diff options
author | Yorhel <git@yorhel.nl> | 2010-12-28 09:38:48 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2010-12-28 09:38:48 +0100 |
commit | ccca3774059b8befd99032cac37b102151ebd6d0 (patch) | |
tree | 9fb5df72aada6aac09da83ca308b6bd34d85a5e4 /lib | |
parent | 26854037e8e4d77653adf2619f1cc2da1b5b736d (diff) |
Bugfix: *properly* check for access priviledge on users' lists
Bug introduced in 6ff1efe0d07e24e9fb2db199c308c6cbed51e578.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/VNDB/Handler/ULists.pm | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/VNDB/Handler/ULists.pm b/lib/VNDB/Handler/ULists.pm index 870f634a..403b391d 100644 --- a/lib/VNDB/Handler/ULists.pm +++ b/lib/VNDB/Handler/ULists.pm @@ -119,7 +119,7 @@ sub votelist { return 404 if !$obj->{id}; my $own = $type eq 'u' && $self->authInfo->{id} && $self->authInfo->{id} == $id; - return 404 if $type eq 'u' && !$own && ($obj->{hide_list} || $self->authCan('usermod')); + return 404 if $type eq 'u' && !$own && !(!$obj->{hide_list} || $self->authCan('usermod')); my $f = $self->formValidate( { name => 'p', required => 0, default => 1, template => 'int' }, @@ -223,7 +223,7 @@ sub wishlist { my $own = $self->authInfo->{id} && $self->authInfo->{id} == $uid; my $u = $self->dbUserGet(uid => $uid, what => 'hide_list')->[0]; - return 404 if !$u || !$own && ($u->{hide_list} || $self->authCan('usermod')); + return 404 if !$u || !$own && !(!$u->{hide_list} || $self->authCan('usermod')); my $f = $self->formValidate( { name => 'p', required => 0, default => 1, template => 'int' }, @@ -325,7 +325,7 @@ sub vnlist { my $own = $self->authInfo->{id} && $self->authInfo->{id} == $uid; my $u = $self->dbUserGet(uid => $uid, what => 'hide_list')->[0]; - return 404 if !$u || !$own && ($u->{hide_list} || $self->authCan('usermod')); + return 404 if !$u || !$own && !(!$u->{hide_list} || $self->authCan('usermod')); my $f = $self->formValidate( { name => 'p', required => 0, default => 1, template => 'int' }, |