Fix permission logic priorities

This helps to fix a bug in flarum-ext-tags where a user could not rename or edit the tags of their own discussion if it was in a restricted tag. This was due to the order of GetPermission event listeners – the logic that determines that a user *can't* perform an action because of a restrictive tag was running before (and thus instead of) the logic that determines that a user *can* edit their own stuff. The solution is to change the "catch-all" methods on Policies to "after" instead of "before" – that is, they will run only if the per-ability methods return null. We also simplify the GetPermission event by passing the model as a sole "argument", as I can't imagine any cases where we'll need more than one argument.
2025-10-18 10:16:09 +02:00 · 2016-05-28 09:35:08 +09:30
parent 7c0a72047a
commit 40a78d302e
7 changed files with 27 additions and 51 deletions
--- a/src/Event/GetPermission.php
+++ b/src/Event/GetPermission.php
@@ -25,19 +25,19 @@ class GetPermission
    public $ability;

    /**
-     * @var array
+     * @var mixed
     */
-    public $arguments;
+    public $model;

    /**
     * @param User $actor
     * @param string $ability
-     * @param array $arguments
+     * @param mixed $model
     */
-    public function __construct(User $actor, $ability, array $arguments)
+    public function __construct(User $actor, $ability, $model)
    {
        $this->actor = $actor;
        $this->ability = $ability;
-        $this->arguments = $arguments;
+        $this->model = $model;
    }
 }