archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-18 14:21:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request from BookStackApp/ownable_permission_fix

Browse source 
Fixed failed permission checks due to non-loaded fields
This commit is contained in:
Dan Brown 2022-08-10 17:59:46 +01:00 committed by GitHub
commit 375abca1ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 42 additions and 6 deletions
app/Http/Controllers
FavouriteController.php

2
app/Http/Controllers/FavouriteController.php
View file

@ -87,7 +87,7 @@ class FavouriteController extends Controller
$modelInstance = $model->newQuery()
->where('id', '=', $modelInfo['id'])
->first(['id', 'name']);
->first(['id', 'name', 'restricted', 'owned_by']);
$inaccessibleEntity = ($modelInstance instanceof Entity && !userCan('view', $modelInstance));
if (is_null($modelInstance) || $inaccessibleEntity) {