[Rt-commit] rt branch, 4.2/article-list-permissions, created. rt-4.2.13-66-gf7b8cda

Shawn Moore shawn at bestpractical.com
Fri Jan 6 15:50:51 EST 2017 

The branch, 4.2/article-list-permissions has been created
        at  f7b8cda2be19b98461b983d3919e82740c6473cb (commit)

- Log -----------------------------------------------------------------
commit f7b8cda2be19b98461b983d3919e82740c6473cb
Author: Emmanuel Lacour <elacour at easter-eggs.com>
Date:   Fri Jan 6 20:49:34 2017 +0000

    Limit top 10 articles to classes for which user has ShowArticle
    
    Without this, permissions are applied after the SQL limits the article
    list, so a user with rights only on classes containing older articles
    will not see any articles.
    
    Fixes: I#31989

diff --git a/share/html/Articles/Elements/NewestArticles b/share/html/Articles/Elements/NewestArticles
index e73dbbd..f46b0d2 100644
--- a/share/html/Articles/Elements/NewestArticles
+++ b/share/html/Articles/Elements/NewestArticles
@@ -71,9 +71,18 @@
 <%INIT>
 my $rows = 10;
 my $i;
+
+my $Classes = RT::Classes->new($session{'CurrentUser'});
+$Classes->LimitToEnabled;
+my @classes;
+while (my $Class = $Classes->Next) {
+    push @classes, $Class->id if $Class->CurrentUserHasRight('ShowArticle');
+}
+
 my $MyArticles;
 $MyArticles = RT::Articles->new($session{'CurrentUser'});
-$MyArticles->UnLimit;
+$MyArticles->Limit(FIELD => 'Class', OPERATOR => 'IN', VALUE => \@classes)
+    if @classes;
 $MyArticles->RowsPerPage($rows);
 $MyArticles->OrderBy(FIELD => 'LastUpdated', ORDER => 'DESC');
 
diff --git a/share/html/Articles/Elements/UpdatedArticles b/share/html/Articles/Elements/UpdatedArticles
index 1a365ee..da02ce8 100644
--- a/share/html/Articles/Elements/UpdatedArticles
+++ b/share/html/Articles/Elements/UpdatedArticles
@@ -72,10 +72,20 @@
 <%INIT>
 my $rows = 10;
 my $i;
+
+my $Classes = RT::Classes->new($session{'CurrentUser'});
+$Classes->LimitToEnabled;
+my @classes;
+while (my $Class = $Classes->Next) {
+    push @classes, $Class->id if $Class->CurrentUserHasRight('ShowArticle');
+}
+
 my $MyArticles;
 $MyArticles = RT::Articles->new($session{'CurrentUser'});
-$MyArticles->RowsPerPage($rows);
+$MyArticles->Limit(FIELD => 'Class', OPERATOR => 'IN', VALUE => \@classes)
+    if @classes;
 $MyArticles->Limit(FIELD => 'Created', OPERATOR => '!=', VALUE => 'LastUpdated', QUOTEVALUE => 0 );
+$MyArticles->RowsPerPage($rows);
 $MyArticles->OrderBy(FIELD => 'Created', ORDER => 'DESC');
 
 </%INIT>

-----------------------------------------------------------------------

More information about the rt-commit mailing list