commit 17b5a86c4aa1e273e80eb84a573df3160334d645
parent 491f0e4939268d426956ebd7021df1c400ced019
Author: Jan Dankert <develop@jandankert.de>
Date: Mon, 25 Apr 2022 23:12:32 +0200
Fix: Only show objects which are readable.
Diffstat:
1 file changed, 38 insertions(+), 31 deletions(-)
diff --git a/modules/util/Tree.class.php b/modules/util/Tree.class.php
@@ -407,18 +407,20 @@ class Tree
if (BaseObject::available($value->linkToObjectId)) {
$o = new BaseObject($value->linkToObjectId);
$o->load();
- $treeElement = new TreeElement();
- $treeElement->type = $o->getType();
- $treeElement->action = $o->getType();
- $treeElement->id = $o->objectid;
- $treeElement->internalId = $o->objectid;
- $treeElement->extraId = array();
- $treeElement->text = $o->getName();
- $treeElement->description = L::lang('' . $o->getType()) . ' ' . $o->objectid;
-
- $this->addTreeElement($treeElement);
+ if ( $o->hasRight( Permission::ACL_READ ) ) {
+
+ $treeElement = new TreeElement();
+ $treeElement->type = $o->getType();
+ $treeElement->action = $o->getType();
+ $treeElement->id = $o->objectid;
+ $treeElement->internalId = $o->objectid;
+ $treeElement->extraId = array();
+ $treeElement->text = $o->getName();
+ $treeElement->description = L::lang('' . $o->getType()) . ' ' . $o->objectid;
+
+ $this->addTreeElement($treeElement);
+ }
}
-
}
}
@@ -467,32 +469,37 @@ class Tree
$o = new BaseObject($link->linkedObjectId);
$o->load();
- $treeElement = new TreeElement();
- $treeElement->id = $o->objectid;
- $treeElement->internalId = $o->objectid;
- $treeElement->text = $o->getName();
- $treeElement->description = L::lang('' . $o->getType()) . ' ' . $id;
+ if ( $o->hasRight( Permission::ACL_READ ) ) {
+ // Object is readable
- $defaultName = $o->getDefaultName();
+ $treeElement = new TreeElement();
+ $treeElement->id = $o->objectid;
+ $treeElement->internalId = $o->objectid;
+ $treeElement->text = $o->getName();
+ $treeElement->description = L::lang('' . $o->getType()) . ' ' . $id;
- if ($defaultName->description )
- $treeElement->description .= ': ' . $defaultName->description;
- else
- $treeElement->description .= ' - ' . L::lang('NO_DESCRIPTION_AVAILABLE');
+ $defaultName = $o->getDefaultName();
- $treeElement->action = $o->getType();
- $treeElement->icon = $o->getType();
- $treeElement->extraId = array(RequestParams::PARAM_LANGUAGE_ID => $_REQUEST[RequestParams::PARAM_LANGUAGE_ID], RequestParams::PARAM_MODEL_ID => $_REQUEST[RequestParams::PARAM_MODEL_ID]);
+ if ($defaultName->description )
+ $treeElement->description .= ': ' . $defaultName->description;
+ else
+ $treeElement->description .= ' - ' . L::lang('NO_DESCRIPTION_AVAILABLE');
- // Besonderheiten fuer bestimmte Objekttypen
+ $treeElement->action = $o->getType();
+ $treeElement->icon = $o->getType();
+ $treeElement->extraId = array(RequestParams::PARAM_LANGUAGE_ID => $_REQUEST[RequestParams::PARAM_LANGUAGE_ID], RequestParams::PARAM_MODEL_ID => $_REQUEST[RequestParams::PARAM_MODEL_ID]);
- if ($o->isPage) {
- // Nur wenn die Seite beschreibbar ist, werden die
- // Elemente im Baum angezeigt
- if ($o->hasRight(Permission::ACL_WRITE))
- $treeElement->type = 'pageelements';
+ // Besonderheiten fuer bestimmte Objekttypen
+
+ if ($o->isPage) {
+ // Nur wenn die Seite beschreibbar ist, werden die
+ // Elemente im Baum angezeigt
+ if ($o->hasRight(Permission::ACL_WRITE))
+ $treeElement->type = 'pageelements';
+ }
+ $this->addTreeElement($treeElement);
}
- $this->addTreeElement($treeElement);
+
}
