Index: branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php
===================================================================
diff -u -r3962 -r4040
--- branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php (.../portalgroup.php) (revision 3962)
+++ branches/unlabeled/unlabeled-1.17.44/kernel/include/portalgroup.php (.../portalgroup.php) (revision 4040)
@@ -45,38 +45,38 @@
}
/* set $Value to -1 to delete the permission row from the DB */
- function SetSystemPermission($PermName,$Value)
+ function SetSystemPermission($PermName, $Value)
{
- //echo "Setting $PermName to $Value
\n";
- $oldval = $this->HasSystemPermission($PermName);
- if($Value != $oldval)
- {
- if($Value>-1)
- {
- if($oldval>-1)
- {
- $sql = "UPDATE ".GetTablePrefix()."Permissions SET PermissionValue=$Value ";
- $sql .=" WHERE Type=1 AND Permission='$PermName' AND GroupId=".$this->Get("GroupId");
-
- //echo "UPDATE SQL: $sql
";
- }
- else
- {
- $sql = "INSERT INTO ".GetTablePrefix()."Permissions (Permission, GroupId, PermissionValue, Type, CatId) ";
- $sql .="VALUES ('$PermName',".$this->Get("GroupId").",$Value,1,0)";
- //echo "INSERT SQL: $sql
";
- }
- $this->adodbConnection->Execute($sql);
- //echo $sql."
\n";
- }
- else
- {
- $sql = "DELETE FROM ".GetTablePrefix()."Permissions ";
- $sql .=" WHERE Type=1 AND Permission='$PermName' AND GroupId=".$this->Get("GroupId");
- //echo "DELETE SQL: $sql
";
- $this->adodbConnection->Execute($sql);
+ // don't save DENY system permissions
+
+ //echo "Setting $PermName to $Value
\n";
+ $old_value = $this->HasSystemPermission($PermName);
+ if ($Value == $old_value) {
+ return true;
}
- }
+
+ if ($Value == 1) {
+ // new value is ALLOWED
+ if ($old_value > -1) {
+ // old value is ALLOWED/DENIED
+ $sql = 'UPDATE '.GetTablePrefix().'Permissions
+ SET PermissionValue = '.$Value.'
+ WHERE Type = 1 AND Permission = '.$this->adodbConnection->qstr($PermName).' AND GroupId = '.$this->Get('GroupId');
+ }
+ else {
+ // permission was inherited before => no record in db
+ $sql = 'INSERT INTO '.GetTablePrefix().'Permissions (Permission, GroupId, PermissionValue, Type, CatId) ';
+ $sql .= 'VALUES ('.$this->adodbConnection->qstr($PermName).','.$this->Get('GroupId').','.$Value.',1,0)';
+ }
+ $this->adodbConnection->Execute($sql);
+ }
+ else {
+ // permission becomes inherited now or set to DENIED
+ $sql = 'DELETE FROM '.GetTablePrefix().'Permissions
+ WHERE Type = 1 AND Permission = '.$this->adodbConnection->qstr($PermName).' AND GroupId = '.$this->Get('GroupId');
+ $this->adodbConnection->Execute($sql);
+ }
+
}
function CheckPermission($permissionName)