GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[PLUGIN][AttachmentCollections] Prevent user from appending stuff in a collection (s)he doesn't own

This commit is contained in:
Phablulo Joel 2021-12-25 11:27:00 -03:00
parent 1e965157de
commit af3d278fde
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plugins/AttachmentCollections/AttachmentCollections.php
View File

@ -153,11 +153,15 @@ class AttachmentCollections extends Plugin
['aid' => $attachment_id, 'id' => $user->getId(), 'ids' => $removed] ['aid' => $attachment_id, 'id' => $user->getId(), 'ids' => $removed]
); );
} }
$collection_ids = \array_map(fn ($x) => $x->getId(), $colls);
foreach ($added as $cid) { foreach ($added as $cid) {
DB::persist(CollectionEntry::create([ // prevent user from putting something in a collection (s)he doesn't own:
'attachment_id' => $attachment_id, if (\in_array($cid, $collection_ids)) {
'collection_id' => $cid, DB::persist(CollectionEntry::create([
])); 'attachment_id' => $attachment_id,
'collection_id' => $cid,
]));
}
} }
DB::flush(); DB::flush();
} }