[dicom_archive/imaging_uploader] Residual fixes for advanced permissions #9761
Conversation
github-actions
bot
added
Language: SQL
ridz1208
added
the
Critical to release
|
@nicolasbrossard the issue was just static, feel free to review and test when you get a chance |
| if ($advancedperms === 'true') { | ||
| // If config setting is enabled, check the user's sites and projects | ||
| // site/project match + user's own uploads | ||
| $where = $where . " AND s.ProjectID IN ('$projectString')"; |
There was a problem hiding this comment.
This will not work if you put single quotes around $projectString. Why not use
$where = $where . " AND FIND_IN_SET(s.ProjectID, :projectString)";
and bind $projectString to projectString when calling pselectRow?
(same thing for $centerString)
There was a problem hiding this comment.
@nicolasbrossard just curious why it doesnt work? the single quotes will match the ones in the JOIN function for centerstring and projectstring.
its also a copy of the code in here https://github.com/aces/Loris/blob/main/modules/imaging_uploader/php/imaging_uploader.class.inc#L100
I dont mind FIND_IN_SET() I just hadn't used it in a while, so if this is problematic I'll switch to it
There was a problem hiding this comment.
Oh you are right! I had not noticed that $projectString was set to implode("','", $user->getProjectIDs());. I had not noticed that each project ID was surrounded with single quote so your solution will work. All good then.
Brief summary of changes
Testing instructions (if applicable)
Link(s) to related issue(s)