github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-12 06:03:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix bad logic in edit permission that was allowing guests to edit posts. Closes #88

Browse Source
This commit is contained in:
Toby Zerner 2015-05-21 15:53:59 +09:30
parent 88fee92cd5
commit 089dafa93d
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
framework/core/src/Core/CoreServiceProvider.php
View File

@ -197,8 +197,10 @@ class CoreServiceProvider extends ServiceProvider
// someone else.
Post::grantPermission('edit', function ($grant, $user) {
$grant->where('user_id', $user->id)
->whereNull('hide_user_id')
->where(function ($query) use ($user) {
$query->whereNull('hide_user_id')
->orWhere('hide_user_id', $user->id);
});
// @todo add limitations to time etc. according to a config setting
});