Fixing bug #4207 (and #4468) - User>Workspaces shows users pages they have no acces to

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@2046 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index 440cbd4..df4d000 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+
+2007-02-16  Martin Kutschker  <martin.t.kutschker@blackbox.net>
+
+       * Fixed bug #4207: User>Workspaces shows users pages they have no acces to
+
 2007-02-16  Karsten Dambekalns  <karsten@typo3.org>
 
        * Fixed bug #4822: EM shows remote extensions as on this server only

diff --git a/typo3/mod/user/ws/index.php b/typo3/mod/user/ws/index.php
index df31fc9..a55b971 100755 (executable)
--- a/typo3/mod/user/ws/index.php
+++ b/typo3/mod/user/ws/index.php
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2007 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -485,16 +485,28 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
 
                        // Traverse versions and build page-display array:
                $pArray = array();
+               $wmArray = array();     // is page in web mount?
+               $rlArray = array();     // root line of page
+               $pagePermsClause = $GLOBALS['BE_USER']->getPagePermsClause(1);
                foreach($versions as $table => $records)        {
                        if (is_array($records)) {
                                foreach($records as $rec)       {
                                        $pageIdField = $table==='pages' ? 't3ver_oid' : 'realpid';
-                                       $this->displayWorkspaceOverview_setInPageArray(
-                                               $pArray,
-                                               t3lib_BEfunc::BEgetRootLine($rec[$pageIdField], 'AND 1=1'),
-                                               $table,
-                                               $rec
-                                       );
+                                       $pageId = $rec[$pageIdField];
+                                       if (!isset($wmArray[$pageId]))  {
+                                               $wmArray[$pageId] = $GLOBALS['BE_USER']->isInWebMount($pageId,$pagePermsClause);
+                                       }
+                                       if ($wmArray[$pageId])  {
+                                               if (!isset($rlArray[$pageId]))  {
+                                                       $rlArray[$pageId] = t3lib_BEfunc::BEgetRootLine($pageId, 'AND 1=1');
+                                               }
+                                               $this->displayWorkspaceOverview_setInPageArray(
+                                                       $pArray,
+                                                       $rlArray[$pageId],
+                                                       $table,
+                                                       $rec
+                                               );
+                                       }
                                }
                        }
                }
@@ -2056,4 +2068,4 @@ $SOBE = t3lib_div::makeInstance('SC_mod_user_ws_index');
 $SOBE->init();
 $SOBE->main();
 $SOBE->printContent();
-?>
\ No newline at end of file
+?>