Skip to content

Commit f7c169c

Browse files
christianbeeznestchristianbeeznest
authored
Merge pull request #5507 from christianbeeznest/ofaj-21677-2
Internal: Fixing user permissions for message replies - BT#21677
2 parents 753451f + ad3b34a commit f7c169c

File tree

2 files changed

+43
-9
lines changed

2 files changed

+43
-9
lines changed

src/CoreBundle/Repository/MessageRepository.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -364,4 +364,24 @@ private function isDescendantOf(Message $message, int $startId, array $allMessag
364364

365365
return false;
366366
}
367+
368+
public function usersHaveSharedMessages(?User $currentUser, ?User $targetUser): bool
369+
{
370+
if ($currentUser === null || $targetUser === null) {
371+
return false;
372+
}
373+
374+
$qb = $this->createQueryBuilder('m');
375+
$qb->select('m')
376+
->innerJoin('m.receivers', 'mr')
377+
->where('mr.receiver = :userTwo')
378+
->andWhere('m.sender = :userOne')
379+
->setParameters([
380+
'userOne' => $targetUser,
381+
'userTwo' => $currentUser,
382+
])
383+
->setMaxResults(1);
384+
385+
return count($qb->getQuery()->getResult()) > 0;
386+
}
367387
}

src/CoreBundle/Security/Authorization/Voter/UserVoter.php

Lines changed: 23 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,10 @@
66

77
namespace Chamilo\CoreBundle\Security\Authorization\Voter;
88

9+
use Chamilo\CoreBundle\Entity\Message;
910
use Chamilo\CoreBundle\Entity\User;
1011
use Chamilo\CoreBundle\Entity\UserRelUser;
12+
use Doctrine\ORM\EntityManagerInterface;
1113
use Symfony\Bundle\SecurityBundle\Security;
1214
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
1315
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
@@ -24,7 +26,8 @@ class UserVoter extends Voter
2426
public const DELETE = 'DELETE';
2527

2628
public function __construct(
27-
private Security $security
29+
private Security $security,
30+
private EntityManagerInterface $entityManager
2831
) {}
2932

3033
protected function supports(string $attribute, $subject): bool
@@ -46,10 +49,10 @@ protected function supports(string $attribute, $subject): bool
4649

4750
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
4851
{
49-
/** @var User $currentUSer */
50-
$currentUSer = $token->getUser();
52+
/** @var User $currentUser */
53+
$currentUser = $token->getUser();
5154

52-
if (!$currentUSer instanceof UserInterface) {
55+
if (!$currentUser instanceof UserInterface) {
5356
return false;
5457
}
5558

@@ -61,27 +64,38 @@ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $
6164
$user = $subject;
6265

6366
if (self::VIEW === $attribute) {
64-
if ($currentUSer === $user) {
67+
if ($currentUser === $user) {
6568
return true;
6669
}
6770

68-
if ($user->hasFriendWithRelationType($currentUSer, UserRelUser::USER_RELATION_TYPE_FRIEND)) {
71+
if ($user->hasFriendWithRelationType($currentUser, UserRelUser::USER_RELATION_TYPE_FRIEND)) {
6972
return true;
7073
}
7174

72-
$friendsOfFriends = $currentUSer->getFriendsOfFriends();
75+
$friendsOfFriends = $currentUser->getFriendsOfFriends();
7376
if (\in_array($user, $friendsOfFriends, true)) {
7477
return true;
7578
}
7679

7780
if (
78-
$user->hasFriendWithRelationType($currentUSer, UserRelUser::USER_RELATION_TYPE_BOSS)
79-
|| $user->isFriendWithMeByRelationType($currentUSer, UserRelUser::USER_RELATION_TYPE_BOSS)
81+
$user->hasFriendWithRelationType($currentUser, UserRelUser::USER_RELATION_TYPE_BOSS)
82+
|| $user->isFriendWithMeByRelationType($currentUser, UserRelUser::USER_RELATION_TYPE_BOSS)
8083
) {
8184
return true;
8285
}
86+
87+
if ($this->haveSharedMessages($currentUser, $user)) {
88+
return true;
89+
}
8390
}
8491

8592
return false;
8693
}
94+
95+
private function haveSharedMessages(User $currentUser, User $targetUser): bool {
96+
97+
$messageRepository = $this->entityManager->getRepository(Message::class);
98+
99+
return $messageRepository->usersHaveSharedMessages($currentUser, $targetUser);
100+
}
87101
}

0 commit comments

Comments
 (0)