the 'projects' dropdown menu on the case form shows projects which are inaccessible to the current user. pleae wrap this query in db_rewrite_sql() to get access control.

CommentFileSizeAuthor
#4 patch_002.txt9.62 KBtomsys
#2 patch_001.txt13.04 KBtomsys

Comments

killes@www.drop.org’s picture

killes@www.drop.org commented
Status: Active » Fixed

fixed

tomsys’s picture

tomsys commented
Status: Fixed » Needs review
StatusFileSize
new patch_001.txt13.04 KB

Well .. this is my patch for really RESPECTING .. node_access rules.

Please look through and say what you think...

Greeetz,
T.

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Needs work

It is true that thos enode listing ueries must be wrapped in db_rewrite_sql(). But you are also running single node retrievals through rewrite which is not needed. You also change some single quote to double quote when that is noot needed and not welcome as per coding standards. Please fix up and resubmit if possible.

tomsys’s picture

tomsys commented
Status: Needs work » Needs review
StatusFileSize
new patch_002.txt9.62 KB

Here we go ,,

sanjeev gupta’s picture

sanjeev gupta commented
Status: Needs review » Fixed

The patch has been applied

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)