mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-06-23 11:15:53 +02:00
Code Issues Releases Wiki Activity

Fix bad logic in edit permission that was allowing guests to edit posts. Closes

Browse Source
This commit is contained in:
Toby Zerner
2015-05-21 15:53:59 +09:30
parent d69e481037
commit f54acebaf0
1 changed files with 4 additions and 2 deletions

4
src/Core/CoreServiceProvider.php

@ -197,8 +197,10 @@ class CoreServiceProvider extends ServiceProvider
// someone else. // someone else.
Post::grantPermission('edit', function ($grant, $user) { Post::grantPermission('edit', function ($grant, $user) {
$grant->where('user_id', $user->id) $grant->where('user_id', $user->id)
->whereNull('hide_user_id') ->where(function ($query) use ($user) {
$query->whereNull('hide_user_id')
->orWhere('hide_user_id', $user->id); ->orWhere('hide_user_id', $user->id);
});
// @todo add limitations to time etc. according to a config setting // @todo add limitations to time etc. according to a config setting
}); });