25
Installed on my testserver, looks good so far.
There is however still a bug in visit.php
if you type the direct url to a attached file you are allowed to see it even if you dont have the right audience level, solved when added following code to visit.php
include_once 'class/class.newsstory.php';
// Do we have the right to see the file ?
$article = new AmsStory($sfiles->getStoryid());
$gperm_handler =& xoops_gethandler('groupperm');
if (is_object($xoopsUser)) {
$groups = $xoopsUser->getGroups();
} else {
$groups = XOOPS_GROUP_ANONYMOUS;
}
if (!$gperm_handler->checkRight("ams_audience", $article->audienceid, $groups, $xoopsModule->getVar('mid'))) {
redirect_header('index.php', 3, _NOPERM);
exit();
}