mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-13 07:54:25 +02:00
Code Issues Releases Wiki Activity

Make "own" permissions depend on the user's ability to reply

Browse Source 
Permission to rename/hide/edit one's own discussion/post is only granted
if the user has permission to reply to the discussion. This makes sense
if you think of these actions as forms of "replying" to a discussion.

Fixes #1419 because suspended users do not have permission to reply to
discussions, therefore they will not be granted these "own" permissions.
This commit is contained in:
Toby Zerner
2018-07-20 10:53:24 +09:30
parent 6c0d73afa0
commit c54f739484
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Discussion/DiscussionPolicy.php
View File

@@ -123,7 +123,7 @@ class DiscussionPolicy extends AbstractPolicy
*/
public function rename(User $actor, Discussion $discussion)
{
if ($discussion->user_id == $actor->id) {
if ($discussion->user_id == $actor->id && $actor->can('reply', $discussion)) {
$allowRenaming = $this->settings->get('allow_renaming');
if ($allowRenaming === '-1'
@@ -141,7 +141,7 @@ class DiscussionPolicy extends AbstractPolicy
*/
public function hide(User $actor, Discussion $discussion)
{
if ($discussion->user_id == $actor->id && $discussion->participant_count <= 1) {
if ($discussion->user_id == $actor->id && $discussion->participant_count <= 1 && $actor->can('reply', $discussion)) {
return true;
}
}