Item1918: fixed privacy issue

* other peoples private tags are only visible to admin now * changed the default value for visibility from =all= to =user= git-svn-id: http://svn.foswiki.org/trunk/TagsPlugin@7788 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Jun 14, 2010 · aa46922 · aa46922
1 parent 80d18d8
commit aa46922
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/data/System/VarTAGSEARCH.txt b/data/System/VarTAGSEARCH.txt
@@ -12,7 +12,7 @@
      | =user="wikiname"= <br /> =user="all"= | Filter the =user= dimension with this setting. Leave out the =%MAINWEB%= part here. <br /> *Note:* This is forced to the current user, if the =visibility= is set to =private=. | ="all"= |
      | =web="Name"= <br /> =web="%USERSWEB%, Know"= <br /> =web="all"= | Comma-separated list of webs to search. The special word =all= means all webs (inlcuding those which have the =NOSEARCHALL= preference set to =on=). Use =%= as a wildcard. | ="all"= |
      | =topic="Name"= <br /> =topic="<nop>TestTopic1, <nop>TestTopic2"= <br /> =topic="all"= | Comma-separated list of topics (without a webname) to search. The special word =all= means all topics. Use =%= as a wildcard. | ="all"= |
-     | =visibility="all"= <br /> =visibility="public"= <br /> =visibility="private"= <br /> =visibility="user"= | Filter by the public flag: either show all, only public or only private tags. =user= is a combination of "all public tags" and "my private tags". <br /> *Note:* You *must not* set a =user= parameter with =visibility=user=. | ="all"= |
+     | =visibility="all"= <br /> =visibility="public"= <br /> =visibility="private"= <br /> =visibility="user"= | Filter by the public flag: either show all, only public or only private tags. =user= is a combination of "all public tags" and "my private tags". <br /> *Note:* You *must not* set a =user= parameter with =visibility=user=. =all= is limited to admins. | ="user"= |
      | =header="..."= <br /> =format="..."= <br /> =footer="..."= | Custom format results: see table below for allowed variables. | depending on the =query= parameter, a simple list |
      | =alt="..."= | If nothing is found, =alt= is returned instead of =header=, =format= and =footer=. | =empty= |
      | =separator=", "= <br /> =sep=", "= | Separator _between_ search hits | =", "= |

diff --git a/lib/Foswiki/Plugins/TagsPlugin/TAGSEARCH.pm b/lib/Foswiki/Plugins/TagsPlugin/TAGSEARCH.pm
@@ -44,7 +44,7 @@ sub do {
     my $theTopic     = $params->{topic}      || '';
     my $theQuery     = $params->{query}      || 'tag';
     my $theOrder     = $params->{order}      || '';
-    my $thePublic    = $params->{visibility} || 'all';
+    my $thePublic    = $params->{visibility} || 'user';
     my $theAlt       = $params->{alt}        || '';
     my $theLimit     = $params->{limit}      || 0;
     my $theOffset    = $params->{offset}     || 0;
@@ -81,6 +81,10 @@ sub do {
       Foswiki::Func::isGroupMember( $Foswiki::cfg{TagsPlugin}{TagAdminGroup}
           || "AdminGroup" ) ? 1 : 0;
 
+    if ( $thePublic =~ /^all$/i && !$isTagAdmin ) {
+        $thePublic = "user";
+    }
+
     my $output    = '';
     my $statement = '';
     my @whereClauses;