mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-03 15:07:53 +02:00
Code Issues Releases Wiki Activity

fix(approval): unapproved posts visible to all when no visibility scopers are added

Browse Source 
Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
This commit is contained in:
Sami Mazouz
2022-07-07 23:02:40 +01:00
committed by Sami Mazouz
parent ab6cee1a25
commit d82a73feed
1 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
extensions/approval/src/Access/ScopePrivatePostVisibility.php
View File

@@ -9,6 +9,7 @@
namespace Flarum\Approval\Access; namespace Flarum\Approval\Access;
use Closure;
use Flarum\Discussion\Discussion; use Flarum\Discussion\Discussion;
use Flarum\User\User; use Flarum\User\User;
use Illuminate\Database\Eloquent\Builder; use Illuminate\Database\Eloquent\Builder;
@@ -39,15 +40,24 @@ class ScopePrivatePostVisibility
}); });
} }
private function discussionWhereCanApprovePosts(User $actor) /**
* Looks if the actor has permission to approve posts,
* within the discussion which the post is a part of.
*
* For example, the tags extension,
* turns the `approvePosts` ability into per tag basis.
*/
private function discussionWhereCanApprovePosts(User $actor): Closure
{ {
return function ($query) use ($actor) { return function ($query) use ($actor) {
$query->selectRaw('1') $query->selectRaw('1')
->from('discussions') ->from('discussions')
->whereColumn('discussions.id', 'posts.discussion_id') ->whereColumn('discussions.id', 'posts.discussion_id')
->where(function ($query) use ($actor) { ->where(function ($query) use ($actor) {
$query->whereRaw('1 != 1')->orWhere(function ($query) use ($actor) {
Discussion::query()->setQuery($query)->whereVisibleTo($actor, 'approvePosts'); Discussion::query()->setQuery($query)->whereVisibleTo($actor, 'approvePosts');
}); });
});
}; };
} }
} }