diff --git a/protected/humhub/docs/CHANGELOG_DEV.md b/protected/humhub/docs/CHANGELOG_DEV.md index b3aca48b02..2fe3f7d278 100644 --- a/protected/humhub/docs/CHANGELOG_DEV.md +++ b/protected/humhub/docs/CHANGELOG_DEV.md @@ -8,4 +8,4 @@ HumHub Change Log (DEVELOP) - Enh #3858: Support SameSite cookies - Fix #3861: Improved warning details when auto delete inconsistent notification - Enh: Added gradient to `ui.showMore` feature -- Enh: +- Fix #3873: Invalid visibility handling in `Content::canView()` for private global content diff --git a/protected/humhub/modules/content/models/Content.php b/protected/humhub/modules/content/models/Content.php index 72a7452a22..0d83c4df1e 100644 --- a/protected/humhub/modules/content/models/Content.php +++ b/protected/humhub/modules/content/models/Content.php @@ -749,7 +749,12 @@ class Content extends ActiveRecord implements Movable, ContentOwner $user = User::findOne(['id' => $user]); } - // User cann access own content + // Check global content visibility, private global content is visible for all users + if(empty($this->contentcontainer_id) && !Yii::$app->user->isGuest) { + return true; + } + + // User can access own content if ($user !== null && $this->created_by == $user->id) { return true; }