From 652c3c8cd82607edd4f5f3a2a0c1a91a3bbf2d9e Mon Sep 17 00:00:00 2001 From: EdgeInfinity Date: Fri, 16 May 2025 18:40:31 +0800 Subject: [PATCH 1/4] Update DiscussionPolicy.php --- extensions/tags/src/Access/DiscussionPolicy.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 742632cae0..d17aab8721 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -35,6 +35,23 @@ public function can(User $actor, string $ability, Discussion $discussion): ?stri foreach ($tags as $tag) { if ($tag->is_restricted) { if (! $actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { + // This is where the original problem happens, since the renaming + // ability is not tag related. If there are any other permissions + // alike, their original check method should also be added here. + if ($ability == 'rename') { + if ($discussion->user_id == $actor->id && $actor->can('reply', $discussion)) { + $allowRenaming = $this->settings->get('allow_renaming'); + + if ($allowRenaming === '-1' + || ($allowRenaming === 'reply' && $discussion->participant_count <= 1) + || (is_numeric($allowRenaming) && $discussion->created_at->diffInMinutes(null, true) < $allowRenaming)) { + return $this->allow(); + } + } + + # return null; + } + return $this->deny(); } From d07efd1578a706a27b43fdbf39b75c627c236be3 Mon Sep 17 00:00:00 2001 From: EdgeInfinity Date: Fri, 16 May 2025 21:04:16 +0800 Subject: [PATCH 2/4] Update DiscussionPolicy.php --- extensions/tags/src/Access/DiscussionPolicy.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index d17aab8721..5d8bc2d7bb 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -48,8 +48,6 @@ public function can(User $actor, string $ability, Discussion $discussion): ?stri return $this->allow(); } } - - # return null; } return $this->deny(); From 9e843a2f593a2b592a6cbe1497aef3f01f452f73 Mon Sep 17 00:00:00 2001 From: EdgeInfinity Date: Mon, 26 May 2025 13:04:54 +0800 Subject: [PATCH 3/4] Update DiscussionPolicy.php --- extensions/tags/src/Access/DiscussionPolicy.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 5d8bc2d7bb..05ab866fc3 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -49,6 +49,15 @@ public function can(User $actor, string $ability, Discussion $discussion): ?stri } } } + else if ($ability === 'hide') { + if ($discussion->user_id == $actor->id + && $discussion->participant_count <= 1 + && (! $discussion->hidden_at || $discussion->hidden_user_id == $actor->id) + && $actor->can('reply', $discussion) + ) { + return $this->allow(); + } + } return $this->deny(); } From a602ff0dde6cce96b66e5f14a38169d9122f793b Mon Sep 17 00:00:00 2001 From: EdgeInfinity Date: Mon, 26 May 2025 13:09:26 +0800 Subject: [PATCH 4/4] review --- extensions/tags/src/Access/DiscussionPolicy.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 05ab866fc3..995e6f58bc 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -48,8 +48,7 @@ public function can(User $actor, string $ability, Discussion $discussion): ?stri return $this->allow(); } } - } - else if ($ability === 'hide') { + } elseif ($ability === 'hide') { if ($discussion->user_id == $actor->id && $discussion->participant_count <= 1 && (! $discussion->hidden_at || $discussion->hidden_user_id == $actor->id)