Merge pull request #9147 from annando/Issue-8882

Issue 8882: Fixes permissions of pinned posts
This commit is contained in:
Hypolite Petovan 2020-09-07 03:14:25 -04:00 committed by GitHub
commit b530ef709d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 14 deletions

View file

@ -669,10 +669,18 @@ class DBA
*/ */
public static function mergeConditions(array ...$conditions) public static function mergeConditions(array ...$conditions)
{ {
if (count($conditions) == 1) {
return current($conditions);
}
$conditionStrings = []; $conditionStrings = [];
$result = []; $result = [];
foreach ($conditions as $key => $condition) { foreach ($conditions as $key => $condition) {
if (!$condition) {
continue;
}
$condition = self::collapseCondition($condition); $condition = self::collapseCondition($condition);
$conditionStrings[] = array_shift($condition); $conditionStrings[] = array_shift($condition);

View file

@ -201,19 +201,7 @@ class Item
return []; return [];
} }
if (empty($condition) || !is_array($condition)) { $condition = DBA::mergeConditions(['iid' => $pinned], $condition);
$condition = ['iid' => $pinned];
} else {
reset($condition);
$first_key = key($condition);
if (!is_int($first_key)) {
$condition['iid'] = $pinned;
} else {
$values_string = substr(str_repeat("?, ", count($pinned)), 0, -2);
$condition[0] = '(' . $condition[0] . ") AND `iid` IN (" . $values_string . ")";
$condition = array_merge($condition, $pinned);
}
}
return self::selectThreadForUser($uid, $selected, $condition, $params); return self::selectThreadForUser($uid, $selected, $condition, $params);
} }

View file

@ -232,7 +232,18 @@ class Status extends BaseProfile
$items = DBA::toArray($items_stmt); $items = DBA::toArray($items_stmt);
if ($pager->getStart() == 0 && !empty($a->profile['uid'])) { if ($pager->getStart() == 0 && !empty($a->profile['uid'])) {
$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned']); $condition = ['private' => [Item::PUBLIC, Item::UNLISTED]];
if (remote_user()) {
$permissionSets = DI::permissionSet()->selectByContactId(remote_user(), $a->profile['uid']);
if (!empty($permissionSets)) {
$condition = ['psid' => array_merge($permissionSets->column('id'),
[DI::permissionSet()->getIdFromACL($a->profile['uid'], '', '', '', '')])];
}
} elseif ($a->profile['uid'] == local_user()) {
$condition = [];
}
$pinned_items = Item::selectPinned($a->profile['uid'], ['uri', 'pinned'], $condition);
$pinned = Item::inArray($pinned_items); $pinned = Item::inArray($pinned_items);
$items = array_merge($items, $pinned); $items = array_merge($items, $pinned);
} }