[Tip] See your own docs in the tree menu...

215 Posts

netnoise Reply #1, 18 years, 3 months ago

...even if you have no permission to edit the folder they belong to.

If you dont have the permission to edit a special folder, you won’t see that one in the document tree. That’s fine. But if you have the permission to edit a document that is a child of this folder you won’t see that either ;-)

I don’t know if this is the intended behaviour, but I patched it (the dirty way):

// get document groups for current user
if($_SESSION['mgrDocgroups']) $docgrp = implode(",",$_SESSION['mgrDocgroups']);
$access = "1='".$_SESSION['mgrRole']."' OR sc.privatemgr=0".
  (!$docgrp ? "":" OR dg.document_group IN ($docgrp)");

// Modified by Timon
if($parent>0) {
	$result = mysql_query("	SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr 
						FROM $tblsc AS sc 
						LEFT JOIN $tbldg dg on dg.document = sc.id
						LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
						WHERE (parent=$parent) 
						AND (1='".$_SESSION['role']."' OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").") 
						ORDER BY $orderby", $modxDBConn);
} else {
	// Query all pages we have special privileges for
	$result = mysql_query("SELECT DISTINCT sc.id, parent FROM $tblsc AS sc 
						LEFT JOIN $tbldg dg on dg.document = sc.id
						LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
						WHERE (1='".$_SESSION['role']."' OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").")", $modxDBConn);
										
	while(list($id, $curparent) = mysql_fetch_row($result)) {
		$allparents[] = $curparent;
	}
	$allparents = implode(",",array_unique((array)$allparents));
	
	$result = mysql_query("	SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr 
						FROM $tblsc AS sc 
						LEFT JOIN $tbldg dg on dg.document = sc.id
						LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
						WHERE (parent=$parent) 
						AND ($access OR sc.id IN ($allparents) OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").") 
						ORDER BY $orderby", $modxDBConn);
}						
/* The original code:
	$sql = "SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr 
			FROM $tblsc AS sc 
			LEFT JOIN $tbldg dg on dg.document = sc.id
			WHERE (parent=$parent) 
			AND ($access) 
			ORDER BY $orderby";
	$result = mysql_query($sql, $modxDBConn);
*/

// End of modification

Write secure snippets!
Lock down your server!

MODX Staff
12,272 Posts

Ryan Thrash Reply #2, 18 years, 3 months ago

Thanks a million. We’ll review it and commit it to the core I’m pretty certain. Care to open a bugtracker issue for it so we can prioritize it and make sure you’re in on the testing?

Ryan Thrash, MODX Co-Founder
Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me

215 Posts

netnoise Reply #3, 18 years, 3 months ago

Oh, so it is a bug wink

I’ll open an issue for it.

BTW: The patch above is buggy, too wink

To make role-id 1 to see all docs, replace $access with 1=’".$_SESSION[’role’]."’

Write secure snippets!
Lock down your server!

361 Posts

The Man Can! Reply #4, 18 years, 3 months ago

Wow, that’s awesome.

Ryan, it’s already on the bugtracker I believe...
http://modxcms.com/bugs/task/130
Actually, that bug/feature request is a bit convoluted, but it’s the same idea. Maybe it’s too convoluted to actually be useful wink

Anyway, awesome fix.

Need MODx Ecommerce? Try FoxyCart!

☆ A M B ☆
24,524 Posts

sottwell Reply #5, 18 years, 3 months ago

This would be excellent! I recently had a user edit the folder document for the news instead of adding a new document under it. If I could have put the folder in a restricted group it would have been excellent. As it is, I have to try "educating" the user, and hope it takes.

Studying MODX in the desert - http://sottwell.com
Tips and Tricks from the MODX Forums and Slack Channels - http://modxcookbook.com
Join the Slack Community - http://modx.org

3,250 Posts

MARKSVIRTUALDESK Reply #6, 18 years, 3 months ago

Jason, has this been committed to the source?

54 Posts

luke.stokes Reply #7, 18 years, 3 months ago

Is it supposed to show the entire document tree? I was hoping to have it only show parent folders that contain children the user can modify. It seems to show everything, but when the user clicks on a document they shouldn’t have access to a message pops up saying the document could not be found. Is that right?

I’m probably just doing something wrong... the code is for 3ldr.php, correct?

Thanks!

215 Posts

netnoise Reply #8, 18 years, 2 months ago

Sorry, the posted code was wrong.

This is the right one, but still a bad hack:

// Modified by Timon for BWHW
if($_SESSION['mgrRole']!=1) {
			
	
	if($parent>0) {
	$result = mysql_query("	SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr 
				FROM $tblsc AS sc 
				LEFT JOIN $tbldg dg on dg.document = sc.id
				LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
				WHERE (parent=$parent) 
				AND (1='".$_SESSION['mgrRole']."' OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").") 
				ORDER BY $orderby", $modxDBConn);
		} else {

			// Query all pages we have special privileges for
			$result = mysql_query("SELECT DISTINCT sc.id, parent FROM $tblsc AS sc 
						LEFT JOIN $tbldg dg on dg.document = sc.id
						LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
						WHERE (1='".$_SESSION['mgrRole']."' OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").")", $modxDBConn);
										
			while(list($id, $curparent) = mysql_fetch_row($result)) {
				$allparents[] = $curparent;
			}
			$allparents = implode(",",array_unique((array)$allparents));
			
			$result = mysql_query("	SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr 
						FROM $tblsc AS sc 
						LEFT JOIN $tbldg dg on dg.document = sc.id
						LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
						WHERE (parent=$parent) 
						AND (1='".$_SESSION['mgrRole']."' OR sc.id IN ($allparents) OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").") 
						ORDER BY $orderby", $modxDBConn);
			}
	} else {						
		// Original code
		$sql = "SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr 
				FROM $tblsc AS sc 
				LEFT JOIN $tbldg dg on dg.document = sc.id
				WHERE (parent=$parent) 
				AND ($access) 
				ORDER BY $orderby";
		$result = mysql_query($sql, $modxDBConn);
	}
// End of modification

Write secure snippets!
Lock down your server!

7,075 Posts

davidm Reply #9, 18 years, 2 months ago

I am late to the party but it sure is nice to have this...
thanks !

.: COO - Commerce Guys - Community Driven Innovation :.

MODx est l'outil id

54 Posts

luke.stokes Reply #10, 18 years, 2 months ago

Did you get this to work? I seem to be stupid again... For me all of the documents show up, not just the parents of children the user should be able to edit. When you click on one of them you’ll get a "Document could not be found" error message but I’d rather just not have them show up at all.