Restrict search result by default for non admin user

This avoids getting a result set then skipping them all because the user doesn't have permission to see them. Ending up with an empty page. Refs T1777
ushahidi · Aug 19, 2015 · 6f93b3e · 6f93b3e
1 parent a14e286
commit 6f93b3e
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/application/classes/Ushahidi/Repository/Post.php b/application/classes/Ushahidi/Repository/Post.php
@@ -439,6 +439,20 @@ protected function setSearchConditions(SearchData $search)
 					->on('posts.id', '=', 'Filter_'.ucfirst($key).'.post_id');
 			}
 		}
+
+		$user = $this->getUser();
+		// If there's no logged in user, or the user isn't admin
+		// restrict our search to make sure we still return SOME results
+		// they are allowed to see
+		if (!$user->id) {
+			$query->where("$table.status", '=', 'published');
+		} elseif ($user->role !== 'admin') {
+			$query
+				->and_where_open()
+				->where("$table.status", '=', 'published')
+				->or_where("$table.user_id", '=', $user->id)
+				->and_where_close();
+		}
 	}
 
 	// SearchRepository