Tweak permission logic

Restricted tag permissions trump global permissions. If any tag is
restricted and the user has permission, then grant the permission,
regardless of global permissions.
This commit is contained in:
Toby Zerner 2017-07-20 11:51:22 +09:30
parent aa62a88718
commit 367423d0af

View File

@ -62,20 +62,19 @@ class DiscussionPolicy extends AbstractPolicy
{
// Wrap all discussion permission checks with some logic pertaining to
// the discussion's tags. If the discussion has a tag that has been
// restricted, the user must have the permission for that tag. If all of
// the discussion's tags are restricted, then ignore global permissions.
// restricted, the user must have the permission for that tag.
$tags = $discussion->tags;
if (count($tags)) {
$restricted = true;
$restricted = false;
foreach ($tags as $tag) {
if ($tag->is_restricted) {
if (! $actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) {
return false;
}
} else {
$restricted = false;
$restricted = true;
}
}