my $sth = $dbh->prepare($query);
$sth->execute($shelfnumber);
my ( $owner, $category ) = $sth->fetchrow;
- return 1 if ($owner eq $user);
- return 1 if ( $category >= 3);
- return 1 if (($category >= 2) && $action eq 'view' );
+ return 1 if ( $category >= 3); # open list
+ return 1 if (($category >= 2) and
+ defined($action) and $action eq 'view'); # public list, anybody can view
+ return 1 if (defined($user) and $owner eq $user ); # user owns this list. Check last.
return 0;
}