Add explicit check for PermissionSet and ProfileField
This commit is contained in:
parent
03164d00e8
commit
f73e4adc44
3 changed files with 15 additions and 24 deletions
|
@ -23,6 +23,7 @@ namespace Friendica\Model;
|
|||
|
||||
use Friendica\BaseModel;
|
||||
use Friendica\Database\Database;
|
||||
use Friendica\Network\HTTPException\NotFoundException;
|
||||
use Friendica\Security\PermissionSet\Depository\PermissionSet as PermissionSetDepository;
|
||||
use Friendica\Security\PermissionSet\Entity\PermissionSet;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
@ -40,12 +41,12 @@ use Psr\Log\LoggerInterface;
|
|||
* @property string value
|
||||
* @property string created
|
||||
* @property string edited
|
||||
* @property PermissionSet permissionset
|
||||
* @property PermissionSet permissionSet
|
||||
*/
|
||||
class ProfileField extends BaseModel
|
||||
{
|
||||
/** @var PermissionSet */
|
||||
private $permissionset;
|
||||
private $permissionSet;
|
||||
|
||||
/** @var PermissionSetDepository */
|
||||
private $permissionSetDepository;
|
||||
|
@ -62,10 +63,17 @@ class ProfileField extends BaseModel
|
|||
$this->checkValid();
|
||||
|
||||
switch ($name) {
|
||||
case 'permissionset':
|
||||
$this->permissionset = $this->permissionset ?? $this->permissionSetDepository->selectOneForUser($this->uid, $this->psid);
|
||||
case 'permissionSet':
|
||||
if (empty($this->permissionSet)) {
|
||||
$permissionSet = $this->permissionSetDepository->selectOneById($this->psid);
|
||||
if ($permissionSet->uid !== $this->uid) {
|
||||
throw new NotFoundException(sprintf('PermissionSet %d for ProfileSet %d is invalid.', $permissionSet->uid, $this->uid));
|
||||
}
|
||||
|
||||
$return = $this->permissionset;
|
||||
$this->permissionSet = $permissionSet;
|
||||
}
|
||||
|
||||
$return = $this->permissionSet;
|
||||
break;
|
||||
default:
|
||||
$return = parent::__get($name);
|
||||
|
|
|
@ -162,8 +162,8 @@ class Index extends BaseSettings
|
|||
$profileFields = DI::profileField()->selectByUserId(local_user());
|
||||
foreach ($profileFields as $profileField) {
|
||||
/** @var ProfileField $profileField */
|
||||
$defaultPermissions = $profileField->permissionset->withAllowedContacts(
|
||||
Contact::pruneUnavailable($profileField->permissionset->allow_cid)
|
||||
$defaultPermissions = $profileField->permissionSet->withAllowedContacts(
|
||||
Contact::pruneUnavailable($profileField->permissionSet->allow_cid)
|
||||
);
|
||||
|
||||
$custom_fields[] = [
|
||||
|
|
|
@ -177,23 +177,6 @@ class PermissionSet extends BaseDepository
|
|||
return $this->selectOrCreate($this->factory->createFromString($uid));
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch one PermissionSet with check for ownership
|
||||
*
|
||||
* @param int $uid The user id
|
||||
* @param int $id The unique id of the PermissionSet
|
||||
*
|
||||
* @return Entity\PermissionSet
|
||||
* @throws NotFoundException in case either the id is invalid or the PermissionSet does not relay to the given user
|
||||
*/
|
||||
public function selectOneForUser(int $uid, int $id): Entity\PermissionSet
|
||||
{
|
||||
return $this->selectOne([
|
||||
'id' => $id,
|
||||
'uid' => $uid,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Selects or creates a PermissionSet based on it's fields
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue