mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-06-12 09:32:11 +02:00
Code Issues Releases Wiki Activity

Fix bad logic in edit permission that was allowing guests to edit posts. Closes #88

Browse Source
This commit is contained in:
Toby Zerner
2015-05-21 15:53:59 +09:30
parent d69e481037
commit f54acebaf0
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Core/CoreServiceProvider.php
View File

@ -197,8 +197,10 @@ class CoreServiceProvider extends ServiceProvider
// someone else. // someone else.
Post::grantPermission('edit', function ($grant, $user) { Post::grantPermission('edit', function ($grant, $user) {
$grant->where('user_id', $user->id) $grant->where('user_id', $user->id)
->whereNull('hide_user_id') ->where(function ($query) use ($user) {
$query->whereNull('hide_user_id')
->orWhere('hide_user_id', $user->id); ->orWhere('hide_user_id', $user->id);
});
// @todo add limitations to time etc. according to a config setting // @todo add limitations to time etc. according to a config setting
}); });