rdelaage
/
castopod
mirror of https://code.castopod.org/adaures/castopod.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(contributors): add dash to prevent deleting permissions from other podcast 

fixes #310
This commit is contained in:
Yassine Doghri 2023-03-17 16:34:44 +00:00
parent 1dde11f8e4
commit 5d2a2d49c4
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/Auth/Helpers/auth_helper.php
View File

@ -139,7 +139,7 @@ if (! function_exists('get_podcast_group')) {
function get_podcast_group(User $user, int $podcastId, bool $removePrefix = true): ?string
{
$podcastGroups = array_filter($user->getGroups() ?? [], static function ($group) use ($podcastId): bool {
return str_starts_with($group, "podcast#{$podcastId}");
return str_starts_with($group, "podcast#{$podcastId}-");
});
if ($podcastGroups === []) {
@ -155,7 +155,7 @@ if (! function_exists('get_podcast_group')) {
}
if ($removePrefix) {
// strip the `podcast#{id}.` prefix when returning group
// strip the `podcast#{id}-` prefix when returning group
return substr((string) $podcastGroup, strlen('podcast#' . $podcastId . '-'));
}

4
modules/Auth/Models/UserModel.php
View File

@ -35,7 +35,7 @@ class UserModel extends ShieldUserModel
{
return $this->select('users.*')
->join('auth_groups_users', 'users.id = auth_groups_users.user_id')
->like('auth_groups_users.group', "podcast#{$podcastId}")
->like('auth_groups_users.group', "podcast#{$podcastId}-")
->findAll();
}
@ -44,7 +44,7 @@ class UserModel extends ShieldUserModel
return $this->select('users.*')
->join('auth_groups_users', 'users.id = auth_groups_users.user_id')
->where('users.id', $contributorId)
->like('auth_groups_users.group', "podcast#{$podcastId}")
->like('auth_groups_users.group', "podcast#{$podcastId}-")
->first();
}
}