Restricted tag permissions trump global permissions. If any tag is
restricted and the user has permission, then grant the permission,
regardless of global permissions.
* Enable parent to be set during creation via API
Sets the parent ID as long as it exists and is a top-level primary tag.
If it's not, it'll simply be ignored. Position is set automatically to
be one higher than the current highest, or 0 if parent has no children.
Example data (in addition to the usual attributes):
```
"relationships": {
"parent": {
"data": {
"id": 1
}
}
}
```
* Add support for creating top-level tags
To set a top-level primary tag, pass parent id of 0
For a secondary tag, pass null or remove it from the request
To set as a child, pass the parent tag's id
Attempting to send an empty body to the create and update endpoints will
result in Flarum outputting "Internal Server Error" as plain text,
instead of failing gracefully with a json-ised validation exception.
This commit adds an empty array as the third parameter to array_get,
which sets the default value and thus allows Flarum to do its thing.
Make sure permissions that lie "dormant" in the database don't interfere with the global permissions; actually check each tag's permissions rather than using `hasPermissionLike`.
closesflarum/core#1058closesflarum/core#1062
By default this is just the same as the "startDiscussion" permission, but flarum-ext-approval comes in and denies "addToDiscussion" specifically for tags where the user can't start discussions without approval.
ref flarum/core#904
A user now must have a permission to act for *all* tags assigned to a discussion, rather than just one of them. This is consistent with the way the permissions are worked out for visibility.
