On Fri, Mar 6, 2009 at 12:27 AM, Michael Harris
<[email protected]> wrote:
>
> It's in core in r3293, based on the discussion and vote at
> http://groups.google.com/group/habari-dev/browse_thread/thread/2639e985d6be20c4
>
> I made some changes, denied the anonymous group mainly, and tested.
My install does not have this group. Does this break my install or
create an anonymous group that I don't want? That's why I hadn't
added it before. Is that consideration solved? (I really should do
this in testing and ticket, but as I said... I'm not at home this
week.)
> Given that ACL is _the_ main feature of this release, and we're
> including this plugin as an indication of how simple it is, it
> probably should work right :)
Yeah, I agree. This is a clear blocker for release.
>> but if you want to look at it, see this line posts.php:
>>
>> $perm_where[] = '{posts}.content_type IN (' . implode(',',
>> $permitted_post_types) . ')';
>
> I see the line, now what ;)
This line needs adds the restriction to the query that omits posts
from the return if they do not have a tag that's in the IN.
The interaction between this and the section of the query (generated a
few lines above) that checks for type-based tokens needs to be an OR,
not an AND. I think it may not be so simple to implement this as it
seems, and since it's such an integral part of the system, I didn't
want to rush through it before I left. It very well could be a 10
minute fix and test, but it looks like simply moving it or changing
the query operator to OR could cause other problems that are
potentially even more severe than this one itself.
Anyway. Yeah. That needs looked at. :)
Owen
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at http://groups.google.com/group/habari-dev
-~----------~----~----~----~------~----~------~--~---
