Revert "Simplify discussion/tag permission logic"

This reverts commit 01e776e2be. Turns out that there was a good reason for the original logic... the case of per-tag moderators.
2025-02-01 06:29:45 +08:00 · 2016-05-28 20:48:05 +09:30 · 2016-05-28 20:48:05 +09:30 · 7d5bc472f8
commit 7d5bc472f8
parent 9661e05c83
1 changed files with 22 additions and 5 deletions
--- a/extensions/tags/src/Access/DiscussionPolicy.php
+++ b/extensions/tags/src/Access/DiscussionPolicy.php
@ -57,13 +57,30 @@ class DiscussionPolicy extends AbstractPolicy
     * @param Discussion $discussion
     * @return bool
     */
-    public function after(User $actor, $ability, Discussion $discussion)
+    public function before(User $actor, $ability, Discussion $discussion)
    {
        // Wrap all discussion permission checks with some logic pertaining to
-        // the discussion's tags. If the discussion has any tags that are
-        // restricted, then the user *must* have permission for all of them.
-        foreach ($discussion->tags as $tag) {
-            if ($tag->is_restricted && ! $actor->hasPermission('tag' . $tag->id . '.discussion.' . $ability)) {
+        // the discussion's tags. If the discussion has a tag that has been
+        // restricted, and the user has this permission for that tag, then they
+        // are allowed. If the discussion only has tags that have been
+        // restricted, then the user *must* have permission for at least one of
+        // them.
+        $tags = $discussion->tags;
+
+        if (count($tags)) {
+            $restricted = true;
+
+            foreach ($tags as $tag) {
+                if ($tag->is_restricted) {
+                    if ($actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) {
+                        return true;
+                    }
+                } else {
+                    $restricted = false;
+                }
+            }
+
+            if ($restricted) {
                return false;
            }
        }