diff --git a/distributionView.php b/distributionView.php index 87ec568..5a6e879 100644 --- a/distributionView.php +++ b/distributionView.php @@ -119,6 +119,14 @@ else $oApp = new application($oVersion->iAppId); $oSubmitter = new User($oTest->iSubmitterId); $bgcolor = $oTest->sTestedRating; + + /* make sure the user can view the versions we list in the table */ + /* otherwise skip over displaying the entries in this table */ + if(!$_SESSION[current]->canViewApplication($oApp)) + continue; + if(!$_SESSION[current]->canViewVersion($oVersion)) + continue; + echo '',"\n"; echo '',"\n"; echo $oApp->sName.' '.$oVersion->sName.'',"\n"; diff --git a/include/distributions.php b/include/distributions.php index f749844..05ce49f 100644 --- a/include/distributions.php +++ b/include/distributions.php @@ -44,9 +44,25 @@ class distribution{ /* * We fetch Test Result Ids. */ - $sQuery = "SELECT testingId - FROM testResults - WHERE distributionId = ".$iDistributionId; + + if($_SESSION['current']->hasPriv("admin")) + { + $sQuery = "SELECT testingId + FROM testResults + WHERE distributionId = ".$iDistributionId; + } else /* only let users view test results that aren't queued and for apps that */ + /* aren't queued or versions that aren't queued */ + { + $sQuery = "SELECT testingId + FROM testResults, appFamily, appVersion + WHERE testResults.queued = 'false' AND + testResults.versionId = appVersion.versionId AND + appFamily.appId = appVersion.appId AND + appFamily.queued = 'false' AND + appVersion.queued = 'false' AND + distributionId = ".$iDistributionId; + } + if($hResult = query_appdb($sQuery)) { while($oRow = mysql_fetch_object($hResult))