Skip to content

Commit

Permalink
Check ACL before showing ns
Browse files Browse the repository at this point in the history 
Fixes samuelet#309
  • Loading branch information
@eduardomozart
eduardomozart authored Mar 28, 2024
1 parent 6936bfc commit 3a358e1
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion Search.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,9 @@ private function makeNodes(&$data, $indexLatestParsedItem, $previousLevel, &$nod

if ($item['type'] === 'f' || !empty($node['children']) || isset($node['lazy']) || $item['hns'] !== false) {
// add only files, non-empty folders, lazy-loaded or folder with only a headpage
$nodes[] = $node;
if(auth_quickaclcheck($item['id'])) {
$nodes[] = $node;
}
}

$previousLevel = $item['level'];
Expand Down

1 comment on commit 3a358e1

@Klap-in
Copy link

@Klap-in Klap-in commented on 3a358e1 Aug 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actual acl checking should already occur earlier.
However, for simpler lazy-loading, here the DokuWiki assumption for showing namespaces is followed (see https://www.dokuwiki.org/config:sneaky_index).
For showing namespaces only if these contain any allowed pages (while the namespace might be not allowed at higher levels) checking of all lower levels is needed. This needs a lot of extra work in case of lazyloading. Workaround is using the max#n(#m) setting, which determines how many levels are retrieved at once via AJAX.

Please sign in to comment.