From dce45087748d5d9ed3bf8dbbfc26b53e5d0f3768 Mon Sep 17 00:00:00 2001
From: Banana <mail@bananas-playground.net>
Date: Thu, 7 Jan 2021 12:04:16 +0100
Subject: [PATCH] show and edit only those collections which are writable for
 user

---
 webclient/lib/managecollections.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/webclient/lib/managecollections.class.php b/webclient/lib/managecollections.class.php
index 44585ea..a31328e 100644
--- a/webclient/lib/managecollections.class.php
+++ b/webclient/lib/managecollections.class.php
@@ -89,7 +89,7 @@ class ManageCollections {
 					FROM `".DB_PREFIX."_collection` AS c
 					LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id`
 					LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id`
-					WHERE ".$this->_User->getSQLRightsString("read", "c")."
+					WHERE ".$this->_User->getSQLRightsString("write", "c")."
 					ORDER BY `c`.`name`";
 		if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
 		try {
@@ -282,7 +282,7 @@ class ManageCollections {
 					FROM `".DB_PREFIX."_collection` AS c
 					LEFT JOIN `".DB_PREFIX."_user` AS u ON `c`.`owner` = `u`.`id`
 					LEFT JOIN `".DB_PREFIX."_group` AS g ON `c`.`group` = `g`.`id`
-					WHERE ".$this->_User->getSQLRightsString("read", "c")."
+					WHERE ".$this->_User->getSQLRightsString("write", "c")."
 					AND `c`.`id` = '".$this->_DB->real_escape_string($id)."'";
 			if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
 			try {
-- 
2.39.5