aheathershaw
/
blue-twilight
1
0
Fork 0
Code Issues 32 Pull Requests Releases 15 Wiki Activity

#84: Corrected permissions query for a non-admin user returning incorrect child albums

This commit is contained in:
Andy Heathershaw 2018-07-28 08:59:07 +01:00
parent 9a65e8f1c9
commit eedfd5abdd
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
app/Helpers/DbHelper.php
View File

@ -70,17 +70,20 @@ class DbHelper
->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id') ->leftJoin('permissions AS group_permissions', 'group_permissions.id', '=', 'album_group_permissions.permission_id')
->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id') ->leftJoin('permissions AS user_permissions', 'user_permissions.id', '=', 'album_user_permissions.permission_id')
->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id') ->leftJoin('user_groups', 'user_groups.group_id', '=', 'album_group_permissions.group_id')
->where('albums.user_id', $user->id) ->where(function($query) use ($user, $permission)
->orWhere([ {
['group_permissions.section', 'album'], $query->where('albums.user_id', $user->id)
['group_permissions.description', $permission], ->orWhere([
['user_groups.user_id', $user->id] ['group_permissions.section', 'album'],
]) ['group_permissions.description', $permission],
->orWhere([ ['user_groups.user_id', $user->id]
['user_permissions.section', 'album'], ])
['user_permissions.description', $permission], ->orWhere([
['album_user_permissions.user_id', $user->id] ['user_permissions.section', 'album'],
]); ['user_permissions.description', $permission],
['album_user_permissions.user_id', $user->id]
]);
});
} }
$parentAlbumID = intval($parentAlbumID); $parentAlbumID = intval($parentAlbumID);