@@ -285,9 +285,11 @@ public function canDelete(User $user, ?AbstractAlbum $abstract_album = null): bo
285285 if (
286286 AccessPermission::query ()
287287 ->where (APC ::BASE_ALBUM_ID , '= ' , $ abstract_album ->parent_id )
288- ->where (APC ::USER_ID , '= ' , $ user ->id )
288+ ->where (fn ($ query ) => $ query ->where (APC ::USER_ID , '= ' , $ user ->id )
289+ ->orWhereIn (APC ::USER_GROUP_ID , $ user ->user_groups ->pluck ('id ' ))
290+ )
289291 ->where (APC ::GRANTS_DELETE , '= ' , true )
290- ->count () == = 1
292+ ->count () > = 1
291293 ) {
292294 return true ;
293295 }
@@ -379,9 +381,13 @@ public function canEditById(User $user, array $album_ids): bool
379381
380382 if (
381383 AccessPermission::query ()
384+ ->select (APC ::BASE_ALBUM_ID )
382385 ->whereIn (APC ::BASE_ALBUM_ID , $ album_ids )
383- ->where (APC ::USER_ID , '= ' , $ user ->id )
386+ ->where (fn ($ query ) => $ query ->where (APC ::USER_ID , '= ' , $ user ->id )
387+ ->orWhereIn (APC ::USER_GROUP_ID , $ user ->user_groups ->pluck ('id ' ))
388+ )
384389 ->where (APC ::GRANTS_EDIT , '= ' , true )
390+ ->distinct ()
385391 ->count () === $ num_albums
386392 ) {
387393 return true ;
@@ -430,9 +436,13 @@ public function canDeleteById(User $user, array $album_ids): bool
430436
431437 if (
432438 AccessPermission::query ()
439+ ->select (APC ::BASE_ALBUM_ID )
433440 ->whereIn (APC ::BASE_ALBUM_ID , $ album_ids )
434- ->where (APC ::USER_ID , '= ' , $ user ->id )
441+ ->where (fn ($ query ) => $ query ->where (APC ::USER_ID , '= ' , $ user ->id )
442+ ->orWhereIn (APC ::USER_GROUP_ID , $ user ->user_groups ->pluck ('id ' ))
443+ )
435444 ->where (APC ::GRANTS_DELETE , '= ' , true )
445+ ->distinct ()
436446 ->count () === $ num_albums
437447 ) {
438448 return true ;
0 commit comments