From 5d2a2d49c489cd98f9c9ecbca35fd5d21a9cadfb Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Fri, 17 Mar 2023 16:34:44 +0000
Subject: [PATCH] fix(contributors): add dash to prevent deleting permissions
 from other podcast

fixes #310
---
 modules/Auth/Helpers/auth_helper.php | 4 ++--
 modules/Auth/Models/UserModel.php    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/Auth/Helpers/auth_helper.php b/modules/Auth/Helpers/auth_helper.php
index d424ef77..67cd2df2 100644
--- a/modules/Auth/Helpers/auth_helper.php
+++ b/modules/Auth/Helpers/auth_helper.php
@@ -139,7 +139,7 @@ if (! function_exists('get_podcast_group')) {
     function get_podcast_group(User $user, int $podcastId, bool $removePrefix = true): ?string
     {
         $podcastGroups = array_filter($user->getGroups() ?? [], static function ($group) use ($podcastId): bool {
-            return str_starts_with($group, "podcast#{$podcastId}");
+            return str_starts_with($group, "podcast#{$podcastId}-");
         });
 
         if ($podcastGroups === []) {
@@ -155,7 +155,7 @@ if (! function_exists('get_podcast_group')) {
         }
 
         if ($removePrefix) {
-            // strip the `podcast#{id}.` prefix when returning group
+            // strip the `podcast#{id}-` prefix when returning group
             return substr((string) $podcastGroup, strlen('podcast#' . $podcastId . '-'));
         }
 
diff --git a/modules/Auth/Models/UserModel.php b/modules/Auth/Models/UserModel.php
index 82ba5177..2fbdbd07 100644
--- a/modules/Auth/Models/UserModel.php
+++ b/modules/Auth/Models/UserModel.php
@@ -35,7 +35,7 @@ class UserModel extends ShieldUserModel
     {
         return $this->select('users.*')
             ->join('auth_groups_users', 'users.id = auth_groups_users.user_id')
-            ->like('auth_groups_users.group', "podcast#{$podcastId}")
+            ->like('auth_groups_users.group', "podcast#{$podcastId}-")
             ->findAll();
     }
 
@@ -44,7 +44,7 @@ class UserModel extends ShieldUserModel
         return $this->select('users.*')
             ->join('auth_groups_users', 'users.id = auth_groups_users.user_id')
             ->where('users.id', $contributorId)
-            ->like('auth_groups_users.group', "podcast#{$podcastId}")
+            ->like('auth_groups_users.group', "podcast#{$podcastId}-")
             ->first();
     }
 }