Hide categories from other users

Phoca Download - download manager
Post Reply
jfischer
Phoca Newbie
Phoca Newbie
Posts: 2
Joined: 06 Jul 2013, 05:21

Hide categories from other users

Post by jfischer »

I was searching for a solution for this in the forum with no definitive answer. So I decided to create my own modification that seems to work.

In models->categories.php

I added to the sql query
. " AND (cc.accessuserid LIKE '%".$user->id ."%' or cc.accessuserid = '-1' or cc.accessuserid = '0')" after line 197

So it looks like this:
if ($subcategories) {
$query = " SELECT cc.id, cc.title, cc.alias, cc.access as cataccess, cc.accessuserid as cataccessuserid, COUNT(c.id) AS numdoc"
. " FROM #__phocadownload_categories AS cc"
. " LEFT JOIN #__phocadownload AS c ON c.catid = cc.id AND c.published = 1 AND c.textonly = 0"
. ($pQ == 1 ? ((count($joins)>0?( " LEFT JOIN " .implode( " LEFT JOIN ", $joins )):"")):"") // GWE MOD
. " WHERE " . implode( " AND ", $wheres )
. " AND (cc.accessuserid LIKE '%".$user->id ."%' or cc.accessuserid = '-1' or cc.accessuserid = '0')" // FSW MOD
. " GROUP BY cc.id"
. " ORDER BY cc.".$categoryOrdering;

This solved my problem maybe it will help others.

Are there any security issues or conflicts that you can see with using this modification?
Top
User avatar
Jan
Phoca Hero
Phoca Hero
Posts: 48581
Joined: 10 Nov 2007, 18:23
Location: Czech Republic
Contact:
Contact Jan

Re: Hide categories from other users

Post by Jan »

Hi, not sure as I didn't test it as there is a standard class which protects the files - and it handles:

- access rights for file
- access rights for whole category
- and access rights for the menu link together so for now I cannot say which way this modification runs :idea:

Jan
If you find Phoca extensions useful, please support the project
Top
jfischer
Phoca Newbie
Phoca Newbie
Posts: 2
Joined: 06 Jul 2013, 05:21

Re: Hide categories from other users

Post by jfischer »

This modification does not affect the user access rights. It just limits the display to the categories the user has access to.

The drawback of this method is if you have a lot of users it would display categories for any user whose user id contains another user id within it.

ie. user with an id 645 would also see categories for users with ids 1645 , 2645, 6450, 2645054, etc.

So I recoded the query to eliminate this possibility.
I used find_in_set for efficiency rather than REGEX or RLIKE.

. " AND (cc.accessuserid LIKE '%".$user->id ."%' or cc.accessuserid = '-1' or cc.accessuserid = '0')"

changes to:

. " AND ((find_in_set($user->id, cc.accessuserid)<>0) or cc.accessuserid = '-1' or cc.accessuserid = '0')"

so the query looks like this:

$query = " SELECT cc.id, cc.title, cc.alias, cc.access as cataccess, cc.accessuserid as cataccessuserid, COUNT(c.id) AS numdoc"
. " FROM #__phocadownload_categories AS cc"
. " LEFT JOIN #__phocadownload AS c ON c.catid = cc.id AND c.published = 1 AND c.textonly = 0"
. ($pQ == 1 ? ((count($joins)>0?( " LEFT JOIN " .implode( " LEFT JOIN ", $joins )):"")):"") // GWE MOD
. " WHERE " . implode( " AND ", $wheres )
//. " AND (cc.accessuserid LIKE '%".$user->id ."%' or cc.accessuserid = '-1' or cc.accessuserid = '0')" // FSW MOD
. " AND ((find_in_set($user->id, cc.accessuserid)<>0) or cc.accessuserid = '-1' or cc.accessuserid = '0')" // FSW MOD 2
. " GROUP BY cc.id"
. " ORDER BY cc.".$categoryOrdering;
Top
Post Reply

Return to “Phoca Download”