Increase Tags Visibility Scoping Extendability (#79)

Allow extensions to override tags scoping visibility based on viewDiscussions permission
2025-02-22 04:33:28 +08:00 · 2020-05-19 17:49:39 -04:00 · 2020-05-19 17:49:39 -04:00 · 713efcfa3c
commit 713efcfa3c
parent 74e02b6a3c
1 changed files with 25 additions and 7 deletions
--- a/extensions/tags/src/Access/DiscussionPolicy.php
+++ b/extensions/tags/src/Access/DiscussionPolicy.php
@ -11,10 +11,12 @@ namespace Flarum\Tags\Access;

 use Carbon\Carbon;
 use Flarum\Discussion\Discussion;
+use Flarum\Event\ScopeModelVisibility;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Flarum\Tags\Tag;
 use Flarum\User\AbstractPolicy;
 use Flarum\User\User;
+use Illuminate\Contracts\Events\Dispatcher;
 use Illuminate\Database\Eloquent\Builder;

 class DiscussionPolicy extends AbstractPolicy
@ -24,16 +26,23 @@ class DiscussionPolicy extends AbstractPolicy
     */
    protected $model = Discussion::class;

+    /**
+     * @var Dispatcher
+     */
+    protected $events;
+
    /**
     * @var SettingsRepositoryInterface
     */
    protected $settings;

    /**
+     * @param Dispatcher $events
     * @param SettingsRepositoryInterface $settings
     */
-    public function __construct(SettingsRepositoryInterface $settings)
+    public function __construct(Dispatcher $events, SettingsRepositoryInterface $settings)
    {
+        $this->events = $events;
        $this->settings = $settings;
    }

@ -75,11 +84,19 @@ class DiscussionPolicy extends AbstractPolicy
     */
    public function find(User $actor, Builder $query)
    {
-        // Hide discussions which have tags that the user is not allowed to see.
-        $query->whereNotIn('discussions.id', function ($query) use ($actor) {
-            return $query->select('discussion_id')
-                ->from('discussion_tag')
-                ->whereIn('tag_id', Tag::getIdsWhereCannot($actor, 'viewDiscussions'));
+        // Hide discussions which have tags that the user is not allowed to see, unless an extension overrides this.
+        $query->where(function ($query) use ($actor) {
+            $query
+                ->whereNotIn('discussions.id', function ($query) use ($actor) {
+                    return $query->select('discussion_id')
+                        ->from('discussion_tag')
+                        ->whereIn('tag_id', Tag::getIdsWhereCannot($actor, 'viewDiscussions'));
+                })
+                ->orWhere(function ($query) use ($actor) {
+                    $this->events->dispatch(
+                        new ScopeModelVisibility($query, $actor, 'viewDiscussionsInRestrictedTags')
+                    );
+                });
        });

        // Hide discussions with no tags if the user doesn't have that global
@ -119,7 +136,8 @@ class DiscussionPolicy extends AbstractPolicy
        if ($discussion->user_id == $actor->id && $actor->can('reply', $discussion)) {
            $allowEditTags = $this->settings->get('allow_tag_change');

-            if ($allowEditTags === '-1'
+            if (
+                $allowEditTags === '-1'
                || ($allowEditTags === 'reply' && $discussion->participant_count <= 1)
                || (is_numeric($allowEditTags) && $discussion->created_at->diffInMinutes(new Carbon) < $allowEditTags)
            ) {