Index: branches/5.2.x/core/units/categories/categories_event_handler.php =================================================================== diff -u -N -r15734 -r15761 --- branches/5.2.x/core/units/categories/categories_event_handler.php (.../categories_event_handler.php) (revision 15734) +++ branches/5.2.x/core/units/categories/categories_event_handler.php (.../categories_event_handler.php) (revision 15761) @@ -1,6 +1,6 @@ addFilter('perm_filter', TABLE_PREFIX . 'CategoryPermissionsCache.PermId = 1'); // check for CATEGORY.VIEW permission - if ($this->Application->RecallVar('user_id') != USER_ROOT) { - // apply permission filters to all users except "root" - $view_filters = Array (); - $groups = explode(',',$this->Application->RecallVar('UserGroups')); + $this->applyViewPermissionFilter($object); - foreach ($groups as $group) { - $view_filters[] = 'FIND_IN_SET('.$group.', ' . TABLE_PREFIX . 'CategoryPermissionsCache.ACL)'; - } - - $view_filter = implode(' OR ', $view_filters); - $object->addFilter('perm_filter2', $view_filter); - } - if (!$this->Application->isAdminUser) { // apply status filter only on front $object->addFilter('status_filter', $object->TableName.'.Status = 1'); @@ -555,6 +543,35 @@ } /** + * Adds filter, that uses *.VIEW permissions to determine if an item should be shown to a user. + * + * @param kDBList $object Object. + * + * @return void + * @access protected + */ + protected function applyViewPermissionFilter(kDBList $object) + { + if ( !$this->Application->ConfigValue('CheckViewPermissionsInCatalog') ) { + return; + } + + if ( $this->Application->RecallVar('user_id') == USER_ROOT ) { + // for "root" CATEGORY.VIEW permission is checked for items lists too + $view_perm = 1; + } + else { + $count_helper = $this->Application->recallObject('CountHelper'); + /* @var $count_helper kCountHelper */ + + list ($view_perm, $view_filter) = $count_helper->GetPermissionClause($object->Prefix, 'perm'); + $object->addFilter('perm_filter2', $view_filter); + } + + $object->addFilter('perm_filter', 'perm.PermId = ' . $view_perm); // check for CATEGORY.VIEW permission + } + + /** * Returns current theme id * * @return int @@ -2163,6 +2180,8 @@ if (defined('IS_INSTALL') && IS_INSTALL) { // skip any processing, because Categories table doesn't exists until install is finished + $this->addViewPermissionJoin($event); + return ; } @@ -2224,6 +2243,8 @@ $this->Application->setUnitOption($event->Prefix, 'ListSortings', $list_sortings); } + $this->addViewPermissionJoin($event); + // add grids for advanced view (with primary category column) $grids = $this->Application->getUnitOption($this->Prefix, 'Grids'); $process_grids = Array ('Default', 'Radio'); @@ -2236,6 +2257,35 @@ } /** + * Adds permission table table JOIN clause only, when advanced catalog view permissions enabled. + * + * @param kEvent $event Event. + * + * @return self + * @access protected + */ + protected function addViewPermissionJoin(kEvent $event) + { + if ( $this->Application->ConfigValue('CheckViewPermissionsInCatalog') ) { + $join_clause = 'LEFT JOIN ' . TABLE_PREFIX . 'CategoryPermissionsCache perm ON perm.CategoryId = %1$s.CategoryId'; + } + else { + $join_clause = ''; + } + + $list_sqls = $this->Application->getUnitOption($event->Prefix, 'ListSQLs'); + /* @var $list_sqls array */ + + foreach ($list_sqls as $special => $list_sql) { + $list_sqls[$special] = str_replace('{PERM_JOIN}', $join_clause, $list_sql); + } + + $this->Application->setUnitOption($event->Prefix, 'ListSQLs', $list_sqls); + + return $this; + } + + /** * Returns folders, that can contain design templates * * @return array