Index: nodequeue.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/nodequeue/nodequeue.module,v
retrieving revision 1.87
diff -u -p -r1.87 nodequeue.module
--- nodequeue.module	8 Jul 2009 15:04:34 -0000	1.87
+++ nodequeue.module	22 Jul 2009 00:51:52 -0000
@@ -1589,12 +1589,14 @@ function nodequeue_nids_visible($sqid = 
     global $user;
     $account = $user;
   }
+  $args[] = $sqid;
   $nids_visible = array();
   if (!user_access('administer nodes', $account)) {
-    $node_status_sql = ' AND n.status = 1';
+    $node_status_sql = ' AND (n.status = 1 OR n.uid = %d)';
+    $args[]= $user->uid;
   }
 
-  $query_restricted = db_query(db_rewrite_sql("SELECT DISTINCT(n.nid) FROM {node} n LEFT JOIN {nodequeue_nodes} nq ON nq.nid = n.nid WHERE nq.sqid = %d $node_status_sql ORDER BY nq.position $order"), $sqid); 
+  $query_restricted = db_query(db_rewrite_sql("SELECT DISTINCT(n.nid) FROM {node} n LEFT JOIN {nodequeue_nodes} nq ON nq.nid = n.nid WHERE nq.sqid = %d $node_status_sql ORDER BY nq.position $order"), $args); 
   while ($result_restricted = db_fetch_object($query_restricted)) {
     $nids_visible[$result_restricted->nid] = $result_restricted->nid;
   }
@@ -2739,11 +2741,14 @@ function nodequeue_api_autocomplete($que
 
   global $user;
   if (!user_access('administer nodes', $user)) {
-    $where = 'n.status = 1 AND ';
+    $where = '(n.status = 1 or n.uid = %d) AND ';
+    $args[] = $user->uid;
   }
 
   $where .= "n.type IN (". db_placeholders($queue->types, 'varchar') .')';
-  $where_args = $queue->types;
+  foreach ($queue->types as $key => $value) {
+    $args[] = $value;
+  }
 
   // Run a match to see if they're specifying by nid.
   $preg_matches = array();
@@ -2755,21 +2760,21 @@ function nodequeue_api_autocomplete($que
   if ($match) {
     // If it found a nid via specification, reduce our resultset to just that nid.
     $where .= " AND n.nid = %d";
-    array_push($where_args, $preg_matches[1]);
+    $args[] = $preg_matches[1];
   }
   else {
     // Build the constant parts of the query.
     $where .= " AND LOWER(n.title) LIKE LOWER('%s%%')";
-    array_push($where_args, $string);
+    $args[] = $string;
   }
 
   // Call to the API.
   $function = $queue->owner ."_nodequeue_autocomplete";
   if (function_exists($function)) {
-    return $function($queue, $subqueue, $string, $where, $where_args);
+    return $function($queue, $subqueue, $string, $where, $args);
   }
   else {
-    $result = db_query_range(db_rewrite_sql("SELECT n.nid, n.title FROM {node} n WHERE $where"), $where_args, 0, 10);
+    $result = db_query_range(db_rewrite_sql("SELECT n.nid, n.title FROM {node} n WHERE $where"), $args, 0, 10);
     while ($node = db_fetch_object($result)) {
       $matches[$node->nid] = check_plain($node->title) ." [nid: $node->nid]";
     }
