From c95d7c69eb3135f137390323a09eb105776ce29c Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Wed, 24 Feb 2016 18:54:52 -0800
Subject: issue #216 - calendar sharing

---
 include/security.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

(limited to 'include/security.php')

diff --git a/include/security.php b/include/security.php
index ee94dba82..215cc92cb 100644
--- a/include/security.php
+++ b/include/security.php
@@ -148,7 +148,7 @@ function change_channel($change_channel) {
  * @return string additional SQL where statement
  */
 
-function permissions_sql($owner_id, $remote_observer = null) {
+function permissions_sql($owner_id, $remote_observer = null, $table = '') {
 
 	$local_channel = local_channel();
 
@@ -158,10 +158,14 @@ function permissions_sql($owner_id, $remote_observer = null) {
 	 * default permissions - anonymous user
 	 */
 
-	$sql = " AND allow_cid = '' 
-			 AND allow_gid = '' 
-			 AND deny_cid  = '' 
-			 AND deny_gid  = '' 
+	if($table)
+		$table .= '.';
+
+
+	$sql = " AND {$table}allow_cid = '' 
+			 AND {$table}allow_gid = '' 
+			 AND {$table}deny_cid  = '' 
+			 AND {$table}deny_gid  = '' 
 	";
 
 	/**
@@ -193,8 +197,8 @@ function permissions_sql($owner_id, $remote_observer = null) {
 			}
 			$regexop = db_getfunc('REGEXP');
 			$sql = sprintf(
-				" AND ( NOT (deny_cid like '%s' OR deny_gid $regexop '%s')
-				  AND ( allow_cid like '%s' OR allow_gid $regexop '%s' OR ( allow_cid = '' AND allow_gid = '') )
+				" AND ( NOT ({$table}deny_cid like '%s' OR {$table}deny_gid $regexop '%s')
+				  AND ( {$table}allow_cid like '%s' OR {$table}allow_gid $regexop '%s' OR ( {$table}allow_cid = '' AND {$table}allow_gid = '') )
 				  )
 				",
 				dbesc(protect_sprintf( '%<' . $observer . '>%')),
-- 
cgit v1.2.3