mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-01-16 21:58:17 +01:00
Code Issues Projects Releases Wiki Activity

Fix #2849: ActiveQueryContent doesn't find public profile content when guest access is enabled

Browse Source
This commit is contained in:
Lucas Bartholemy 2017-12-14 09:19:27 +01:00
parent c5d022d2aa
commit d57a607d8c
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
protected/humhub/docs/CHANGELOG.md
View File

@ -5,7 +5,7 @@ HumHub Change Log
---------------------
- Enh: Added BaseURL setting protocol scheme validation
- Fix #2849: ActiveQueryContent doesn't find public profile content when guest access is enabled
1.2.4 (December 13, 2017)
--------------------------

18
protected/humhub/modules/content/components/ActiveQueryContent.php
View File

@ -2,7 +2,7 @@
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2015 HumHub GmbH & Co. KG
* @copyright Copyright (c) 2017 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
@ -46,10 +46,13 @@ class ActiveQueryContent extends \yii\db\ActiveQuery
$this->joinWith(['content', 'content.contentContainer', 'content.createdBy']);
$this->leftJoin('space', 'contentcontainer.pk=space.id AND contentcontainer.class=:spaceClass', [':spaceClass' => Space::className()]);
$this->leftJoin('user cuser', 'contentcontainer.pk=cuser.id AND contentcontainer.class=:userClass', [':userClass' => User::className()]);
$conditionSpace = '';
$conditionUser = '';
if ($user !== null) {
$this->leftJoin('space_membership', 'contentcontainer.pk=space_membership.space_id AND contentcontainer.class=:spaceClass AND space_membership.user_id=:userId', [':userId' => $user->id, ':spaceClass' => Space::className()]);
$this->leftJoin('space', 'contentcontainer.pk=space.id AND contentcontainer.class=:spaceClass', [':spaceClass' => Space::className()]);
$this->leftJoin('user cuser', 'contentcontainer.pk=cuser.id AND contentcontainer.class=:userClass', [':userClass' => User::className()]);
// Build Access Check based on Space Content Container
$conditionSpace = 'space.id IS NOT NULL AND ('; // space content
@ -66,15 +69,14 @@ class ActiveQueryContent extends \yii\db\ActiveQuery
$conditionUser .= ' OR (content.visibility = 0 AND cff.id IS NOT NULL)'; // users are friends
}
$conditionUser .= ')';
// Created content of is always visible
$conditionUser .= 'OR content.created_by=' . $user->id;
$this->andWhere("{$conditionSpace} OR {$conditionUser}");
} else {
$this->leftJoin('space', 'contentcontainer.pk=space.id AND contentcontainer.class=:spaceClass', [':spaceClass' => Space::className()]);
$this->andWhere('space.id IS NOT NULL and space.visibility=' . Space::VISIBILITY_ALL . ' AND content.visibility=1');
$conditionSpace = 'space.id IS NOT NULL and space.visibility=' . Space::VISIBILITY_ALL . ' AND content.visibility=1';
$conditionUser = 'cuser.id IS NOT NULL and cuser.visibility=' . User::VISIBILITY_ALL . ' AND content.visibility=1';
}
$this->andWhere("{$conditionSpace} OR {$conditionUser}");