GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[PLUGIN][AttachmentCollections] Prevent user from appending stuff in a collection (s)he doesn't own

Browse Source
This commit is contained in:
Phablulo Joel 2021-12-25 11:27:00 -03:00
parent 1e965157de
commit af3d278fde
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/AttachmentCollections/AttachmentCollections.php
View File

@ -153,12 +153,16 @@ class AttachmentCollections extends Plugin
['aid' => $attachment_id, 'id' => $user->getId(), 'ids' => $removed] ['aid' => $attachment_id, 'id' => $user->getId(), 'ids' => $removed]
); );
} }
$collection_ids = \array_map(fn ($x) => $x->getId(), $colls);
foreach ($added as $cid) { foreach ($added as $cid) {
// prevent user from putting something in a collection (s)he doesn't own:
if (\in_array($cid, $collection_ids)) {
DB::persist(CollectionEntry::create([ DB::persist(CollectionEntry::create([
'attachment_id' => $attachment_id, 'attachment_id' => $attachment_id,
'collection_id' => $cid, 'collection_id' => $cid,
])); ]));
} }
}
DB::flush(); DB::flush();
} }
// add to new collection form // add to new collection form