From cb963a3259f6cbe20af3eed06223cb4f85169f0d Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Fri, 13 Nov 2020 23:56:19 -0500
Subject: [PATCH] Retrieve local top level parent item separately to check
 permissions in Model\Item::getTopLevelParentData

---
 src/Model/Item.php | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/Model/Item.php b/src/Model/Item.php
index 4645f553ad..508cb691c8 100644
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1507,19 +1507,17 @@ class Item
 		$condition = ['uri' => $parent['parent-uri'],
 			'parent-uri' => $parent['parent-uri'],
 			'uid' => $parent['uid']];
-		// We select wall = 1 in priority for top level permission checks
-		$params = ['order' => ['wall' => true]];
+		$params = ['order' => ['id' => false]];
 		$toplevel_parent = self::selectFirst($fields, $condition, $params);
-
 		if (!DBA::isResult($toplevel_parent)) {
 			Logger::notice('item top level parent was not found - ignoring item', ['parent-uri' => $parent['parent-uri'], 'uid' => $parent['uid']]);
 			return [];
 		}
 
-		if ($toplevel_parent['wall']
-			&& $toplevel_parent['uid']
-			&& !self::isAllowedByUser($item, $toplevel_parent['uid'])
-		) {
+		// If the thread originated from this node, we check the permission against the thread starter
+		$condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
+		$localTopLevelParent = self::selectFirst(['uid'], $condition);
+		if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
 			return [];
 		}