ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix: Pass user id along to properly check permissions in background jobs

Browse Source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
2023-02-27 11:25:45 +01:00
parent ff2ad61b6d
commit 1beff8945b
1 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/Service/PermissionService.php
View File

@@ -97,21 +97,26 @@ class PermissionService {
* @param $boardId
* @return bool|array
*/
public function getPermissions($boardId) {
if ($cached = $this->permissionCache->get($boardId)) {
public function getPermissions($boardId, ?string $userId = null) {
if ($userId === null) {
$userId = $this->userId;
}
$cacheKey = $boardId . '-' . $userId;
if ($cached = $this->permissionCache->get($cacheKey)) {
return $cached;
}
$owner = $this->userIsBoardOwner($boardId);
$owner = $this->userIsBoardOwner($boardId, $userId);
$acls = $this->aclMapper->findAll($boardId);
$permissions = [
Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ),
Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT),
Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE),
Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE))
&& (!$this->shareManager->sharingDisabledForUser($this->userId))
Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ, $userId),
Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT, $userId),
Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE, $userId),
Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE, $userId))
&& (!$this->shareManager->sharingDisabledForUser($userId))
];
$this->permissionCache->set($boardId, $permissions);
$this->permissionCache->set($cacheKey, $permissions);
return $permissions;
}
@@ -153,7 +158,7 @@ class PermissionService {
throw new NoPermissionException('Permission denied');
}
$permissions = $this->getPermissions($boardId);
$permissions = $this->getPermissions($boardId, $userId);
if ($permissions[$permission] === true) {
return true;
}