Check for board membership on comments entity event
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
@@ -33,6 +33,7 @@ use OCA\Deck\Db\CardMapper;
|
|||||||
use OCA\Deck\Middleware\ExceptionMiddleware;
|
use OCA\Deck\Middleware\ExceptionMiddleware;
|
||||||
use OCA\Deck\Notification\Notifier;
|
use OCA\Deck\Notification\Notifier;
|
||||||
use OCA\Deck\Service\FullTextSearchService;
|
use OCA\Deck\Service\FullTextSearchService;
|
||||||
|
use OCA\Deck\Service\PermissionService;
|
||||||
use OCP\AppFramework\App;
|
use OCP\AppFramework\App;
|
||||||
use OCP\Collaboration\Resources\IManager;
|
use OCP\Collaboration\Resources\IManager;
|
||||||
use OCP\Comments\CommentsEntityEvent;
|
use OCP\Comments\CommentsEntityEvent;
|
||||||
@@ -156,13 +157,14 @@ class Application extends App {
|
|||||||
$this->getContainer()->getServer()->getEventDispatcher()->addListener(CommentsEntityEvent::EVENT_ENTITY, function(CommentsEntityEvent $event) {
|
$this->getContainer()->getServer()->getEventDispatcher()->addListener(CommentsEntityEvent::EVENT_ENTITY, function(CommentsEntityEvent $event) {
|
||||||
$event->addEntityCollection('deckCard', function($name) {
|
$event->addEntityCollection('deckCard', function($name) {
|
||||||
/** @var CardMapper */
|
/** @var CardMapper */
|
||||||
$service = $this->getContainer()->query(CardMapper::class);
|
$cardMapper = $this->getContainer()->query(CardMapper::class);
|
||||||
|
$permissionService = $this->getContainer()->query(PermissionService::class);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$service->find((int) $name);
|
return $permissionService->checkPermission($cardMapper, (int) $name, Acl::PERMISSION_READ);
|
||||||
} catch (\InvalidArgumentException $e) {
|
} catch (\Exception $e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
$this->registerCommentsEventHandler();
|
$this->registerCommentsEventHandler();
|
||||||
|
|||||||
Reference in New Issue
Block a user