strk/friendica
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Move top-level permission check outside of Model\Item::getTopLevelParentData

Browse source 
- It wasn't checked when the direct parent was also the top-level parent
This commit is contained in:
Hypolite Petovan 2020-11-14 07:41:01 -05:00
parent cb963a3259
commit b5d3fcb8d4
1 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/Model/Item.php
View file

@ -1514,13 +1514,6 @@ class Item
return []; return [];
} }
// If the thread originated from this node, we check the permission against the thread starter
$condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
$localTopLevelParent = self::selectFirst(['uid'], $condition);
if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
return [];
}
return $toplevel_parent; return $toplevel_parent;
} }
@ -1689,6 +1682,13 @@ class Item
return 0; return 0;
} }
// If the thread originated from this node, we check the permission against the thread starter
$condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
$localTopLevelParent = self::selectFirst(['uid'], $condition);
if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
return 0;
}
$parent_id = $toplevel_parent['id']; $parent_id = $toplevel_parent['id'];
$item['parent-uri'] = $toplevel_parent['uri']; $item['parent-uri'] = $toplevel_parent['uri'];
$item['deleted'] = $toplevel_parent['deleted']; $item['deleted'] = $toplevel_parent['deleted'];