ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Let new shares only use the current users permissions

Browse Source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
2020-04-04 12:13:21 +02:00
committed by backportbot[bot]
parent b7ce980f44
commit c6b25a6438
2 changed files with 103 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/Service/BoardService.php
View File

@@ -454,6 +454,17 @@ class BoardService {
return $board;
}
private function applyPermissions($boardId, $edit, $share, $manage) {
try {
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_MANAGE);
} catch (NoPermissionException $e) {
$acls = $this->aclMapper->findAll($boardId);
$edit = $this->permissionService->userCan($acls, Acl::PERMISSION_EDIT, $this->userId) && $edit;
$share = $this->permissionService->userCan($acls, Acl::PERMISSION_SHARE, $this->userId) && $share;
$manage = $this->permissionService->userCan($acls, Acl::PERMISSION_MANAGE, $this->userId) && $manage;
}
return [$edit, $share, $manage];
}
/**
* @param $boardId
@@ -493,6 +504,8 @@ class BoardService {
}
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_SHARE);
[$edit, $share, $manage] = $this->applyPermissions($boardId, $edit, $share, $manage);
$acl = new Acl();
$acl->setBoardId($boardId);
$acl->setType($type);
@@ -555,8 +568,10 @@ class BoardService {
}
$this->permissionService->checkPermission($this->aclMapper, $id, Acl::PERMISSION_SHARE);
/** @var Acl $acl */
$acl = $this->aclMapper->find($id);
[$edit, $share, $manage] = $this->applyPermissions($acl->getBoardId(), $edit, $share, $manage);
$acl->setPermissionEdit($edit);
$acl->setPermissionShare($share);
$acl->setPermissionManage($manage);