Issue 8882: Fixes permissions of pinned posts

This commit is contained in:
Michael 2020-09-06 15:05:42 +00:00
parent f3934eb0c2
commit 8d0d6bcd0c
2 changed files with 15 additions and 12 deletions

View file

@ -201,18 +201,10 @@ class Item
return []; return [];
} }
if (empty($condition) || !is_array($condition)) { if (!empty($condition)) {
$condition = DBA::mergeConditions(['iid' => $pinned], $condition);
} else {
$condition = ['iid' => $pinned]; $condition = ['iid' => $pinned];
} else {
reset($condition);
$first_key = key($condition);
if (!is_int($first_key)) {
$condition['iid'] = $pinned;
} else {
$values_string = substr(str_repeat("?, ", count($pinned)), 0, -2);
$condition[0] = '(' . $condition[0] . ") AND `iid` IN (" . $values_string . ")";
$condition = array_merge($condition, $pinned);
}
} }
return self::selectThreadForUser($uid, $selected, $condition, $params); return self::selectThreadForUser($uid, $selected, $condition, $params);

View file

@ -232,7 +232,18 @@ class Status extends BaseProfile
$items = DBA::toArray($items_stmt); $items = DBA::toArray($items_stmt);
if ($pager->getStart() == 0 && !empty($a->profile['uid'])) { if ($pager->getStart() == 0 && !empty($a->profile['uid'])) {
$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned']); $condition = ['private' => [Item::PUBLIC, Item::UNLISTED]];
if (remote_user()) {
$permissionSets = DI::permissionSet()->selectByContactId(remote_user(), $a->profile['uid']);
if (!empty($permissionSets)) {
$condition = ['psid' => array_merge($permissionSets->column('id'),
[DI::permissionSet()->getIdFromACL($a->profile['uid'], '', '', '', '')])];
}
} elseif ($a->profile['uid'] == local_user()) {
$condition = [];
}
$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned'], $condition);
$pinned = Item::inArray($pinned_items); $pinned = Item::inArray($pinned_items);
$items = array_merge($items, $pinned); $items = array_merge($items, $pinned);
} }