summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2010-12-28 09:38:48 +0100
committerYorhel <git@yorhel.nl>2010-12-28 09:38:48 +0100
commitccca3774059b8befd99032cac37b102151ebd6d0 (patch)
tree9fb5df72aada6aac09da83ca308b6bd34d85a5e4 /lib
parent26854037e8e4d77653adf2619f1cc2da1b5b736d (diff)
Bugfix: *properly* check for access priviledge on users' lists
Bug introduced in 6ff1efe0d07e24e9fb2db199c308c6cbed51e578.
Diffstat (limited to 'lib')
-rw-r--r--lib/VNDB/Handler/ULists.pm6
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/VNDB/Handler/ULists.pm b/lib/VNDB/Handler/ULists.pm
index 870f634a..403b391d 100644
--- a/lib/VNDB/Handler/ULists.pm
+++ b/lib/VNDB/Handler/ULists.pm
@@ -119,7 +119,7 @@ sub votelist {
return 404 if !$obj->{id};
my $own = $type eq 'u' && $self->authInfo->{id} && $self->authInfo->{id} == $id;
- return 404 if $type eq 'u' && !$own && ($obj->{hide_list} || $self->authCan('usermod'));
+ return 404 if $type eq 'u' && !$own && !(!$obj->{hide_list} || $self->authCan('usermod'));
my $f = $self->formValidate(
{ name => 'p', required => 0, default => 1, template => 'int' },
@@ -223,7 +223,7 @@ sub wishlist {
my $own = $self->authInfo->{id} && $self->authInfo->{id} == $uid;
my $u = $self->dbUserGet(uid => $uid, what => 'hide_list')->[0];
- return 404 if !$u || !$own && ($u->{hide_list} || $self->authCan('usermod'));
+ return 404 if !$u || !$own && !(!$u->{hide_list} || $self->authCan('usermod'));
my $f = $self->formValidate(
{ name => 'p', required => 0, default => 1, template => 'int' },
@@ -325,7 +325,7 @@ sub vnlist {
my $own = $self->authInfo->{id} && $self->authInfo->{id} == $uid;
my $u = $self->dbUserGet(uid => $uid, what => 'hide_list')->[0];
- return 404 if !$u || !$own && ($u->{hide_list} || $self->authCan('usermod'));
+ return 404 if !$u || !$own && !(!$u->{hide_list} || $self->authCan('usermod'));
my $f = $self->formValidate(
{ name => 'p', required => 0, default => 1, template => 'int' },