github-mirror/framework
github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2025-02-22 01:37:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix permission logic regressions

Browse Source 
Make sure permissions that lie "dormant" in the database don't interfere with the global permissions; actually check each tag's permissions rather than using `hasPermissionLike`.

closes flarum/core#1058
closes flarum/core#1062
This commit is contained in:
Toby Zerner 2016-11-07 22:22:19 +10:30
parent eb279b112a
commit 11b380c893
4 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
extensions/tags/src/Access/GlobalPolicy.php
View File

@ -11,6 +11,7 @@
namespace Flarum\Tags\Access;
use Flarum\Event\GetPermission;
use Flarum\Tags\Tag;
use Illuminate\Contracts\Events\Dispatcher;
class GlobalPolicy
@ -29,8 +30,8 @@ class GlobalPolicy
*/
public function grantGlobalDiscussionPermissions(GetPermission $event)
{
if (in_array($event->ability, ['viewDiscussions', 'startDiscussion']) && empty($event->arguments)) {
return $event->actor->hasPermissionLike($event->ability);
if (in_array($event->ability, ['viewDiscussions', 'startDiscussion']) && is_null($event->model)) {
return ! empty(Tag::getIdsWhereCan($event->actor, $event->ability));
}
}
}

2
extensions/tags/src/Access/TagPolicy.php
View File

@ -39,7 +39,7 @@ class TagPolicy extends AbstractPolicy
public function startDiscussion(User $actor, Tag $tag)
{
if ((! $tag->is_restricted && $actor->hasPermission('startDiscussion'))
|| $actor->hasPermission('tag'.$tag->id.'.startDiscussion')) {
|| ($tag->is_restricted && $actor->hasPermission('tag'.$tag->id.'.startDiscussion'))) {
return true;
}
}

7
extensions/tags/src/Listener/SaveTagsToDatabase.php
View File

@ -65,10 +65,11 @@ class SaveTagsToDatabase
*/
public function whenDiscussionWillBeSaved(DiscussionWillBeSaved $event)
{
$discussion = $event->discussion;
$actor = $event->actor;
// TODO: clean up, prevent discussion from being created without tags
if (isset($event->data['relationships']['tags']['data'])) {
$discussion = $event->discussion;
$actor = $event->actor;
$linkage = (array) $event->data['relationships']['tags']['data'];
$newTagIds = [];
@ -117,6 +118,8 @@ class SaveTagsToDatabase
$discussion->afterSave(function ($discussion) use ($newTagIds) {
$discussion->tags()->sync($newTagIds);
});
} elseif (! $discussion->exists && ! $actor->hasPermission('startDiscussion')) {
throw new PermissionDeniedException;
}
}

2
extensions/tags/src/Tag.php
View File

@ -137,7 +137,7 @@ class Tag extends AbstractModel
$hasGlobalPermission = $user->hasPermission($permission);
$canForTag = function (Tag $tag) use ($user, $permission, $hasGlobalPermission) {
return ($hasGlobalPermission && ! $tag->is_restricted) || $user->hasPermission('tag'.$tag->id.'.'.$permission);
return ($hasGlobalPermission && ! $tag->is_restricted) || ($tag->is_restricted && $user->hasPermission('tag'.$tag->id.'.'.$permission));
};
foreach ($tags as $tag) {