-1

I am currently writing my own permission class for my forum and i've run into a small problem that I really can understand.

I have the following function:

function editTopic($perm_edit_topic, $id, $user_id, $my_id, $permission){

  if($perm_edit_topic == true && $user_id == $my_id OR $permission == 0 XOR $permission == 1){ 

        echo '<a href="/forum/newtopic.php?edit='.$id.'" class="buttonPro" data-toggle="tooltip" data-placement="top" title="Edit"><i class="fa fa-pencil-square-o fa-fw"></i></a>'; 

  } 

}

I want the IF statement to do the following:

If $perm_edit_topic is set to TRUE and the $user_id (which is the stored user_id from the topic) is the user id of the viewing user OR the permission id is either 0 or 1 (where 0 is admin and 1 is moderator).

This works okay. Only the owner of the topic and the admin and mods can edit. But if I set the $perm_edit_topic to FALSE for the moderator, they can still edit it.

Did I do something wrong in my IF statement?

Machavity
  • 30,841
  • 27
  • 92
  • 100
Malte Nielson
  • 3
  • 2
  • @DarkBee, read it from left to right. If `$perm_edit_topic == true` is false then nothing else is evaluated because it is followed by `&&` – asimes Jun 14 '15 at 18:07
  • @DarkBee Thanks for your reply. I get this error though: `Parse error: syntax error, unexpected '||' (T_BOOLEAN_OR) in` – Malte Nielson Jun 14 '15 at 18:10
  • @asimes not quite: http://ideone.com/ZRG30z but my comment was not right either :-) – DarkBee Jun 14 '15 at 18:17
  • @DarkBee, I'll be dammed. I guess I always saw `&&` only examples of short circuiting, still trying to make sense of why the last one is `true` – asimes Jun 14 '15 at 18:25
  • @DarkBee, your example had a typo, the one of the `==` is a `=`. Turns out it actually results in `true`, `true`, `false`, `true` – asimes Jun 14 '15 at 18:29
  • @asimes yeah, i edited the example but seems the save did not came through ^^ same outcome though – DarkBee Jun 14 '15 at 18:41

1 Answers1

1

Replace your condition with this:

$perm_edit_topic && ($user_id == $my_id || $permission == 0 || $permission == 1)

  • $perm_edit_topic == true has the exact same meaning as $perm_edit_topic

  • Wrap all of the other conditions inside of parenthesis to control the short circuiting, it is quite unintuitive how it works with this combination of and'ing, or'ing, and xor'ing. If you are not familiar with short circuiting then try running this example: Does PHP have short-circuit evaluation?

  • Inside the parenthesis any of the conditions being true is enough for the entire expression to be true. Both $permission == 0 and $permission == 1 cannot be true, it does not make sense to xor them

Community
  • 1
  • 1
asimes
  • 5,749
  • 5
  • 39
  • 76
  • @MalteNielson, the parenthesis are needed, you can get incorrect results without it. I was wrong earlier about the short circuiting of `$perm_edit_topic`, I have been working in other languages for a while and it seems that their short circuiting differs from PHP **Edit**: You comment is gone, but the parenthesis is important! – asimes Jun 14 '15 at 18:42
  • Thanks, that did the trick just well! I learned something new today :) (I deleted the last comment since it wasn't relevant anymore. I'm new here ;)) – Malte Nielson Jun 14 '15 at 18:43