harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Authors unable to comment on posts they authored when under owned by others in certain circumstances.

Browse Source
This commit is contained in:
M.Dent 2018-09-01 13:45:05 -04:00
parent da441c59f6
commit e2824f9259
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Zotlabs/Module/Item.php
View File

@ -29,7 +29,7 @@ use \Zotlabs\Lib as Zlib;
class Item extends \Zotlabs\Web\Controller {
function post() {
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
@ -237,10 +237,12 @@ class Item extends \Zotlabs\Web\Controller {
if($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self']))
$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
else
$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
if (!$can_comment) {
if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 )
$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
}
if(! $can_comment) {
notice( t('Permission denied.') . EOL) ;

15
include/zot.php
View File

@ -1808,8 +1808,21 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
else {
$arr['item_wall'] = 0;
}
$allowed = (perm_is_allowed($channel['channel_id'],$sender['hash'],$perm) && (! $tag_delivery) && (! $local_public));
if((! perm_is_allowed($channel['channel_id'],$sender['hash'],$perm)) && (! $tag_delivery) && (! $local_public)) {
if(! $allowed && $perm == 'post_comments') {
logger("Channel = ".intval($channel['channel_id']));
$parent = q("select * from item where mid = '%s' and uid = %d limit 1",
dbesc($arr['parent_mid']),
intval($channel['channel_id'])
);
if ($parent) {
$allowed = can_comment_on_post($d['hash'],$parent[0]);
}
}
if (! $allowed) {
logger("permission denied for delivery to channel {$channel['channel_id']} {$channel['channel_address']}");
$DR->update('permission denied');
$result[] = $DR->get();