appdb/. screenshots.php

[WineHQ]

ChangeSet ID:	31254
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner at winehq.org	2007/07/16 23:44:17

Modified files:
	.              : screenshots.php 

Log message:
	Chris Morgan <cmorgan at alum.wpi.edu>
	Screenshots were incorrectly displaying 'Delete Image' links when the user had no permission to
	do so. Bug was that the version id used for User::isMaintainer() was 0, which caused
	Maintainer::isUserMaintainer() to return true if the user was a maintainer of any application.
	Switch to using the version id of the screenshot image being displayed and cache the value to
	reduce database queries. Also switch to using prefixed naming for a variable that wasn't.

Patch: http://cvs.winehq.org/patch.py?id=31254

Old revision  New revision  Changes     Path
 1.46          1.47          +18 -7      appdb/screenshots.php

Index: appdb/screenshots.php
diff -u -p appdb/screenshots.php:1.46 appdb/screenshots.php:1.47
--- appdb/screenshots.php:1.46	17 Jul 2007  4:44:17 -0000
+++ appdb/screenshots.php	17 Jul 2007  4:44:17 -0000
@@ -55,7 +55,7 @@ if($aClean['sCmd'])
 
 
 // we didn't issued any command
-$hResult = Screenshot::get_screenshots($aClean['iAppId'], $aClean['iVersionId']);   
+$hResult = Screenshot::get_screenshots($aClean['iAppId'], $aClean['iVersionId']);
 apidb_header("Screenshots");
 $oApp = new Application($aClean['iAppId']);
 $oVersion = new Version($aClean['iVersionId']);
@@ -66,22 +66,29 @@ if($hResult && mysql_num_rows($hResult))
 
     // display thumbnails
     $c = 1;
+
+    // optimization so we don't have to perform as many database queries
+    // only update this variable when $iCurrentVersionId changes
+    $bUserIsMaintainerOfVersion = false;
+
     echo "<div align=center><table><tr>\n";
     while($oRow = mysql_fetch_object($hResult))
     {
         // if the current version changed then update the current version
         // and close the previous html frame if this isn't the
         // first frame
-        if(!$aClean['iVersionId'] && $oRow->versionId != $currentVersionId)
+        if(!$aClean['iVersionId'] && $oRow->versionId != $iCurrentVersionId)
         {
-            if($currentVersionId)
+            if($iCurrentVersionId)
             {
                 echo "</tr></table></div>\n";
                 echo html_frame_end();
                 $c=1;
             }
-            $currentVersionId = $oRow->versionId;
-            echo html_frame_start("Version ".Version::lookup_name($currentVersionId));
+            $iCurrentVersionId = $oRow->versionId;
+            $bUserIsMaintainerOfVersion = $_SESSION['current']->isMaintainer($iCurrentVersionId); 
+
+            echo html_frame_start("Version ".Version::lookup_name($iCurrentVersionId));
             echo "<div align=center><table><tr>\n";
         }
         $oScreenshot = new Screenshot($oRow->id);
@@ -92,8 +99,12 @@ if($hResult && mysql_num_rows($hResult))
         echo "<div align=center>". substr($oRow->description,0,20). "\n";
         
         //show admin delete link
-        if($_SESSION['current']->isLoggedIn() && ($_SESSION['current']->hasPriv("admin") || 
-               $_SESSION['current']->isMaintainer($aClean['iVersionId'])))
+        if($_SESSION['current']->isLoggedIn() &&
+            (
+              $_SESSION['current']->hasPriv("admin") ||
+              $bUserIsMaintainerOfVersion
+            )
+          )
         {
             echo "<br />[<a href='screenshots.php?sCmd=delete&iImageId=$oRow->id&iAppId=".$aClean['iAppId']."&iVersionId=".$aClean['iVersionId']."'>Delete Image</a>]";
         }