Fixed bug #4207: User>Workspaces shows users pages where they have no access to ...
authorMichael Stucki <michael.stucki@typo3.org>
Tue, 20 Feb 2007 21:36:47 +0000 (21:36 +0000)
committerMichael Stucki <michael.stucki@typo3.org>
Tue, 20 Feb 2007 21:36:47 +0000 (21:36 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-0@2062 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/user/ws/index.php

index 311ace6..c1bdb1c 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 
        * Fixed bug in EM: Insecure extensions were still displayed (patch by Karsten Dambekalns)
        * Fixed a typo in typo3/sysext/install/mod/class.tx_install.php
+       * Fixed bug #4207: User>Workspaces shows users pages where they have no access to (patch by Martin Kutschker)
 
 2007-02-15  Michael Stucki  <michael@typo3.org>
 
index 8612471..f74c2a5 100755 (executable)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2005 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2007 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -490,16 +490,28 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
 
                        // Traverse versions and build page-display array:
                $pArray = array();
+               $wmArray = array();     // is page in web mount?
+               $rlArray = array();     // root line of page
+               $pagePermsClause = $GLOBALS['BE_USER']->getPagePermsClause(1);
                foreach($versions as $table => $records)        {
                        if (is_array($records)) {
                                foreach($records as $rec)       {
                                        $pageIdField = $table==='pages' ? 't3ver_oid' : 'realpid';
-                                       $this->displayWorkspaceOverview_setInPageArray(
-                                               $pArray,
-                                               t3lib_BEfunc::BEgetRootLine($rec[$pageIdField], 'AND 1=1'),
-                                               $table,
-                                               $rec
-                                       );
+                                       $pageId = $rec[$pageIdField];
+                                       if (!isset($wmArray[$pageId]))  {
+                                               $wmArray[$pageId] = $GLOBALS['BE_USER']->isInWebMount($pageId,$pagePermsClause);
+                                       }
+                                       if ($wmArray[$pageId])  {
+                                               if (!isset($rlArray[$pageId]))  {
+                                                       $rlArray[$pageId] = t3lib_BEfunc::BEgetRootLine($pageId, 'AND 1=1');
+                                               }
+                                               $this->displayWorkspaceOverview_setInPageArray(
+                                                       $pArray,
+                                                       $rlArray[$pageId],
+                                                       $table,
+                                                       $rec
+                                               );
+                                       }
                                }
                        }
                }