mirror of
				https://github.com/flarum/core.git
				synced 2025-10-26 05:06:06 +01:00 
			
		
		
		
	Merge pull request #1513 from flarum/tz/1419-restrict-own-permissions
Make "own" permissions depend on the user's ability to reply
This commit is contained in:
		| @@ -123,7 +123,7 @@ class DiscussionPolicy extends AbstractPolicy | ||||
|      */ | ||||
|     public function rename(User $actor, Discussion $discussion) | ||||
|     { | ||||
|         if ($discussion->user_id == $actor->id) { | ||||
|         if ($discussion->user_id == $actor->id && $actor->can('reply', $discussion)) { | ||||
|             $allowRenaming = $this->settings->get('allow_renaming'); | ||||
|  | ||||
|             if ($allowRenaming === '-1' | ||||
| @@ -141,7 +141,7 @@ class DiscussionPolicy extends AbstractPolicy | ||||
|      */ | ||||
|     public function hide(User $actor, Discussion $discussion) | ||||
|     { | ||||
|         if ($discussion->user_id == $actor->id && $discussion->participant_count <= 1) { | ||||
|         if ($discussion->user_id == $actor->id && $discussion->participant_count <= 1 && $actor->can('reply', $discussion)) { | ||||
|             return true; | ||||
|         } | ||||
|     } | ||||
|   | ||||
| @@ -107,7 +107,7 @@ class PostPolicy extends AbstractPolicy | ||||
|         // A post is allowed to be edited if the user has permission to moderate | ||||
|         // the discussion which it's in, or if they are the author and the post | ||||
|         // hasn't been deleted by someone else. | ||||
|         if ($post->user_id == $actor->id && (! $post->hidden_at || $post->hidden_user_id == $actor->id)) { | ||||
|         if ($post->user_id == $actor->id && (! $post->hidden_at || $post->hidden_user_id == $actor->id) && $actor->can('reply', $post->discussion)) { | ||||
|             $allowEditing = $this->settings->get('allow_post_editing'); | ||||
|  | ||||
|             if ($allowEditing === '-1' | ||||
|   | ||||
		Reference in New Issue
	
	Block a user