ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 3473


Ignore:
Timestamp:
Jul 20, 2007, 10:46:48 PM (12 years ago)
Author:
ogawa
Message:

権限チェック追加

Location:
OpenPNE/trunk/webapp
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE/trunk/webapp/lib/db/commu.php

    r3469 r3473  
    27922792            $c_commu_id = 0)
    27932793{
    2794     $select = 'SELECT ct.*, MAX(ctc2.r_datetime) AS last_datetime, MAX(ctc2.number) as max_number';
    2795     $from = ' FROM c_commu_topic AS ct, c_commu_topic_comment AS ctc, c_commu_topic_comment AS ctc2';
     2794    $select = 'SELECT c.name AS commu_name, ct.*, MAX(ctc2.r_datetime) AS last_datetime, MAX(ctc2.number) as max_number';
     2795    $from = ' FROM c_commu AS c, c_commu_topic AS ct, c_commu_topic_comment AS ctc, c_commu_topic_comment AS ctc2';
    27962796
    27972797    $params = array();
    27982798    $where = ' WHERE ct.c_commu_topic_id = ctc.c_commu_topic_id'
    2799            . ' AND ct.c_commu_topic_id = ctc2.c_commu_topic_id';
     2799           . ' AND ct.c_commu_topic_id = ctc2.c_commu_topic_id'
     2800           . ' AND c.c_commu_id = ct.c_commu_id';
    28002801    if ($c_commu_id) {
    28012802        $where .= ' AND ct.c_commu_id = ?';
    28022803        $params[] = $c_commu_id;
     2804    } else {
     2805        $where .= " AND c.public_flag IN ('public', 'auth_sns')";
    28032806    }
    28042807    if ($search_word) {
     
    28302833   
    28312834    foreach ($list as $key => $value) {
    2832         $p = array((int)$value['c_commu_id']);
    2833         $sql = 'SELECT name FROM c_commu WHERE c_commu_id = ?';
    2834         $list[$key]['commu_name'] = db_get_one($sql, $p);
    2835        
    28362835        $p = array((int)$value['c_commu_topic_id']);
    28372836        $sql = 'SELECT body FROM c_commu_topic_comment WHERE number = 0 AND c_commu_topic_id = ?';
  • OpenPNE/trunk/webapp/modules/pc/page/c_com_topic_find.php

    r3469 r3473  
    1212
    1313        // --- リクエスト変数
    14         $target_c_commu_category_parent_id = $requests['target_c_commu_category_parent_id'];
    1514        $keyword = $requests['keyword'];
    1615        $direc = $requests['direc'];
     
    2524        }
    2625
     26        //--- 権限チェック
     27        //掲示板閲覧権限
     28        if (!db_commu_is_c_commu_view4c_commu_idAc_member_id($c_commu_id, $u)) {
     29            handle_kengen_error();
     30        }
     31       
    2732        //バグ回避のため全角空白を半角空白に統一
    2833        $keyword = str_replace(" ", " ", $keyword);
     
    3035        do_common_insert_search_log($u, $keyword);
    3136
    32         if ($c_commu_id) {
    33             $this->set('inc_navi', fetch_inc_navi('c', $c_commu_id));
    34         } else {
    35             $this->set('inc_navi', fetch_inc_navi('h'));
    36         }
    37        
     37        $this->set('inc_navi', fetch_inc_navi('c', $c_commu_id));
    3838
    3939        $page_size = 20;
     
    5454        $this->set('keyword', $keyword);
    5555        $search_val_list = array(
    56             'val_order' => $val_order,
    5756            'type' => $type,
    5857        );
    5958        $this->set('search_val_list', $search_val_list);
    6059        $this->set('c_commu_id', $c_commu_id);
    61         if ($c_commu_id) {
    62             $this->set('c_commu', db_commu_c_commu4c_commu_id($c_commu_id));
    63         }
     60        $this->set('c_commu', db_commu_c_commu4c_commu_id($c_commu_id));
    6461
    6562        return 'success';
Note: See TracChangeset for help on using the changeset viewer.