Retrieve local top level parent item separately to check permissions in Model\Item::getTopLevelParentData

This commit is contained in:
Hypolite Petovan 2020-11-13 23:56:19 -05:00
parent c98da63041
commit cb963a3259

View File

@ -1507,19 +1507,17 @@ class Item
$condition = ['uri' => $parent['parent-uri'], $condition = ['uri' => $parent['parent-uri'],
'parent-uri' => $parent['parent-uri'], 'parent-uri' => $parent['parent-uri'],
'uid' => $parent['uid']]; 'uid' => $parent['uid']];
// We select wall = 1 in priority for top level permission checks $params = ['order' => ['id' => false]];
$params = ['order' => ['wall' => true]];
$toplevel_parent = self::selectFirst($fields, $condition, $params); $toplevel_parent = self::selectFirst($fields, $condition, $params);
if (!DBA::isResult($toplevel_parent)) { if (!DBA::isResult($toplevel_parent)) {
Logger::notice('item top level parent was not found - ignoring item', ['parent-uri' => $parent['parent-uri'], 'uid' => $parent['uid']]); Logger::notice('item top level parent was not found - ignoring item', ['parent-uri' => $parent['parent-uri'], 'uid' => $parent['uid']]);
return []; return [];
} }
if ($toplevel_parent['wall'] // If the thread originated from this node, we check the permission against the thread starter
&& $toplevel_parent['uid'] $condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
&& !self::isAllowedByUser($item, $toplevel_parent['uid']) $localTopLevelParent = self::selectFirst(['uid'], $condition);
) { if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
return []; return [];
} }