fix(contributors): add dash to prevent deleting permissions from other podcast

fixes #310
This commit is contained in:
Yassine Doghri 2023-03-17 16:34:44 +00:00
parent 1dde11f8e4
commit 5d2a2d49c4
2 changed files with 4 additions and 4 deletions

View File

@ -139,7 +139,7 @@ if (! function_exists('get_podcast_group')) {
function get_podcast_group(User $user, int $podcastId, bool $removePrefix = true): ?string function get_podcast_group(User $user, int $podcastId, bool $removePrefix = true): ?string
{ {
$podcastGroups = array_filter($user->getGroups() ?? [], static function ($group) use ($podcastId): bool { $podcastGroups = array_filter($user->getGroups() ?? [], static function ($group) use ($podcastId): bool {
return str_starts_with($group, "podcast#{$podcastId}"); return str_starts_with($group, "podcast#{$podcastId}-");
}); });
if ($podcastGroups === []) { if ($podcastGroups === []) {
@ -155,7 +155,7 @@ if (! function_exists('get_podcast_group')) {
} }
if ($removePrefix) { if ($removePrefix) {
// strip the `podcast#{id}.` prefix when returning group // strip the `podcast#{id}-` prefix when returning group
return substr((string) $podcastGroup, strlen('podcast#' . $podcastId . '-')); return substr((string) $podcastGroup, strlen('podcast#' . $podcastId . '-'));
} }

View File

@ -35,7 +35,7 @@ class UserModel extends ShieldUserModel
{ {
return $this->select('users.*') return $this->select('users.*')
->join('auth_groups_users', 'users.id = auth_groups_users.user_id') ->join('auth_groups_users', 'users.id = auth_groups_users.user_id')
->like('auth_groups_users.group', "podcast#{$podcastId}") ->like('auth_groups_users.group', "podcast#{$podcastId}-")
->findAll(); ->findAll();
} }
@ -44,7 +44,7 @@ class UserModel extends ShieldUserModel
return $this->select('users.*') return $this->select('users.*')
->join('auth_groups_users', 'users.id = auth_groups_users.user_id') ->join('auth_groups_users', 'users.id = auth_groups_users.user_id')
->where('users.id', $contributorId) ->where('users.id', $contributorId)
->like('auth_groups_users.group', "podcast#{$podcastId}") ->like('auth_groups_users.group', "podcast#{$podcastId}-")
->first(); ->first();
} }
} }