From 367423d0afd39b6356ee4136ef44ad05a826a237 Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Thu, 20 Jul 2017 11:51:22 +0930 Subject: [PATCH] Tweak permission logic Restricted tag permissions trump global permissions. If any tag is restricted and the user has permission, then grant the permission, regardless of global permissions. --- extensions/tags/src/Access/DiscussionPolicy.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 4ec17d204..08be548a1 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -62,20 +62,19 @@ class DiscussionPolicy extends AbstractPolicy { // Wrap all discussion permission checks with some logic pertaining to // the discussion's tags. If the discussion has a tag that has been - // restricted, the user must have the permission for that tag. If all of - // the discussion's tags are restricted, then ignore global permissions. + // restricted, the user must have the permission for that tag. $tags = $discussion->tags; if (count($tags)) { - $restricted = true; + $restricted = false; foreach ($tags as $tag) { if ($tag->is_restricted) { if (! $actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { return false; } - } else { - $restricted = false; + + $restricted = true; } }