From 7d74575eb86d9049cd420af6f0f1218b955dcfd4 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Tue, 24 Jan 2023 13:44:38 +0000
Subject: [PATCH] Found a sql having-style approach to permissions

As a way to check aggregate queries for required changes to need to
analyse across combined permission values.
---
 app/Auth/Permissions/PermissionApplicator.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/Auth/Permissions/PermissionApplicator.php b/app/Auth/Permissions/PermissionApplicator.php
index 5326cc340..e4564ddf5 100644
--- a/app/Auth/Permissions/PermissionApplicator.php
+++ b/app/Auth/Permissions/PermissionApplicator.php
@@ -94,10 +94,14 @@ class PermissionApplicator
     {
         return $query->where(function (Builder $parentQuery) {
             $parentQuery->whereHas('jointPermissions', function (Builder $permissionQuery) {
-                $permissionQuery->whereIn('role_id', $this->getCurrentUserRoleIds())
-                    ->where(function (Builder $query) {
-                        $this->addJointHasPermissionCheck($query, $this->currentUser()->id);
-                    });
+                $permissionQuery->select(['entity_id', 'entity_type'])
+                    ->selectRaw('max(owned_by) as owned_by')
+                    ->selectRaw('max(has_permission) as has_permission')
+                    ->selectRaw('max(has_permission_own) as has_permission_own')
+                    ->whereIn('role_id', $this->getCurrentUserRoleIds())
+                    ->groupBy(['entity_type', 'entity_id'])
+                    ->havingRaw('has_permission > 0')
+                    ->orHavingRaw('(has_permission_own > 0 and owned_by = ?)', [$this->currentUser()->id]);
             });
         });
     }