mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-19 10:46:06 +02:00
Code Issues Releases Wiki Activity

Make "own" permissions depend on the user's ability to reply

Browse Source 
Permission to rename/hide/edit one's own discussion/post is only granted
if the user has permission to reply to the discussion. This makes sense
if you think of these actions as forms of "replying" to a discussion.

Fixes #1419 because suspended users do not have permission to reply to
discussions, therefore they will not be granted these "own" permissions.
This commit is contained in:
Toby Zerner
2018-07-20 10:53:24 +09:30
parent 6c0d73afa0
commit c54f739484
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Post/PostPolicy.php
View File

@@ -107,7 +107,7 @@ class PostPolicy extends AbstractPolicy
// A post is allowed to be edited if the user has permission to moderate
// the discussion which it's in, or if they are the author and the post
// hasn't been deleted by someone else.
if ($post->user_id == $actor->id && (! $post->hidden_at || $post->hidden_user_id == $actor->id)) {
if ($post->user_id == $actor->id && (! $post->hidden_at || $post->hidden_user_id == $actor->id) && $actor->can('reply', $post->discussion)) {
$allowEditing = $this->settings->get('allow_post_editing');
if ($allowEditing === '-1'