Change tag permission logic

Require a user to have permission for *all* of the restricted tags a discussion has, rather than just one. See https://github.com/flarum/flarum-ext-approval/pull/7#issuecomment-316561532
2025-08-18 22:31:32 +02:00 · 2017-07-20 11:21:19 +09:30
parent 05fab134e9
commit aa62a88718
1 changed files with 5 additions and 7 deletions
--- a/extensions/tags/src/Access/DiscussionPolicy.php
+++ b/extensions/tags/src/Access/DiscussionPolicy.php
@@ -62,10 +62,8 @@ class DiscussionPolicy extends AbstractPolicy
    {
        // Wrap all discussion permission checks with some logic pertaining to
        // the discussion's tags. If the discussion has a tag that has been
-        // restricted, and the user has this permission for that tag, then they
-        // are allowed. If the discussion only has tags that have been
-        // restricted, then the user *must* have permission for at least one of
-        // them.
+        // restricted, the user must have the permission for that tag. If all of
+        // the discussion's tags are restricted, then ignore global permissions.
        $tags = $discussion->tags;

        if (count($tags)) {
@@ -73,8 +71,8 @@ class DiscussionPolicy extends AbstractPolicy

            foreach ($tags as $tag) {
                if ($tag->is_restricted) {
-                    if ($actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) {
-                        return true;
+                    if (! $actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) {
+                        return false;
                    }
                } else {
                    $restricted = false;
@@ -82,7 +80,7 @@ class DiscussionPolicy extends AbstractPolicy
            }

            if ($restricted) {
-                return false;
+                return true;
            }
        }
    }