Move top-level permission check outside of Model\Item::getTopLevelParentData
- It wasn't checked when the direct parent was also the top-level parent
This commit is contained in:
parent
cb963a3259
commit
b5d3fcb8d4
1 changed files with 7 additions and 7 deletions
|
@ -1514,13 +1514,6 @@ class Item
|
|||
return [];
|
||||
}
|
||||
|
||||
// If the thread originated from this node, we check the permission against the thread starter
|
||||
$condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
|
||||
$localTopLevelParent = self::selectFirst(['uid'], $condition);
|
||||
if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
|
||||
return [];
|
||||
}
|
||||
|
||||
return $toplevel_parent;
|
||||
}
|
||||
|
||||
|
@ -1689,6 +1682,13 @@ class Item
|
|||
return 0;
|
||||
}
|
||||
|
||||
// If the thread originated from this node, we check the permission against the thread starter
|
||||
$condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
|
||||
$localTopLevelParent = self::selectFirst(['uid'], $condition);
|
||||
if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
$parent_id = $toplevel_parent['id'];
|
||||
$item['parent-uri'] = $toplevel_parent['uri'];
|
||||
$item['deleted'] = $toplevel_parent['deleted'];
|
||||
|
|
Loading…
Reference in a new issue