Commit 6b7a5d16 authored by Leigh Stoller's avatar Leigh Stoller

Fix up leakage of experiment names to non-project members.

parent b538978f
......@@ -106,7 +106,7 @@ if (TBProjAccessCheck($uid, $pid, $gid, $TB_PROJECT_EDITGROUP) ||
#
# A list of Group experiments.
#
SHOWEXPLIST("GROUP",$pid,$gid);
SHOWEXPLIST("GROUP", $uid, $pid, $gid);
if ($isadmin) {
echo "<center>
......
......@@ -109,7 +109,7 @@ echo "</center>\n";
#
# A list of project experiments.
#
SHOWEXPLIST("PROJ",$pid);
SHOWEXPLIST("PROJ", $uid, $pid);
if ($isadmin) {
echo "<center>
......
......@@ -999,7 +999,7 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") {
#
# Show a listing of experiments by user/pid/gid
#
function SHOWEXPLIST($type,$id,$gid = "") {
function SHOWEXPLIST($type,$fromuid,$id,$gid = "") {
global $TB_EXPTSTATE_SWAPPED, $TB_EXPTSTATE_SWAPPING;
if ($type == "USER") {
......@@ -1017,14 +1017,29 @@ function SHOWEXPLIST($type,$id,$gid = "") {
$where = "e.eid='$id'";
$title = "Bad id '$id'!";
}
$query_result =
DBQueryFatal("select e.*,count(r.node_id) as nodes, ".
"round(minimum_nodes+.1,0) as min_nodes ".
"from experiments as e ".
"left join reserved as r on e.pid=r.pid and e.eid=r.eid ".
"where $where ".
"group by e.pid,e.eid order by e.state,e.eid");
if (ISADMIN()) {
$query_result =
DBQueryFatal("select e.*,count(r.node_id) as nodes, ".
"round(minimum_nodes+.1,0) as min_nodes ".
"from experiments as e ".
"left join reserved as r on e.pid=r.pid and ".
" e.eid=r.eid ".
"where $where ".
"group by e.pid,e.eid order by e.state,e.eid");
}
else {
$query_result =
DBQueryFatal("select e.*,count(r.node_id) as nodes, ".
"round(minimum_nodes+.1,0) as min_nodes ".
"from experiments as e ".
"left join reserved as r on e.pid=r.pid and ".
" e.eid=r.eid ".
"left join group_membership as g on g.pid=e.pid and ".
" g.gid=e.gid and g.uid='$fromuid' ".
"where g.uid is not null and ($where) ".
"group by e.pid,e.eid order by e.state,e.eid");
}
if (mysql_num_rows($query_result)) {
echo "<center>
......
......@@ -89,7 +89,7 @@ echo "<h3><a href=\"#PROFILE\">Manage User Profile</a></h3>\n";
#
# Lets show Experiments.
#
SHOWEXPLIST("USER",$target_uid);
SHOWEXPLIST("USER", $uid, $target_uid);
#
# Lets show project and group membership.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment