[5144] trunk/htdocs/system/classes/posts.php: If a user can read any posts, there's no reason to check to see if he can read his own posts.

[s...@habariproject.org]

Revision

5144

Author

ringmaster

Date

2011-06-17 16:35:41 +0000 (Fri, 17 Jun 2011)

Log Message

If a user can read any posts, there's no reason to check to see if he can read his own posts.  Moving this inside the if() to avoid adding parameters to the $params_where that throw database errors related to unbound parameters.

Modified Paths

• trunk/htdocs/system/classes/posts.php

Diff

Modified: trunk/htdocs/system/classes/posts.php (5143 => 5144)

--- trunk/htdocs/system/classes/posts.php	2011-06-17 12:53:52 UTC (rev 5143)
+++ trunk/htdocs/system/classes/posts.php	2011-06-17 16:35:41 UTC (rev 5144)
@@ -550,18 +550,17 @@
 			$read_tokens = isset( $paramset['read_tokens'] ) ? $paramset['read_tokens'] : ACL::user_tokens( User::identify(), 'read', true );
 			$deny_tokens = isset( $paramset['deny_tokens'] ) ? $paramset['deny_tokens'] : ACL::user_tokens( User::identify(), 'deny', true );
 
-			// If a user can read his own posts, let him
-			if ( User::identify()->can( 'own_posts', 'read' ) ) {
-				$perm_where['own_posts_id'] = '{posts}.user_id = ?';
-				$params_where[] = User::identify()->id;
-			}
-
-			$params_where = array();
 			// If a user can read any post type, let him
 			if ( User::identify()->can( 'post_any', 'read' ) ) {
 				$perm_where = array( 'post_any' => '(1=1)' );
 			}
 			else {
+				// If a user can read his own posts, let him
+				if ( User::identify()->can( 'own_posts', 'read' ) ) {
+					$perm_where['own_posts_id'] = '{posts}.user_id = ?';
+					$params_where[] = User::identify()->id;
+				}
+
 				// If a user can read specific post types, let him
 				$permitted_post_types = array();
 				foreach ( Post::list_active_post_types() as $name => $posttype ) {