Retrieve local top level parent item separately to check permissions in Model\Item::getTopLevelParentData
This commit is contained in:
parent
c98da63041
commit
cb963a3259
|
@ -1507,19 +1507,17 @@ class Item
|
||||||
$condition = ['uri' => $parent['parent-uri'],
|
$condition = ['uri' => $parent['parent-uri'],
|
||||||
'parent-uri' => $parent['parent-uri'],
|
'parent-uri' => $parent['parent-uri'],
|
||||||
'uid' => $parent['uid']];
|
'uid' => $parent['uid']];
|
||||||
// We select wall = 1 in priority for top level permission checks
|
$params = ['order' => ['id' => false]];
|
||||||
$params = ['order' => ['wall' => true]];
|
|
||||||
$toplevel_parent = self::selectFirst($fields, $condition, $params);
|
$toplevel_parent = self::selectFirst($fields, $condition, $params);
|
||||||
|
|
||||||
if (!DBA::isResult($toplevel_parent)) {
|
if (!DBA::isResult($toplevel_parent)) {
|
||||||
Logger::notice('item top level parent was not found - ignoring item', ['parent-uri' => $parent['parent-uri'], 'uid' => $parent['uid']]);
|
Logger::notice('item top level parent was not found - ignoring item', ['parent-uri' => $parent['parent-uri'], 'uid' => $parent['uid']]);
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($toplevel_parent['wall']
|
// If the thread originated from this node, we check the permission against the thread starter
|
||||||
&& $toplevel_parent['uid']
|
$condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
|
||||||
&& !self::isAllowedByUser($item, $toplevel_parent['uid'])
|
$localTopLevelParent = self::selectFirst(['uid'], $condition);
|
||||||
) {
|
if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user