[Phpgroupware-cvs] sitemgr/inc/class.ACL_SO.inc.php, 1.4

[nomail]

Update of /sitemgr/inc
Modified Files:
        Branch: 
          class.ACL_SO.inc.php

date: 2004/07/20 23:22:53;  author: skwashd;  state: Exp;  lines: +17 -11

Log Message:
merge from 16
=====================================================================
Index: sitemgr/inc/class.ACL_SO.inc.php
diff -u sitemgr/inc/class.ACL_SO.inc.php:1.3 
sitemgr/inc/class.ACL_SO.inc.php:1.4
--- sitemgr/inc/class.ACL_SO.inc.php:1.3        Fri Jan 17 03:37:52 2003
+++ sitemgr/inc/class.ACL_SO.inc.php    Tue Jul 20 23:22:53 2004
@@ -15,17 +15,18 @@
        function get_permission($location)
        {
                $memberships = 
$this->acct->membership($this->acl->logged_in_user);
-               $sql = 'SELECT acl_rights FROM phpgw_acl WHERE 
acl_location=\''.$location.
-                       '\' and acl_account in 
('.$GLOBALS['phpgw_info']['user']['account_id'];
+               $sql = 'SELECT acl_rights FROM phpgw_acl'
+                       . " WHERE acl_location='" . 
$GLOBALS['phpgw']->db->db_addslashes($location) . "'"
+                       . ' AND acl_account IN (' . 
intval($GLOBALS['phpgw_info']['user']['account_id']);
                if (is_array($memberships))
                {
                        foreach($memberships as $group)
                        {
-                               $sql .= ','.$group['account_id'];
+                               $sql .= ',' . intval($group['account_id']);
                        }
                }
                $sql .= ')';
-               $this->db->query($sql,__LINE__,__FILE__);
+               $this->db->query($sql, __LINE__, __FILE__);
                $permission = 0;
                while ($this->db->next_record())
                {
@@ -36,8 +37,11 @@
 
        function get_rights($account_id, $location)
        {
-               $sql = 'select acl_rights from phpgw_acl where 
acl_appname=\'sitemgr\' and acl_location=\''.$location.'\' and 
acl_account=\''.$account_id.'\'';
-               $this->db->query($sql,__LINE__,__FILE__);
+               $this->db->query('SELECT acl_rights FROM phpgw_acl'
+                               . " WHERE acl_appname='sitemgr' "
+                               . " AND acl_location='" . 
$GLOBALS['phpgw']->db->db_addslashes($location) . "'"
+                               . ' AND acl_account = ' . intval($account_id), 
__LINE__, __FILE__);
+
                if ($this->db->next_record())
                {
                        return $this->db->f('acl_rights');
@@ -50,8 +54,10 @@
 
        function copy_rights($fromlocation,$tolocation)
        {
-               $sql = 'select acl_account,acl_rights from phpgw_acl where 
acl_appname=\'sitemgr\' and acl_location=\''.$fromlocation.'\'';
-               $this->db->query($sql,__LINE__,__FILE__);
+               $this->db->query('SELECT acl_account,acl_rights FROM phpgw_acl'
+                               . " WHERE acl_appname='sitemgr'"
+                               . " AND acl_location='" 
+                                       . 
$this->db->db_addslashes($fromlocation) . "'", __LINE__, __FILE__);
                while ($this->db->next_record())
                {
                        
$this->acl->add_repository('sitemgr',$tolocation,$this->db->f('acl_account'),$this->db->f('acl_rights'));
@@ -60,9 +66,9 @@
 
        function remove_location($location)
        {
-               $sql = 'delete from phpgw_acl where acl_appname=\'sitemgr\' and 
acl_location=\''.
-                       $location.'\'';
-               $this->db->query($sql,__LINE__,__FILE__);
+               $this->db->query('DELETE FROM phpgw_acl'
+                               . " WHERE acl_appname='sitemgr' "
+                               . " AND acl_location='" . 
$this->db->db_addslashes($location) . "'", __LINE__, __FILE__);
        }
 }
 ?>