madeon (madeon) wrote in changelog,
madeon
madeon
changelog

[livejournal] r20780: LJSUP-10315: Problems with access to adm...

Committer: sbelyaev
LJSUP-10315: Problems with access to admin/topentries.bml
U   trunk/cgi-bin/LJ/TopEntries.pm
Modified: trunk/cgi-bin/LJ/TopEntries.pm
===================================================================
--- trunk/cgi-bin/LJ/TopEntries.pm	2011-12-14 09:26:11 UTC (rev 20779)
+++ trunk/cgi-bin/LJ/TopEntries.pm	2011-12-14 09:53:33 UTC (rev 20780)
@@ -5,8 +5,8 @@
 use Carp qw(croak);
 use LJ::ExtBlock;
 use Storable qw//;
+use LJ::RelationService;
 
-
 =head
    ·         Arts & Culture
    ·         Books & Writing
@@ -91,7 +91,7 @@
     my $class = shift;
     my $u = shift;
 
-    return @order if LJ::check_priv($u, "siteadmin", "topentries");
+    return () unless LJ::check_priv($u, "siteadmin", "topentries");
 
     my @result;
 
@@ -99,11 +99,15 @@
         my $comm_name = $community_for_domain{$candidate};
         $comm_name = $candidate unless $comm_name;
         my $comm = LJ::load_user($comm_name);
+        my $allow_access = LJ::check_rel($comm, $u, 'S') || 
+                           LJ::check_rel($comm, $u, 'A') || 
+                           LJ::check_rel($comm, $u, 'M');
+
+        next unless $allow_access;
         next unless $comm;
 
         push @result, $candidate if $u and $u->can_manage($comm);
     }
-
     return @result;
 }
 

Tags: livejournal, madeon, pm, sbelyaev
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 0 comments