Fix conflicts with other extension visibility scoping (#26)

Wrapping all `wheres` in an `orWhere` ensures that there's no conflict. See https://github.com/flarum/core/issues/2798, https://github.com/flarum/docs/pull/200
2025-08-06 08:27:42 +02:00 · 2021-04-20 14:51:01 -04:00
parent dbccc396b0
commit 3b3cbdc82f
2 changed files with 32 additions and 22 deletions
--- a/extensions/approval/src/Access/ScopePrivateDiscussionVisibility.php
+++ b/extensions/approval/src/Access/ScopePrivateDiscussionVisibility.php
@@ -20,18 +20,23 @@ class ScopePrivateDiscussionVisibility
     */
    public function __invoke(User $actor, Builder $query)
    {
-        // Show empty/private discussions if they require approval and they are
-        // authored by the current user, or the current user has permission to
-        // approve posts.
-        $query->where('discussions.is_approved', 0);
+        // All statements need to be wrapped in an orWhere, since we're adding a
+        // subset of private discussions that should be visible, not restricting the visible
+        // set.
+        $query->orWhere(function ($query) use ($actor) {
+            // Show empty/private discussions if they require approval and they are
+            // authored by the current user, or the current user has permission to
+            // approve posts.
+            $query->where('discussions.is_approved', 0);

-        if (! $actor->hasPermission('discussion.approvePosts')) {
-            $query->where(function (Builder $query) use ($actor) {
-                $query->where('discussions.user_id', $actor->id)
-                    ->orWhere(function ($query) use ($actor) {
-                        $query->whereVisibleTo($actor, 'approvePosts');
-                    });
-            });
-        }
+            if (! $actor->hasPermission('discussion.approvePosts')) {
+                $query->where(function (Builder $query) use ($actor) {
+                    $query->where('discussions.user_id', $actor->id)
+                        ->orWhere(function ($query) use ($actor) {
+                            $query->whereVisibleTo($actor, 'approvePosts');
+                        });
+                });
+            }
+        });
    }
 }
--- a/extensions/approval/src/Access/ScopePrivatePostVisibility.php
+++ b/extensions/approval/src/Access/ScopePrivatePostVisibility.php
@@ -21,17 +21,22 @@ class ScopePrivatePostVisibility
     */
    public function __invoke(User $actor, Builder $query)
    {
-        // Show private posts if they require approval and they are
-        // authored by the current user, or the current user has permission to
-        // approve posts.
-        $query->where('posts.is_approved', 0);
+        // All statements need to be wrapped in an orWhere, since we're adding a
+        // subset of private posts that should be visible, not restricting the visible
+        // set.
+        $query->orWhere(function ($query) use ($actor) {
+            // Show private posts if they require approval and they are
+            // authored by the current user, or the current user has permission to
+            // approve posts.
+            $query->where('posts.is_approved', 0);

-        if (! $actor->hasPermission('discussion.approvePosts')) {
-            $query->where(function (Builder $query) use ($actor) {
-                $query->where('posts.user_id', $actor->id)
-                    ->orWhereExists($this->discussionWhereCanApprovePosts($actor));
-            });
-        }
+            if (! $actor->hasPermission('discussion.approvePosts')) {
+                $query->where(function (Builder $query) use ($actor) {
+                    $query->where('posts.user_id', $actor->id)
+                        ->orWhereExists($this->discussionWhereCanApprovePosts($actor));
+                });
+            }
+        });
    }

    private function discussionWhereCanApprovePosts(User $actor)