Skip to content

Fix sharing a bit too much info#4264

Merged
ildyria merged 2 commits intomasterfrom
fix-incomming-vulnerability
Apr 6, 2026
Merged

Fix sharing a bit too much info#4264
ildyria merged 2 commits intomasterfrom
fix-incomming-vulnerability

Conversation

@ildyria
Copy link
Copy Markdown
Member

@ildyria ildyria commented Apr 6, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Fixed gallery sharing permission evaluation so items accessible to individual users or user groups are properly included via combined access filtering. This improves the accuracy and consistency of sharing lists and their ordering. No public interfaces were changed.

@ildyria ildyria requested a review from a team as a code owner April 6, 2026 13:04
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 6, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 139540cb-58da-40ef-9ea2-cfc60735bcbb

📥 Commits

Reviewing files that changed from the base of the PR and between 5bd235e and 92b1bef.

📒 Files selected for processing (1)
  • app/Http/Controllers/Gallery/SharingController.php
🚧 Files skipped from review as they are similar to previous changes (1)
  • app/Http/Controllers/Gallery/SharingController.php
📝 Walkthrough

Walkthrough

The SharingController::listAll query now groups the non-null checks for APC::USER_ID and APC::USER_GROUP_ID inside a single closure, ensuring the OR between them is evaluated together before other WHERE predicates.

Changes

Cohort / File(s) Summary
Query Logic Refactoring
app/Http/Controllers/Gallery/SharingController.php		 Replaced sequential whereNotNull(...)->orWhereNotNull(...) calls with a grouped closure where(fn($q) => $q->whereNotNull(...)->orWhereNotNull(...)) to change SQL boolean grouping prior to orderBy.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hopped through clauses, neat and spry,
Grouping ORs so truths align,
A cozy closure, snug and bright,
Queries sleep well through the night,
thump — the rabbit's done the tidy line.

🚥 Pre-merge checks | ✅ 1
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 6, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.17%. Comparing base (2c277b4) to head (92b1bef).
⚠️ Report is 2 commits behind head on master.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ildyria ildyria merged commit 76a3f05 into master Apr 6, 2026
45 checks passed
@ildyria ildyria deleted the fix-incomming-vulnerability branch April 6, 2026 13:56
@nixpkgs-security-tracker nixpkgs-security-tracker Bot mentioned this pull request Apr 11, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ildyria