...even if you have no permission to edit the folder they belong to.
If you dont have the permission to edit a special folder, you won’t see that one in the document tree. That’s fine. But if you have the permission to edit a document
that is a child of this folder you won’t see that either ;-)
I don’t know if this is the intended behaviour, but I patched it (the dirty way):
// get document groups for current user
if($_SESSION['mgrDocgroups']) $docgrp = implode(",",$_SESSION['mgrDocgroups']);
$access = "1='".$_SESSION['mgrRole']."' OR sc.privatemgr=0".
(!$docgrp ? "":" OR dg.document_group IN ($docgrp)");
// Modified by Timon
if($parent>0) {
$result = mysql_query(" SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr
FROM $tblsc AS sc
LEFT JOIN $tbldg dg on dg.document = sc.id
LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
WHERE (parent=$parent)
AND (1='".$_SESSION['role']."' OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").")
ORDER BY $orderby", $modxDBConn);
} else {
// Query all pages we have special privileges for
$result = mysql_query("SELECT DISTINCT sc.id, parent FROM $tblsc AS sc
LEFT JOIN $tbldg dg on dg.document = sc.id
LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
WHERE (1='".$_SESSION['role']."' OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").")", $modxDBConn);
while(list($id, $curparent) = mysql_fetch_row($result)) {
$allparents[] = $curparent;
}
$allparents = implode(",",array_unique((array)$allparents));
$result = mysql_query(" SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr
FROM $tblsc AS sc
LEFT JOIN $tbldg dg on dg.document = sc.id
LEFT JOIN $tbldgn dgn ON dgn.id = dg.document_group
WHERE (parent=$parent)
AND ($access OR sc.id IN ($allparents) OR NOT(dgn.private_memgroup<=>1)".(!$docgrp ? "":" OR dg.document_group IN ($docgrp)").")
ORDER BY $orderby", $modxDBConn);
}
/* The original code:
$sql = "SELECT DISTINCT sc.id, pagetitle, parent, isfolder, published, deleted, type, menuindex, hidemenu, alias, contentType, privateweb, privatemgr
FROM $tblsc AS sc
LEFT JOIN $tbldg dg on dg.document = sc.id
WHERE (parent=$parent)
AND ($access)
ORDER BY $orderby";
$result = mysql_query($sql, $modxDBConn);
*/
// End of modification