From 7d5bc472f89e663841c1cdad74ddf007bf464dd6 Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Sat, 28 May 2016 20:48:05 +0930 Subject: [PATCH] Revert "Simplify discussion/tag permission logic" This reverts commit 01e776e2bec2a0d9b112ca7979a1945ec553a346. Turns out that there was a good reason for the original logic... the case of per-tag moderators. --- .../tags/src/Access/DiscussionPolicy.php | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 423286f1a..199cf77a6 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -57,13 +57,30 @@ class DiscussionPolicy extends AbstractPolicy * @param Discussion $discussion * @return bool */ - public function after(User $actor, $ability, Discussion $discussion) + public function before(User $actor, $ability, Discussion $discussion) { // Wrap all discussion permission checks with some logic pertaining to - // the discussion's tags. If the discussion has any tags that are - // restricted, then the user *must* have permission for all of them. - foreach ($discussion->tags as $tag) { - if ($tag->is_restricted && ! $actor->hasPermission('tag' . $tag->id . '.discussion.' . $ability)) { + // the discussion's tags. If the discussion has a tag that has been + // restricted, and the user has this permission for that tag, then they + // are allowed. If the discussion only has tags that have been + // restricted, then the user *must* have permission for at least one of + // them. + $tags = $discussion->tags; + + if (count($tags)) { + $restricted = true; + + foreach ($tags as $tag) { + if ($tag->is_restricted) { + if ($actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { + return true; + } + } else { + $restricted = false; + } + } + + if ($restricted) { return false; } }