appdb/. screenshots.php - wine-commits

17 Jul 2007

ChangeSet ID:	31254
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner@winehq.org	2007/07/16 23:44:17
Modified files:
    .              : screenshots.php
Log message:
    Chris Morgan cmorgan@alum.wpi.edu
    Screenshots were incorrectly displaying 'Delete Image' links when the user had no permission to
    do so. Bug was that the version id used for User::isMaintainer() was 0, which caused
    Maintainer::isUserMaintainer() to return true if the user was a maintainer of any application.
    Switch to using the version id of the screenshot image being displayed and cache the value to
    reduce database queries. Also switch to using prefixed naming for a variable that wasn't.
Patch: http://cvs.winehq.org/patch.py?id=31254
Old revision  New revision  Changes     Path
 1.46          1.47          +18 -7      appdb/screenshots.php
Index: appdb/screenshots.php
diff -u -p appdb/screenshots.php:1.46 appdb/screenshots.php:1.47

--- appdb/screenshots.php:1.46	17 Jul 2007  4:44:17 -0000
+++ appdb/screenshots.php	17 Jul 2007  4:44:17 -0000
@@ -55,7 +55,7 @@ if($aClean['sCmd'])
// we didn't issued any command
-$hResult = Screenshot::get_screenshots($aClean['iAppId'], $aClean['iVersionId']);   
+$hResult = Screenshot::get_screenshots($aClean['iAppId'], $aClean['iVersionId']);
 apidb_header("Screenshots");
 $oApp = new Application($aClean['iAppId']);
 $oVersion = new Version($aClean['iVersionId']);
@@ -66,22 +66,29 @@ if($hResult && mysql_num_rows($hResult))
// display thumbnails
     $c = 1;
+
+    // optimization so we don't have to perform as many database queries
+    // only update this variable when $iCurrentVersionId changes
+    $bUserIsMaintainerOfVersion = false;
+
     echo "<div align=center><table><tr>\n";
     while($oRow = mysql_fetch_object($hResult))
     {
         // if the current version changed then update the current version
         // and close the previous html frame if this isn't the
         // first frame
-        if(!$aClean['iVersionId'] && $oRow->versionId != $currentVersionId)
+        if(!$aClean['iVersionId'] && $oRow->versionId != $iCurrentVersionId)
         {
-            if($currentVersionId)
+            if($iCurrentVersionId)
             {
                 echo "</tr></table></div>\n";
                 echo html_frame_end();
                 $c=1;
             }
-            $currentVersionId = $oRow->versionId;
-            echo html_frame_start("Version ".Version::lookup_name($currentVersionId));
+            $iCurrentVersionId = $oRow->versionId;
+            $bUserIsMaintainerOfVersion = $_SESSION['current']->isMaintainer($iCurrentVersionId); 
+
+            echo html_frame_start("Version ".Version::lookup_name($iCurrentVersionId));
             echo "<div align=center><table><tr>\n";
         }
         $oScreenshot = new Screenshot($oRow->id);
@@ -92,8 +99,12 @@ if($hResult && mysql_num_rows($hResult))
         echo "<div align=center>". substr($oRow->description,0,20). "\n";
//show admin delete link
-        if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || 
-               $_SESSION['current']->isMaintainer($aClean['iVersionId'])))
+        if($_SESSION['current']->isLoggedIn() &&
+            (
+              $_SESSION['current']->hasPriv("admin") ||
+              $bUserIsMaintainerOfVersion
+            )
+          )
         {
             echo "<br />[<a href='screenshots.php?sCmd=delete&iImageId=$oRow->id&iAppId=".$aClean['iAppId']."&iVersionId=".$aClean['iVersionId']."'>Delete Image</a>]";
         }

    