Skip to content

Commit

Permalink
Fix #125
Browse files Browse the repository at this point in the history
  • Loading branch information
@jamesedmonston
jamesedmonston committed Jul 1, 2023
1 parent d540b4a commit 8212130
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions src/services/RestrictionService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
use craft\helpers\StringHelper;
use craft\models\GqlToken;
use craft\services\Assets;
use craft\services\Entries;
use craft\services\Gql;
use craft\services\Sections;
use craft\services\Volumes;
Expand Down Expand Up @@ -403,8 +404,9 @@ public function ensureEntryMutationAllowed(ModelEvent $event): bool
$entry->authorId = $user->id;
}

$authorOnlySections = $this->getAuthorOnlySections($user, 'mutation');
$authorOnlySections = isset($user) && $user ? $this->getAuthorOnlySections($user, 'mutation') : [];

/** @var Sections */
$sectionsService = Craft::$app->getSections();
$entrySection = $sectionsService->getSectionById($entry->sectionId)->handle;

Expand Down Expand Up @@ -436,12 +438,11 @@ public function ensureAssetMutationAllowed(ModelEvent $event): bool
$asset = $event->sender;
$user = GraphqlAuthentication::$tokenService->getUserFromToken();

if ($event->isNew) {
if ($user && $event->isNew && !$asset->uploaderId) {
$asset->uploaderId = $user->id;
return true;
}

// Robin Beatty: added user check here
$authorOnlyVolumes = isset($user) && $user ? $this->getAuthorOnlyVolumes($user, 'mutation') : [];

/** @var Volumes */
Expand All @@ -452,7 +453,7 @@ public function ensureAssetMutationAllowed(ModelEvent $event): bool
return true;
}

if ((string) $asset->uploaderId !== (string) $user->id) {
if (!$user || $asset->uploaderId != $user->id) {
GraphqlAuthentication::$errorService->throw(GraphqlAuthentication::$settings->forbiddenMutation);
}

Expand Down Expand Up @@ -577,7 +578,9 @@ protected function _ensureValidEntry(int $id, int $siteId): bool
$settings = GraphqlAuthentication::$settings;
$errorService = GraphqlAuthentication::$errorService;

$entry = Craft::$app->getEntries()->getEntryById($id, $siteId);
/** @var Entries */
$entriesService = Craft::$app->getEntries();
$entry = $entriesService->getEntryById($id, $siteId);

if (!$entry) {
$errorService->throw($settings->entryNotFound);
Expand Down Expand Up @@ -656,7 +659,6 @@ protected function _ensureValidAsset(int $id): bool
$errorService->throw($settings->forbiddenMutation);
}

// Robin Beatty: added user check here
$authorOnlyVolumes = isset($user) && $user ? $this->getAuthorOnlyVolumes($user, 'mutation') : [];

/** @var Volumes */
Expand Down

0 comments on commit 8212130

Please sign in to comment.