mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-17 09:46:14 +02:00
Code Issues Releases Wiki Activity

Fix permission logic priorities

Browse Source 
This helps to fix a bug in flarum-ext-tags where a user could not rename or edit the tags of their own discussion if it was in a restricted tag. This was due to the order of GetPermission event listeners – the logic that determines that a user *can't* perform an action because of a restrictive tag was running before (and thus instead of) the logic that determines that a user *can* edit their own stuff.

The solution is to change the "catch-all" methods on Policies to "after" instead of "before" – that is, they will run only if the per-ability methods return null.

We also simplify the GetPermission event by passing the model as a sole "argument", as I can't imagine any cases where we'll need more than one argument.
This commit is contained in:
Toby Zerner
2016-05-28 09:35:08 +09:30
parent 7c0a72047a
commit 40a78d302e
7 changed files with 27 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Core/Access/DiscussionPolicy.php
View File

@@ -56,7 +56,7 @@ class DiscussionPolicy extends AbstractPolicy
* @param string $ability
* @return bool|null
*/
public function before(User $actor, $ability)
public function after(User $actor, $ability)
{
if ($actor->hasPermission('discussion.'.$ability)) {
return true;
@@ -107,7 +107,7 @@ class DiscussionPolicy extends AbstractPolicy
* @param Discussion $discussion
* @return bool|null
*/
public function delete(User $actor, Discussion $discussion)
public function hide(User $actor, Discussion $discussion)
{
if ($discussion->start_user_id == $actor->id && $discussion->participants_count <= 1) {
return true;