ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Merge pull request #7131 from nextcloud/fix-board-acl-check

Browse Source 
fix: acl check when delete, update board acl
This commit is contained in:
Luka Trovic
2025-07-25 17:51:00 +02:00
committed by GitHub
parent 244d61c783 8229d40981
commit f1da8b30a4
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/Service/BoardService.php
View File

@@ -320,14 +320,14 @@ class BoardService {
return $board; return $board;
} }
private function applyPermissions($boardId, $edit, $share, $manage) { private function applyPermissions($boardId, $edit, $share, $manage, $oldAcl = null) {
try { try {
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_MANAGE); $this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_MANAGE);
} catch (NoPermissionException $e) { } catch (NoPermissionException $e) {
$acls = $this->aclMapper->findAll($boardId); $acls = $this->aclMapper->findAll($boardId);
$edit = $this->permissionService->userCan($acls, Acl::PERMISSION_EDIT, $this->userId) && $edit; $edit = $this->permissionService->userCan($acls, Acl::PERMISSION_EDIT, $this->userId) ? $edit : $oldAcl?->getPermissionEdit() ?? false;
$share = $this->permissionService->userCan($acls, Acl::PERMISSION_SHARE, $this->userId) && $share; $share = $this->permissionService->userCan($acls, Acl::PERMISSION_SHARE, $this->userId) ? $share : $oldAcl?->getPermissionShare() ?? false;
$manage = $this->permissionService->userCan($acls, Acl::PERMISSION_MANAGE, $this->userId) && $manage; $manage = $this->permissionService->userCan($acls, Acl::PERMISSION_MANAGE, $this->userId) ? $manage : $oldAcl?->getPermissionManage() ?? false;
} }
return [$edit, $share, $manage]; return [$edit, $share, $manage];
} }
@@ -417,7 +417,7 @@ class BoardService {
/** @var Acl $acl */ /** @var Acl $acl */
$acl = $this->aclMapper->find($id); $acl = $this->aclMapper->find($id);
[$edit, $share, $manage] = $this->applyPermissions($acl->getBoardId(), $edit, $share, $manage); [$edit, $share, $manage] = $this->applyPermissions($acl->getBoardId(), $edit, $share, $manage, $acl);
$acl->setPermissionEdit($edit); $acl->setPermissionEdit($edit);
$acl->setPermissionShare($share); $acl->setPermissionShare($share);
$acl->setPermissionManage($manage); $acl->setPermissionManage($manage);
@@ -439,7 +439,7 @@ class BoardService {
* @throws NotFoundExceptionInterface * @throws NotFoundExceptionInterface
*/ */
public function deleteAcl(int $id): ?Acl { public function deleteAcl(int $id): ?Acl {
$this->permissionService->checkPermission($this->aclMapper, $id, Acl::PERMISSION_SHARE); $this->permissionService->checkPermission($this->aclMapper, $id, Acl::PERMISSION_MANAGE);
/** @var Acl $acl */ /** @var Acl $acl */
$acl = $this->aclMapper->find($id); $acl = $this->aclMapper->find($id);
$this->boardMapper->mapAcl($acl); $this->boardMapper->mapAcl($acl);