ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix(activity): Fix permission checks when rendering activities in background jobs

Browse Source 
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
2024-01-29 09:10:47 +01:00
committed by backportbot[bot]
parent a302b554c8
commit 8d092053bf
2 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/Activity/ActivityManager.php
View File

@@ -566,9 +566,9 @@ class ActivityManager {
];
}
public function canSeeCardActivity(int $cardId): bool {
public function canSeeCardActivity(int $cardId, string $userId): bool {
try {
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ, $userId);
$card = $this->cardMapper->find($cardId);
return $card->getDeletedAt() === 0;
} catch (NoPermissionException $e) {
@@ -576,9 +576,9 @@ class ActivityManager {
}
}
public function canSeeBoardActivity(int $boardId): bool {
public function canSeeBoardActivity(int $boardId, string $userId): bool {
try {
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ, $userId);
$board = $this->boardMapper->find($boardId);
return $board->getDeletedAt() === 0;
} catch (NoPermissionException $e) {