From 084276394357b722b430f8f23eb7c00640be3413 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Wed, 15 Feb 2017 23:12:25 +0100
Subject: [PATCH] Corrected fix of auth permission query (#218)

---
 server.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server.py b/server.py
index 19b5f49..d98514e 100644
--- a/server.py
+++ b/server.py
@@ -522,9 +522,9 @@ def auth(): # For use with nginx auth_request
       FROM videos
       JOIN lectures ON (videos.lecture_id = lectures.id)
       JOIN courses ON (lectures.course_id = courses.id)
-			LEFT JOIN perm ON (videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id)
+			LEFT JOIN perm ON ((videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) AND NOT perm.deleted)
       WHERE videos.path = ?
-      AND (courses.visible AND lectures.visible AND videos.visible AND NOT perm.deleted)
+      AND (courses.visible AND lectures.visible AND videos.visible)
 			ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
 			url)
 	if not perms:
-- 
GitLab