aheathershaw
/
blue-twilight
1
0
Fork 0
Code Issues 32 Pull Requests Releases 15 Wiki Activity

#84: Corrected permissions query for a non-admin user returning incorrect child albums

This commit is contained in:
Andy Heathershaw 2018-07-28 08:59:07 +01:00
parent 9a65e8f1c9
commit eedfd5abdd
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/Helpers/DbHelper.php
View File

@ -70,7 +70,9 @@ class DbHelper
->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id') ->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id')
->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id') ->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id')
->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id') ->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id')
->where('albums.user_id', $user->id) ->where(function($query) use ($user, $permission)
{
$query->where('albums.user_id', $user->id)
->orWhere([ ->orWhere([
['group_permissions.section', 'album'], ['group_permissions.section', 'album'],
['group_permissions.description', $permission], ['group_permissions.description', $permission],
@ -81,6 +83,7 @@ class DbHelper
['user_permissions.description', $permission], ['user_permissions.description', $permission],
['album_user_permissions.user_id', $user->id] ['album_user_permissions.user_id', $user->id]
]); ]);
});
} }
$parentAlbumID = intval($parentAlbumID); $parentAlbumID = intval($parentAlbumID);