keith
/
friendica
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #10880 from MrPetovan/bug/10876-profile-edit 

Account for the PUBLIC value for id parameter in Depository\PermissionSet::selectOneById
This commit is contained in:
Michael Vogel 2021-10-17 08:36:18 +02:00 committed by GitHub
parent dec87d89c0 29be333cec
commit b0bb95bb0d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 53 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Model/ProfileField.php
View File

@ -65,7 +65,7 @@ class ProfileField extends BaseModel
switch ($name) {
case 'permissionSet':
if (empty($this->permissionSet)) {
$permissionSet = $this->permissionSetDepository->selectOneById($this->psid);
$permissionSet = $this->permissionSetDepository->selectOneById($this->psid, $this->uid);
if ($permissionSet->uid !== $this->uid) {
throw new NotFoundException(sprintf('PermissionSet %d (user-id: %d) for ProfileField %d (user-id: %d) is invalid.', $permissionSet->id, $permissionSet->uid, $this->id, $this->uid));
}

2
src/Module/PermissionTooltip.php
View File

@ -39,7 +39,7 @@ class PermissionTooltip extends \Friendica\BaseModule
}
if (isset($model['psid'])) {
$permissionSet = DI::permissionSet()->selectOneById($model['psid']);
$permissionSet = DI::permissionSet()->selectOneById($model['psid'], $model['uid']);
$model['allow_cid'] = $permissionSet->allow_cid;
$model['allow_gid'] = $permissionSet->allow_gid;
$model['deny_cid'] = $permissionSet->deny_cid;

14
src/Security/PermissionSet/Depository/PermissionSet.php
View File

@ -89,13 +89,21 @@ class PermissionSet extends BaseDepository
}
/**
* @param int $id
*
* @param int $id A permissionset table row id or self::PUBLIC
* @param int|null $uid Should be provided when id can be self::PUBLIC
* @return Entity\PermissionSet
* @throws NotFoundException
*/
public function selectOneById(int $id): Entity\PermissionSet
public function selectOneById(int $id, int $uid = null): Entity\PermissionSet
{
if ($id === self::PUBLIC) {
if (empty($uid)) {
throw new \InvalidArgumentException('Missing uid for Public permission set instantiation');
}
return $this->factory->createFromString($uid);
}
return $this->selectOne(['id' => $id]);
}

40
tests/src/Security/PermissionSet/Depository/PermissionSetTest.php Normal file
View File

@ -0,0 +1,40 @@
<?php
namespace Friendica\Test\src\Security\PermissionSet\Depository;
use Dice\Dice;
use Friendica\Database\Database;
use Friendica\DI;
use Friendica\Security\PermissionSet\Depository\PermissionSet;
use Friendica\Test\MockedTest;
use Friendica\Test\Util\Database\StaticDatabase;
class PermissionSetTest extends MockedTest
{
/** @var PermissionSet */
private $depository;
public function setUp(): void
{
$dice = (new Dice())
->addRules(include __DIR__ . '/../../../../../static/dependencies.config.php')
->addRule(Database::class, ['instanceOf' => StaticDatabase::class, 'shared' => true]);
DI::init($dice);
$this->depository = DI::permissionSet();
}
public function testSelectOneByIdPublicMissingUid()
{
$this->expectException(\InvalidArgumentException::class);
$this->depository->selectOneById(PermissionSet::PUBLIC);
}
public function testSelectOneByIdPublic()
{
$permissionSet = $this->depository->selectOneById(PermissionSet::PUBLIC, 1);
$this->assertInstanceOf(\Friendica\Security\PermissionSet\Entity\PermissionSet::class, $permissionSet);
}
}