Check meta permissions for "Existing attachments" panel

yurabakhtin · yurabakhtin · commit bb2e71326da4 · 2020-07-13T16:15:02.000+03:00
diff --git a/htsrv/async.php b/htsrv/async.php
@@ -1204,18 +1204,22 @@
 				if( $link_owner_class == 'Comment' )
 				{
 					$edited_Item = $LinkOwner->get_Item();
-					$item_ID = $edited_Item->ID;
 				}
 				else
 				{
-					$item_ID = $LinkOwner->link_Object->ID;
+					$edited_Item = $LinkOwner->Item;
 				}
+				$item_ID = $edited_Item->ID;
 
 				// Get list of comment IDs under Item or related to Comment:
 				$comments_SQL = new SQL( 'Get all the comments of an Item' );
 				$comments_SQL->SELECT( 'comment_ID' );
 				$comments_SQL->FROM( 'T_comments' );
 				$comments_SQL->WHERE( 'comment_item_ID = '.$DB->quote( $item_ID ) );
+				if( ! $edited_Item->can_meta_comment() )
+				{	// If current User doesn't have an access to meta comments:
+					$comments_SQL->WHERE( 'comment_type != "meta"' );
+				}
 				$comment_IDs = $DB->get_col( $comments_SQL );
 
 				$links_SQL = new SQL( 'Get all the links belonging to comments of an Item' );
@@ -1241,11 +1245,9 @@
 				else
 				{
 					global $Blog;
-					
+
 					if( empty( $Blog ) )
 					{
-						$ItemCache = & get_ItemCache();
-						$edited_Item = & $ItemCache->get_by_ID( $item_ID );
 						$Blog = $edited_Item->get_Blog();
 					}
 

Original file line number	Diff line number	Diff line change
`@@ -1204,18 +1204,22 @@`
`1204`	`1204`	`if( $link_owner_class == 'Comment' )`
`1205`	`1205`	`{`
`1206`	`1206`	`$edited_Item = $LinkOwner->get_Item();`
`1207`		`- $item_ID = $edited_Item->ID;`
`1208`	`1207`	`}`
`1209`	`1208`	`else`
`1210`	`1209`	`{`
`1211`		`- $item_ID = $LinkOwner->link_Object->ID;`
	`1210`	`+ $edited_Item = $LinkOwner->Item;`
`1212`	`1211`	`}`
	`1212`	`+ $item_ID = $edited_Item->ID;`
`1213`	`1213`
`1214`	`1214`	`// Get list of comment IDs under Item or related to Comment:`
`1215`	`1215`	`$comments_SQL = new SQL( 'Get all the comments of an Item' );`
`1216`	`1216`	`$comments_SQL->SELECT( 'comment_ID' );`
`1217`	`1217`	`$comments_SQL->FROM( 'T_comments' );`
`1218`	`1218`	`$comments_SQL->WHERE( 'comment_item_ID = '.$DB->quote( $item_ID ) );`
	`1219`	`+ if( ! $edited_Item->can_meta_comment() )`
	`1220`	`+ { // If current User doesn't have an access to meta comments:`
	`1221`	`+ $comments_SQL->WHERE( 'comment_type != "meta"' );`
	`1222`	`+ }`
`1219`	`1223`	`$comment_IDs = $DB->get_col( $comments_SQL );`
`1220`	`1224`
`1221`	`1225`	`$links_SQL = new SQL( 'Get all the links belonging to comments of an Item' );`
`@@ -1241,11 +1245,9 @@`
`1241`	`1245`	`else`
`1242`	`1246`	`{`
`1243`	`1247`	`global $Blog;`
`1244`		`-`
	`1248`	`+`
`1245`	`1249`	`if( empty( $Blog ) )`
`1246`	`1250`	`{`
`1247`		`- $ItemCache = & get_ItemCache();`
`1248`		`- $edited_Item = & $ItemCache->get_by_ID( $item_ID );`
`1249`	`1251`	`$Blog = $edited_Item->get_Blog();`
`1250`	`1252`	`}`
`1251`	`1253`