From aa62a88718acc6388d718ff3395c792215aeefdf Mon Sep 17 00:00:00 2001 From: Toby Zerner Date: Thu, 20 Jul 2017 11:21:19 +0930 Subject: [PATCH] Change tag permission logic Require a user to have permission for *all* of the restricted tags a discussion has, rather than just one. See https://github.com/flarum/flarum-ext-approval/pull/7#issuecomment-316561532 --- extensions/tags/src/Access/DiscussionPolicy.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 7b0d79901..4ec17d204 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -62,10 +62,8 @@ class DiscussionPolicy extends AbstractPolicy { // Wrap all discussion permission checks with some logic pertaining to // the discussion's tags. If the discussion has a tag that has been - // restricted, and the user has this permission for that tag, then they - // are allowed. If the discussion only has tags that have been - // restricted, then the user *must* have permission for at least one of - // them. + // restricted, the user must have the permission for that tag. If all of + // the discussion's tags are restricted, then ignore global permissions. $tags = $discussion->tags; if (count($tags)) { @@ -73,8 +71,8 @@ class DiscussionPolicy extends AbstractPolicy foreach ($tags as $tag) { if ($tag->is_restricted) { - if ($actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { - return true; + if (! $actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { + return false; } } else { $restricted = false; @@ -82,7 +80,7 @@ class DiscussionPolicy extends AbstractPolicy } if ($restricted) { - return false; + return true; } } }