From 089dafa93d7d9e827de389dbd40cbfdfd5ae3256 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Thu, 21 May 2015 15:53:59 +0930
Subject: [PATCH] Fix bad logic in edit permission that was allowing guests to
 edit posts. Closes #88

---
 framework/core/src/Core/CoreServiceProvider.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/framework/core/src/Core/CoreServiceProvider.php b/framework/core/src/Core/CoreServiceProvider.php
index 80d3beee9..8dac4d129 100644
--- a/framework/core/src/Core/CoreServiceProvider.php
+++ b/framework/core/src/Core/CoreServiceProvider.php
@@ -197,8 +197,10 @@ class CoreServiceProvider extends ServiceProvider
         // someone else.
         Post::grantPermission('edit', function ($grant, $user) {
             $grant->where('user_id', $user->id)
-                  ->whereNull('hide_user_id')
-                  ->orWhere('hide_user_id', $user->id);
+                  ->where(function ($query) use ($user) {
+                    $query->whereNull('hide_user_id')
+                          ->orWhere('hide_user_id', $user->id);
+                  });
             // @todo add limitations to time etc. according to a config setting
         });