Add `$user` parameter to `canRead()` for articles

author joshuaruesweg <ruesweg@woltlab.com>

Mon, 13 Sep 2021 08:35:40 +0000 (10:35 +0200)

committer joshuaruesweg <ruesweg@woltlab.com>

Mon, 13 Sep 2021 08:35:40 +0000 (10:35 +0200)
author joshuaruesweg <ruesweg@woltlab.com>
Mon, 13 Sep 2021 08:35:40 +0000 (10:35 +0200)
committer joshuaruesweg <ruesweg@woltlab.com>
Mon, 13 Sep 2021 08:35:40 +0000 (10:35 +0200)
diff --git a/wcfsetup/install/files/lib/data/article/Article.class.php b/wcfsetup/install/files/lib/data/article/Article.class.php

index d956daec942da6eeedf989fb5a6ebaae7c342f42..5d9d0b149f50add78e0fe2e8877f1818ad462cb2 100644 (file)
--- a/wcfsetup/install/files/lib/data/article/Article.class.php
+++ b/wcfsetup/install/files/lib/data/article/Article.class.php
@@ -8,6 +8,8 @@ use wcf\data\DatabaseObject;
  use wcf\data\ILinkableObject;
  use wcf\data\IUserContent;
  use wcf\data\object\type\ObjectTypeCache;
+use wcf\data\user\User;
+use wcf\data\user\UserProfile;
  use wcf\system\article\discussion\CommentArticleDiscussionProvider;
  use wcf\system\article\discussion\IArticleDiscussionProvider;
  use wcf\system\article\discussion\VoidArticleDiscussionProvider;
@@ -97,27 +99,35 @@ class Article extends DatabaseObject implements ILinkableObject, IUserContent
      }
  
      /**
-     * Returns true if the active user has access to this article.
+     * Returns true if the given user has access to this article. If the given $user is null,
+     * the function uses the current user.
       *
+     * <strong>Attention:</strong> The `$user` parameter was introduced with version 5.5.
+     *
+     * @param UserProfile|null $user
       * @return  bool
       */
-    public function canRead()
+    public function canRead(?UserProfile $user = null)
      {
-        if ($this->isDeleted && !WCF::getSession()->getPermission('admin.content.article.canManageArticle')) {
+        if ($user === null) {
+            $user = new UserProfile(WCF::getUser());
+        }
+
+        if ($this->isDeleted && !$user->getPermission('admin.content.article.canManageArticle')) {
              return false;
          }
  
          if ($this->publicationStatus != self::PUBLISHED) {
-            if (!WCF::getSession()->getPermission('admin.content.article.canManageArticle') && (!WCF::getSession()->getPermission('admin.content.article.canContributeArticle') || $this->userID != WCF::getUser()->userID)) {
+            if (!$user->getPermission('admin.content.article.canManageArticle') && (!$user->getPermission('admin.content.article.canContributeArticle') || $this->userID != $user->userID)) {
                  return false;
              }
          }
  
          if ($this->getCategory()) {
-            return $this->getCategory()->isAccessible();
+            return $this->getCategory()->isAccessible($user->getDecoratedObject());
          }
  
-        return WCF::getSession()->getPermission('user.article.canRead');
+        return $user->getPermission('user.article.canRead');
      }
  
      /**
author	joshuaruesweg <ruesweg@woltlab.com>
	Mon, 13 Sep 2021 08:35:40 +0000 (10:35 +0200)
committer	joshuaruesweg <ruesweg@woltlab.com>
	Mon, 13 Sep 2021 08:35:40 +0000 (10:35 +0200)