Index: openacs-4/packages/new-portal/tcl/portal-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/new-portal/tcl/portal-procs.tcl,v diff -u -r1.2 -r1.3 --- openacs-4/packages/new-portal/tcl/portal-procs.tcl 29 Sep 2001 17:06:11 -0000 1.2 +++ openacs-4/packages/new-portal/tcl/portal-procs.tcl 29 Sep 2001 17:18:18 -0000 1.3 @@ -58,37 +58,22 @@ @creation-date 9/28/2001 } { + +set user_id [ad_conn user_id] + db_0or1row select_portal_and_layout " select p.portal_id, p.name, p.owner_id, l.filename as layout from portals p, portal_layouts l - where p.portal_id = :portal_id" -column_array portal + where p.portal_id = :portal_id + and l.layout_id = p.layout_id + and p.owner_id = :user_id" -column_array portal -if { ! [info exists portal(portal_id)] } { - if { ! [info exists portal_id] } { - if { $admin_p } { - ad_returnredirect "portal-ae?edit_default_p=1" - } else { - ad_return_abort_complaint 1 "This portal is not yet configured. Please try again later." - } - } else { - ad_return_complaint 1 "That portal (portal_id $portal_id) doesn't exist in this instance. Perhaps it's been deleted?" - } - ad_script_abort -} +# XXX some security needed here -if { ! $read_p } { - if { ! [ info exists portal_id ] } { - ad_return_complaint 1 "You don't have permission to view this portal." - } else { - # fix this link. There's little chance it's right. - ad_return_complaint 1 "You don't have permission to view this portal. You could try the default." - } - ad_script_abort -} # put the element IDs into buckets by region... foreach entry_list [portal_get_elements $portal(portal_id)] { @@ -343,8 +328,7 @@ db_foreach select_p_e_map " select m.element_id, m.region, m.sort_key from portal_element_map m - where m.portal_id = :portal_id and - acs_permission.permission_p(m.element_id, :user_id, 'read') = 't' + where m.portal_id = :portal_id order by region, sort_key, element_id" -column_array entry { lappend entries [array get entry] } if_no_rows {