[opw-web] Restrict the view of proposed and accepted projects to mentors and admins

[Owen Taylor <otaylor src gnome org>]

commit d366f0f07e8f11e5221231d09fa7d7a5b7e750a2
Author: Owen W. Taylor <otaylor fishsoup net>
Date:   Sun Apr 20 00:07:27 2014 -0400

    Restrict the view of proposed and accepted projects to mentors and admins
    
    We were allowing the proposed and accepted projects lists to be viewed
    by any logged in user (though without a link to them or information about
    who was making the proposal.) Lock them down to mentors and admins.

 modules/mod_view_projects.php |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
---
diff --git a/modules/mod_view_projects.php b/modules/mod_view_projects.php
index 9c45792..87ed6f5 100644
--- a/modules/mod_view_projects.php
+++ b/modules/mod_view_projects.php
@@ -658,6 +658,9 @@ else if ($action == 'user' || $action == 'proposed' || $action == 'accepted' ||
     // Only admins can see rejected projects
     $user->restrict($action != 'rejected' || ($action == 'rejected' && $user->is_admin));
 
+    // Only admins and mentors can see other people's projects
+    $user->restrict($action == 'user' || $role == 'm' || $user->is_admin);;
+
     // Program ID is mandatory here
     $user->restrict($program_id > 0);