Commit 6b7a5d16 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Fix up leakage of experiment names to non-project members.

parent b538978f
...@@ -106,7 +106,7 @@ if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP) || ...@@ -106,7 +106,7 @@ if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP) ||
# #
# A list of Group experiments. # A list of Group experiments.
# #
SHOWEXPLIST("GROUP",$pid,$gid); SHOWEXPLIST("GROUP", $uid, $pid, $gid);
if ($isadmin) { if ($isadmin) {
echo "<center> echo "<center>
......
...@@ -109,7 +109,7 @@ echo "</center>\n"; ...@@ -109,7 +109,7 @@ echo "</center>\n";
# #
# A list of project experiments. # A list of project experiments.
# #
SHOWEXPLIST("PROJ",$pid); SHOWEXPLIST("PROJ", $uid, $pid);
if ($isadmin) { if ($isadmin) {
echo "<center> echo "<center>
......
...@@ -999,7 +999,7 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") { ...@@ -999,7 +999,7 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") {
# #
# Show a listing of experiments by user/pid/gid # Show a listing of experiments by user/pid/gid
# #
function SHOWEXPLIST($type,$id,$gid = "") { function SHOWEXPLIST($type,$fromuid,$id,$gid = "") {
global $TB_EXPTSTATE_SWAPPED, $TB_EXPTSTATE_SWAPPING; global $TB_EXPTSTATE_SWAPPED, $TB_EXPTSTATE_SWAPPING;
if ($type == "USER") { if ($type == "USER") {
...@@ -1017,14 +1017,29 @@ function SHOWEXPLIST($type,$id,$gid = "") { ...@@ -1017,14 +1017,29 @@ function SHOWEXPLIST($type,$id,$gid = "") {
$where = "e.eid='$id'"; $where = "e.eid='$id'";
$title = "Bad id '$id'!"; $title = "Bad id '$id'!";
} }
$query_result = if (ISADMIN()) {
DBQueryFatal("select e.*,count(r.node_id) as nodes, ". $query_result =
"round(minimum_nodes+.1,0) as min_nodes ". DBQueryFatal("select e.*,count(r.node_id) as nodes, ".
"from experiments as e ". "round(minimum_nodes+.1,0) as min_nodes ".
"left join reserved as r on e.pid=r.pid and e.eid=r.eid ". "from experiments as e ".
"where $where ". "left join reserved as r on e.pid=r.pid and ".
"group by e.pid,e.eid order by e.state,e.eid"); " e.eid=r.eid ".
"where $where ".
"group by e.pid,e.eid order by e.state,e.eid");
}
else {
$query_result =
DBQueryFatal("select e.*,count(r.node_id) as nodes, ".
"round(minimum_nodes+.1,0) as min_nodes ".
"from experiments as e ".
"left join reserved as r on e.pid=r.pid and ".
" e.eid=r.eid ".
"left join group_membership as g on g.pid=e.pid and ".
" g.gid=e.gid and g.uid='$fromuid' ".
"where g.uid is not null and ($where) ".
"group by e.pid,e.eid order by e.state,e.eid");
}
if (mysql_num_rows($query_result)) { if (mysql_num_rows($query_result)) {
echo "<center> echo "<center>
......
...@@ -89,7 +89,7 @@ echo "<h3><a href=\"#PROFILE\">Manage User Profile</a></h3>\n"; ...@@ -89,7 +89,7 @@ echo "<h3><a href=\"#PROFILE\">Manage User Profile</a></h3>\n";
# #
# Lets show Experiments. # Lets show Experiments.
# #
SHOWEXPLIST("USER",$target_uid); SHOWEXPLIST("USER", $uid, $target_uid);
# #
# Lets show project and group membership. # Lets show project and group membership.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment