From: Banana <mail@bananas-playground.net>
Date: Thu, 7 Jan 2021 11:04:16 +0000 (+0100)
Subject: show and edit only those collections which are writable for user
X-Git-Tag: 1.1~32
X-Git-Url: http://91.132.146.200/gitweb/?a=commitdiff_plain;h=dce45087748d5d9ed3bf8dbbfc26b53e5d0f3768;p=bibliotheca-php.git

show and edit only those collections which are writable for user
---

diff --git a/webclient/lib/managecollections.class.php b/webclient/lib/managecollections.class.php
index 44585ea..a31328e 100644
--- a/webclient/lib/managecollections.class.php
+++ b/webclient/lib/managecollections.class.php
@@ -89,7 +89,7 @@ class ManageCollections {
 					FROM `".DB_PREFIX."_collection` AS c
 					LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id`
 					LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id`
-					WHERE ".$this->_User->getSQLRightsString("read", "c")."
+					WHERE ".$this->_User->getSQLRightsString("write", "c")."
 					ORDER BY `c`.`name`";
 		if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
 		try {
@@ -282,7 +282,7 @@ class ManageCollections {
 					FROM `".DB_PREFIX."_collection` AS c
 					LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id`
 					LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id`
-					WHERE ".$this->_User->getSQLRightsString("read", "c")."
+					WHERE ".$this->_User->getSQLRightsString("write", "c")."
 					AND `c`.`id` = '".$this->_DB->real_escape_string($id)."'";
 			if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
 			try {