From 01e776e2bec2a0d9b112ca7979a1945ec553a346 Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Sat, 28 May 2016 10:00:41 +0930 Subject: [PATCH] Simplify discussion/tag permission logic A user now must have a permission to act for *all* tags assigned to a discussion, rather than just one of them. This is consistent with the way the permissions are worked out for visibility. --- .../tags/src/Access/DiscussionPolicy.php | 27 ++++--------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 199cf77a6..423286f1a 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -57,30 +57,13 @@ class DiscussionPolicy extends AbstractPolicy * @param Discussion $discussion * @return bool */ - public function before(User $actor, $ability, Discussion $discussion) + public function after(User $actor, $ability, Discussion $discussion) { // Wrap all discussion permission checks with some logic pertaining to - // the discussion's tags. If the discussion has a tag that has been - // restricted, and the user has this permission for that tag, then they - // are allowed. If the discussion only has tags that have been - // restricted, then the user *must* have permission for at least one of - // them. - $tags = $discussion->tags; - - if (count($tags)) { - $restricted = true; - - foreach ($tags as $tag) { - if ($tag->is_restricted) { - if ($actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { - return true; - } - } else { - $restricted = false; - } - } - - if ($restricted) { + // the discussion's tags. If the discussion has any tags that are + // restricted, then the user *must* have permission for all of them. + foreach ($discussion->tags as $tag) { + if ($tag->is_restricted && ! $actor->hasPermission('tag' . $tag->id . '.discussion.' . $ability)) { return false; } }