Fixes 9814 - again

This commit is contained in:
Michael 2021-01-18 20:19:13 +00:00
parent 6eb7677ac5
commit 9ccfa37d3c
2 changed files with 16 additions and 5 deletions

View file

@ -87,7 +87,7 @@ class TagCloud
*/
private static function tagadelic($uid, $count = 0, $owner_id = 0, $flags = '', $type = Tag::HASHTAG)
{
$sql_options = Item::getPermissionsSQLByUserId($uid);
$sql_options = Item::getPermissionsSQLByUserId($uid, 'post-view');
$limit = $count ? sprintf('LIMIT %d', intval($count)) : '';
if ($flags) {

View file

@ -3382,17 +3382,28 @@ class Item
return $condition;
}
public static function getPermissionsSQLByUserId($owner_id)
/**
* Get a permission SQL string for the given user
*
* @param int $owner_id
* @param string $table
* @return string
*/
public static function getPermissionsSQLByUserId(int $owner_id, string $table = '')
{
$local_user = local_user();
$remote_user = Session::getRemoteContactID($owner_id);
if (!empty($table)) {
$table = DBA::quoteIdentifier($table) . '.';
}
/*
* Construct permissions
*
* default permissions - anonymous user
*/
$sql = sprintf(" AND `private` != %d", self::PRIVATE);
$sql = sprintf(" AND " . $table . "`private` != %d", self::PRIVATE);
// Profile owner - everything is visible
if ($local_user && ($local_user == $owner_id)) {
@ -3408,12 +3419,12 @@ class Item
$set = PermissionSet::get($owner_id, $remote_user);
if (!empty($set)) {
$sql_set = sprintf(" OR (`private` = %d AND `wall` AND `psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
$sql_set = sprintf(" OR (" . $table . "`private` = %d AND " . $table . "`wall` AND " . $table . "`psid` IN (", self::PRIVATE) . implode(',', $set) . "))";
} else {
$sql_set = '';
}
$sql = sprintf(" AND (`private` != %d", self::PRIVATE) . $sql_set . ")";
$sql = sprintf(" AND (" . $table . "`private` != %d", self::PRIVATE) . $sql_set . ")";
}
return $sql;