Skip to content

Commit a69b0b3

Browse files
ildyriaildyria
authored
fix: Improved support for group authorization for Album delete & edit (#4317)
1 parent 1cde981 commit a69b0b3

1 file changed

Lines changed: 14 additions & 4 deletions

File tree

app/Policies/AlbumPolicy.php

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -285,9 +285,11 @@ public function canDelete(User $user, ?AbstractAlbum $abstract_album = null): bo
285285
if (
286286
AccessPermission::query()
287287
->where(APC::BASE_ALBUM_ID, '=', $abstract_album->parent_id)
288-
->where(APC::USER_ID, '=', $user->id)
288+
->where(fn ($query) => $query->where(APC::USER_ID, '=', $user->id)
289+
->orWhereIn(APC::USER_GROUP_ID, $user->user_groups->pluck('id'))
290+
)
289291
->where(APC::GRANTS_DELETE, '=', true)
290-
->count() === 1
292+
->count() >= 1
291293
) {
292294
return true;
293295
}
@@ -379,9 +381,13 @@ public function canEditById(User $user, array $album_ids): bool
379381

380382
if (
381383
AccessPermission::query()
384+
->select(APC::BASE_ALBUM_ID)
382385
->whereIn(APC::BASE_ALBUM_ID, $album_ids)
383-
->where(APC::USER_ID, '=', $user->id)
386+
->where(fn ($query) => $query->where(APC::USER_ID, '=', $user->id)
387+
->orWhereIn(APC::USER_GROUP_ID, $user->user_groups->pluck('id'))
388+
)
384389
->where(APC::GRANTS_EDIT, '=', true)
390+
->distinct()
385391
->count() === $num_albums
386392
) {
387393
return true;
@@ -430,9 +436,13 @@ public function canDeleteById(User $user, array $album_ids): bool
430436

431437
if (
432438
AccessPermission::query()
439+
->select(APC::BASE_ALBUM_ID)
433440
->whereIn(APC::BASE_ALBUM_ID, $album_ids)
434-
->where(APC::USER_ID, '=', $user->id)
441+
->where(fn ($query) => $query->where(APC::USER_ID, '=', $user->id)
442+
->orWhereIn(APC::USER_GROUP_ID, $user->user_groups->pluck('id'))
443+
)
435444
->where(APC::GRANTS_DELETE, '=', true)
445+
->distinct()
436446
->count() === $num_albums
437447
) {
438448
return true;

0 commit comments

Comments
 (0)