--- orig/forum_access.module 2007-01-06 15:17:04.000000000 +0700 +++ forum_access.module 2007-01-10 20:43:54.875000000 +0700 @@ -63,7 +63,7 @@ return; } global $user; - $roles = implode(', ', array_merge(array((bool) $user->uid), array_keys($user->roles))); + $roles = implode(', ', array_merge(array(intval((bool) $user->uid)), array_keys($user->roles))); $result = db_query("SELECT tid FROM {forum_access} WHERE rid IN (%s) AND grant_create = 1", $roles); while ($obj = db_fetch_object($result)) { $tids[$obj->tid] = $obj->tid; @@ -245,7 +245,7 @@ return; } global $user; - $roles = implode(', ', array_merge(array((bool) $user->uid), array_keys($user->roles))); + $roles = implode(', ', array_merge(array(intval((bool) $user->uid)), array_keys($user->roles))); $sql['join'] = "LEFT JOIN {forum_access} fa ON $primary_table.tid = fa.tid LEFT JOIN {acl} acl ON acl.name = $primary_table.tid AND acl.module = 'forum_access' LEFT JOIN acl_user aclu ON aclu.acl_id = acl.acl_id AND aclu.uid = $user->uid"; $sql['where'] = "(fa.grant_view >= 1 AND fa.rid IN ($roles)) OR fa.tid IS NULL OR aclu.uid = $user->uid"; $sql['distinct'] = 1; @@ -297,6 +297,9 @@ * to it. */ function forum_access_init() { + if (user_access('administer forums')) { + return; + } if (arg(0) == 'forum' && is_numeric(arg(1))) { global $user; if (!forum_access_access(arg(1), 'view')) { @@ -305,6 +308,15 @@ exit; } } + if (arg(0) == 'node' && is_numeric(arg(1))) { + global $user; + $tid = db_result(db_query("SELECT tid from {forum} WHERE nid = %d", arg(1))); + if (!forum_access_access($tid, 'view')) { + drupal_access_denied(); + module_invoke_all('exit'); + exit; + } + } } /** @@ -323,7 +335,7 @@ } if (!isset($cache[$tid])) { - $roles = implode(', ', array_merge(array((bool) $account->uid), array_keys($account->roles))); + $roles = implode(', ', array_merge(array(intval((bool) $account->uid)), array_keys($account->roles))); $result = db_result(db_query("SELECT tid FROM {forum_access} WHERE rid IN (%s) AND grant_$type = 1 AND tid = %d", $roles, $tid)); if ($result) {