Fix permission logic priorities

This helps to fix a bug in flarum-ext-tags where a user could not rename or edit the tags of their own discussion if it was in a restricted tag. This was due to the order of GetPermission event listeners – the logic that determines that a user *can't* perform an action because of a restrictive tag was running before (and thus instead of) the logic that determines that a user *can* edit their own stuff. The solution is to change the "catch-all" methods on Policies to "after" instead of "before" – that is, they will run only if the per-ability methods return null. We also simplify the GetPermission event by passing the model as a sole "argument", as I can't imagine any cases where we'll need more than one argument.
2025-07-19 07:41:22 +02:00 · 2016-05-28 09:35:08 +09:30
parent 7c0a72047a
commit 40a78d302e
7 changed files with 27 additions and 51 deletions
--- a/src/Core/CoreServiceProvider.php
+++ b/src/Core/CoreServiceProvider.php
@@ -77,7 +77,7 @@ class CoreServiceProvider extends AbstractServiceProvider
            // this permission query and explicitly grant or deny the
            // permission.
            $allowed = $this->app->make('events')->until(
-                new GetPermission($actor, $ability, $model ? [$model] : [])
+                new GetPermission($actor, $ability, $model)
            );

            if (! is_null($allowed)) {