Tag::HASHTAG) private static function tagadelic($uid, $count = 0, $owner_id = 0, $flags = '', $type = Tag::HASHTAG)
{ {
$sql_options = Item::getPermissionsSQLByUserId($uid); $sql_options = Item::getPermissionsSQLByUserId($uid, 'post-view');
$limit = $count ? sprintf('LIMIT %d', intval($count)) : ''; $limit = $count ? sprintf('LIMIT %d', intval($count)) : '';
if ($flags) { if ($flags) {

View file

@ -3382,17 +3382,28 @@ class Item
return $condition; return $condition;
} }
public static function getPermissionsSQLByUserId($owner_id) /**
* Get a permission SQL string for the given user
*
* @param int $owner_id
* @param string $table
* @return string
*/
public static function getPermissionsSQLByUserId(int $owner_id, string $table = '')
{ {
$local_user = local_user(); $local_user = local_user();
$remote_user = Session::getRemoteContactID($owner_id); $remote_user = Session::getRemoteContactID($owner_id);
if (!empty($table)) {
$table = DBA::quoteIdentifier($table) . '.';
}
/* /*
* Construct permissions * Construct permissions
* *
* default permissions - anonymous user * default permissions - anonymous user
*/ */
$sql = sprintf(" AND `private` != %d", self::PRIVATE); $sql = sprintf(" AND " . $table . "`private` != %d", self::PRIVATE);
// Profile owner - everything is visible // Profile owner - everything is visible
if ($local_user && ($local_user == $owner_id)) { if ($local_user && ($local_user == $owner_id)) {
@ -3408,12 +3419,12 @@ class Item
$set = PermissionSet::get($owner_id, $remote_user); $set = PermissionSet::get($owner_id, $remote_user);
if (!empty($set)) { if (!empty($set)) {
$sql_set = sprintf(" OR (`private` = %d AND `wall` AND `psid` IN (", self::PRIVATE) . implode(',', $set) . "))"; $sql_set = sprintf(" OR (" . $table . "`private` = %d AND " . $table . "`wall` AND " . $table . "`psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
} else { } else {
$sql_set = ''; $sql_set = '';
} }
$sql = sprintf(" AND (`private` != %d", self::PRIVATE) . $sql_set . ")"; $sql = sprintf(" AND (" . $table . "`private` != %d", self::PRIVATE) . $sql_set . ")";
} }
return $sql; return $sql;