mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-01-17 06:08:21 +01:00
Code Issues Projects Releases Wiki Activity

Fix user visibility filter for guest (#6036)

Browse Source
This commit is contained in:
Yuriy Bakhtin 2023-01-11 13:13:30 +04:00 committed by GitHub
parent 85767eb055
commit a37e6f78ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
protected/humhub/modules/user/components/ActiveQueryUser.php
View File

@ -74,6 +74,8 @@ class ActiveQueryUser extends AbstractActiveQueryContentContainer
{
$this->trigger(self::EVENT_CHECK_VISIBILITY, new ActiveQueryEvent(['query' => $this]));
$this->active();
if ($user === null && !Yii::$app->user->isGuest) {
try {
$user = Yii::$app->user->getIdentity();
@ -83,19 +85,22 @@ class ActiveQueryUser extends AbstractActiveQueryContentContainer
}
$allowedVisibilities = [UserModel::VISIBILITY_ALL];
if ($user !== null) {
if ((new PermissionManager(['subject' => $user]))->can(ManageUsers::class)) {
return $this;
}
$allowedVisibilities[] = UserModel::VISIBILITY_REGISTERED_ONLY;
if ($user === null) {
// Guest can view only public users
return $this->andWhere(['IN', 'user.visibility', $allowedVisibilities]);
}
return $this->active()
->andWhere(['OR',
['user.id' => $user->id], // User can view own profile
['IN', 'user.visibility', $allowedVisibilities]
]);
if ((new PermissionManager(['subject' => $user]))->can(ManageUsers::class)) {
// Admin/manager can view users with any visibility status
return $this;
}
$allowedVisibilities[] = UserModel::VISIBILITY_REGISTERED_ONLY;
return $this->andWhere(['OR',
['user.id' => $user->id], // User also can view own profile
['IN', 'user.visibility', $allowedVisibilities]
]);
}