aheathershaw
/
blue-twilight
1
0
Fork 0
Code Issues 32 Pull Requests Releases 15 Wiki Activity

#84: Corrected permissions query for a non-admin user returning incorrect child albums

This commit is contained in:
Andy Heathershaw 2018-07-28 08:59:07 +01:00
parent 9a65e8f1c9
commit eedfd5abdd
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app/Helpers/DbHelper.php
View File

@ -70,17 +70,20 @@ class DbHelper
->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id')
->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id')
->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id')
->where('albums.user_id', $user->id)
->orWhere([
['group_permissions.section', 'album'],
['group_permissions.description', $permission],
['user_groups.user_id', $user->id]
])
->orWhere([
['user_permissions.section', 'album'],
['user_permissions.description', $permission],
['album_user_permissions.user_id', $user->id]
]);
->where(function($query) use ($user, $permission)
{
$query->where('albums.user_id', $user->id)
->orWhere([
['group_permissions.section', 'album'],
['group_permissions.description', $permission],
['user_groups.user_id', $user->id]
])
->orWhere([
['user_permissions.section', 'album'],
['user_permissions.description', $permission],
['album_user_permissions.user_id', $user->id]
]);
});
}
$parentAlbumID = intval($parentAlbumID);