mirror of
https://github.com/flarum/core.git
synced 2025-08-17 22:01:44 +02:00
Only grant a permission for a sub-tag if that permission is granted for its parent too
Previously if a parent tag was restricted but none of its sub-tags were, the sub-tags would be visible and the parent tag would be loaded in the tag list as a result. This adds permission logic so that sub-tags automatically assume the permissions of their parent as a minimum. Fixes flarum/core#833
This commit is contained in:
Toby Zerner
@@ -13,6 +13,7 @@ namespace Flarum\Tags;
|
|||||||
use Flarum\Core\Discussion;
|
use Flarum\Core\Discussion;
|
||||||
use Flarum\Core\Permission;
|
use Flarum\Core\Permission;
|
||||||
use Flarum\Core\Support\ScopeVisibilityTrait;
|
use Flarum\Core\Support\ScopeVisibilityTrait;
|
||||||
|
use Flarum\Core\User;
|
||||||
use Flarum\Database\AbstractModel;
|
use Flarum\Database\AbstractModel;
|
||||||
|
|
||||||
class Tag extends AbstractModel
|
class Tag extends AbstractModel
|
||||||
@@ -119,23 +120,34 @@ class Tag extends AbstractModel
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $user
|
* @param User $user
|
||||||
* @param $permission
|
* @param string $permission
|
||||||
|
* @param bool $condition
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public static function getIdsWhereCan($user, $permission)
|
protected static function getIdsWherePermission(User $user, $permission, $condition = true)
|
||||||
{
|
{
|
||||||
static $tags;
|
static $tags;
|
||||||
|
|
||||||
if (! $tags) {
|
if (! $tags) {
|
||||||
$tags = static::all();
|
$tags = static::with('parent')->get();
|
||||||
}
|
}
|
||||||
|
|
||||||
$ids = [];
|
$ids = [];
|
||||||
$hasGlobalPermission = $user->hasPermission($permission);
|
$hasGlobalPermission = $user->hasPermission($permission);
|
||||||
|
|
||||||
|
$canForTag = function (Tag $tag) use ($user, $permission, $hasGlobalPermission) {
|
||||||
|
return ($hasGlobalPermission && ! $tag->is_restricted) || $user->hasPermission('tag'.$tag->id.'.'.$permission);
|
||||||
|
};
|
||||||
|
|
||||||
foreach ($tags as $tag) {
|
foreach ($tags as $tag) {
|
||||||
if (($hasGlobalPermission && ! $tag->is_restricted) || $user->hasPermission('tag'.$tag->id.'.'.$permission)) {
|
$can = $canForTag($tag);
|
||||||
|
|
||||||
|
if ($can && $tag->parent_id) {
|
||||||
|
$can = $canForTag($tag->parent);
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($can === $condition) {
|
||||||
$ids[] = $tag->id;
|
$ids[] = $tag->id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -144,27 +156,22 @@ class Tag extends AbstractModel
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param $user
|
* @param User $user
|
||||||
* @param $permission
|
* @param string $permission
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public static function getIdsWhereCannot($user, $permission)
|
public static function getIdsWhereCan(User $user, $permission)
|
||||||
{
|
{
|
||||||
static $tags;
|
return static::getIdsWherePermission($user, $permission, true);
|
||||||
|
}
|
||||||
|
|
||||||
if (! $tags) {
|
/**
|
||||||
$tags = static::all();
|
* @param User $user
|
||||||
}
|
* @param string $permission
|
||||||
|
* @return array
|
||||||
$ids = [];
|
*/
|
||||||
$hasGlobalPermission = $user->hasPermission($permission);
|
public static function getIdsWhereCannot(User $user, $permission)
|
||||||
|
{
|
||||||
foreach ($tags as $tag) {
|
return static::getIdsWherePermission($user, $permission, false);
|
||||||
if (($tag->is_restricted || ! $hasGlobalPermission) && ! $user->hasPermission('tag'.$tag->id.'.'.$permission)) {
|
|
||||||
$ids[] = $tag->id;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $ids;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user