#33: Fixed an issue where by the anonymous album check did not include the album ID, thereby allowing access if other albums allowed anonymous users.
This commit is contained in:
parent
6d59552456
commit
2caa1c8fbc
@ -145,7 +145,10 @@ class AlbumPolicy
|
||||
{
|
||||
$query = Album::query()->join('album_anonymous_permissions', 'album_anonymous_permissions.album_id', '=', 'albums.id')
|
||||
->join('permissions', 'permissions.id', '=', 'album_anonymous_permissions.permission_id')
|
||||
->where('permissions.id', $permission->id);
|
||||
->where([
|
||||
['albums.id', $album->id],
|
||||
['permissions.id', $permission->id]
|
||||
]);
|
||||
|
||||
return $query->count() > 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user