From eedfd5abdd53b381794d56a962e5f2bc7a5f3061 Mon Sep 17 00:00:00 2001 From: Andy Heathershaw Date: Sat, 28 Jul 2018 08:59:07 +0100 Subject: [PATCH] #84: Corrected permissions query for a non-admin user returning incorrect child albums --- app/Helpers/DbHelper.php | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/app/Helpers/DbHelper.php b/app/Helpers/DbHelper.php index 6a74f48..bba7315 100644 --- a/app/Helpers/DbHelper.php +++ b/app/Helpers/DbHelper.php @@ -70,17 +70,20 @@ class DbHelper ->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id') ->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id') ->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id') - ->where('albums.user_id', $user->id) - ->orWhere([ - ['group_permissions.section', 'album'], - ['group_permissions.description', $permission], - ['user_groups.user_id', $user->id] - ]) - ->orWhere([ - ['user_permissions.section', 'album'], - ['user_permissions.description', $permission], - ['album_user_permissions.user_id', $user->id] - ]); + ->where(function($query) use ($user, $permission) + { + $query->where('albums.user_id', $user->id) + ->orWhere([ + ['group_permissions.section', 'album'], + ['group_permissions.description', $permission], + ['user_groups.user_id', $user->id] + ]) + ->orWhere([ + ['user_permissions.section', 'album'], + ['user_permissions.description', $permission], + ['album_user_permissions.user_id', $user->id] + ]); + }); } $parentAlbumID = intval($parentAlbumID);