Fixed permission check

diff --git a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php
index 1b4673994d32cf7c9cd0b9e77f23e1bed4d34a84..986c9fab4fae7f673a7035a522a88650adbad439 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php
+++ b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php
@@ -22,43 +22,44 @@ class ProfileCommentResponseUserActivityEvent extends SingletonFactory implement
         * @see \wcf\system\user\activity\event\IUserActivityEvent::prepare()
         */
        public function prepare(array $events) {
+               if (!WCF::getSession()->getPermission('user.profile.canViewUserProfile')) {
+                       return;
+               }
+               
                $responses = $responseIDs = array();
+               foreach ($events as $event) {
+                       $responseIDs[] = $event->objectID;
+               }
                
-               if (WCF::getSession()->getPermission('user.profile.canViewUserProfile')) {
-                       foreach ($events as $event) {
-                               $responseIDs[] = $event->objectID;
-                       }
-                       
-                       // fetch responses
-                       $responseList = new CommentResponseList();
-                       $responseList->getConditionBuilder()->add("comment_response.responseID IN (?)", array($responseIDs));
-                       $responseList->readObjects();
-                       $responses = $responseList->getObjects();
-                       
-                       // fetch comments
-                       $commentIDs = $comments = array();
-                       foreach ($responses as $response) {
-                               $commentIDs[] = $response->commentID;
-                       }
-                       if (!empty($commentIDs)) {
-                               $commentList = new CommentList();
-                               $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($commentIDs));
-                               $commentList->readObjects();
-                               $comments = $commentList->getObjects();
-                       }
-                       
-                       // fetch users
-                       $userIDs = $users = array();
-                       foreach ($comments as $comment) {
-                               $userIDs[] = $comment->objectID;
-                               $userIDs[] = $comment->userID;
-                       }
-                       if (!empty($userIDs)) {
-                               $userList = new UserProfileList();
-                               $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs));
-                               $userList->readObjects();
-                               $users = $userList->getObjects();
-                       }
+               // fetch responses
+               $responseList = new CommentResponseList();
+               $responseList->getConditionBuilder()->add("comment_response.responseID IN (?)", array($responseIDs));
+               $responseList->readObjects();
+               $responses = $responseList->getObjects();
+               
+               // fetch comments
+               $commentIDs = $comments = array();
+               foreach ($responses as $response) {
+                       $commentIDs[] = $response->commentID;
+               }
+               if (!empty($commentIDs)) {
+                       $commentList = new CommentList();
+                       $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($commentIDs));
+                       $commentList->readObjects();
+                       $comments = $commentList->getObjects();
+               }
+               
+               // fetch users
+               $userIDs = $users = array();
+               foreach ($comments as $comment) {
+                       $userIDs[] = $comment->objectID;
+                       $userIDs[] = $comment->userID;
+               }
+               if (!empty($userIDs)) {
+                       $userList = new UserProfileList();
+                       $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs));
+                       $userList->readObjects();
+                       $users = $userList->getObjects();
                }
                
                // set message
@@ -66,18 +67,20 @@ class ProfileCommentResponseUserActivityEvent extends SingletonFactory implement
                        if (isset($responses[$event->objectID])) {
                                $response = $responses[$event->objectID];
                                $comment = $comments[$response->commentID];
-                               if (isset($users[$comment->objectID]) && isset($users[$comment->userID]) && !$users[$comment->objectID]->isProtected()) {
-                                       $event->setIsAccessible();
-                                       
-                                       // title
-                                       $text = WCF::getLanguage()->getDynamicVariable('wcf.user.profile.recentActivity.profileCommentResponse', array(
-                                               'commentAuthor' => $users[$comment->userID],
-                                               'user' => $users[$comment->objectID]
-                                       ));
-                                       $event->setTitle($text);
-                                       
-                                       // description
-                                       $event->setDescription($response->getExcerpt());
+                               if (isset($users[$comment->objectID]) && isset($users[$comment->userID])) {
+                                       if (!$users[$comment->objectID]->isProtected()) {
+                                               $event->setIsAccessible();
+                                               
+                                               // title
+                                               $text = WCF::getLanguage()->getDynamicVariable('wcf.user.profile.recentActivity.profileCommentResponse', array(
+                                                       'commentAuthor' => $users[$comment->userID],
+                                                       'user' => $users[$comment->objectID]
+                                               ));
+                                               $event->setTitle($text);
+                                               
+                                               // description
+                                               $event->setDescription($response->getExcerpt());
+                                       }
                                        continue;
                                }
                        }

diff --git a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php
index 01be02859a5118232855d56e73d7512343091730..b4a1ed8d4125ef82299a5855d4ec560ecd3c7b2c 100644 (file)
--- a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php
+++ b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php
@@ -21,30 +21,31 @@ class ProfileCommentUserActivityEvent extends SingletonFactory implements IUserA
         * @see \wcf\system\user\activity\event\IUserActivityEvent::prepare()
         */
        public function prepare(array $events) {
+               if (!WCF::getSession()->getPermission('user.profile.canViewUserProfile')) {
+                       return;
+               }
+               
                $comments = $commentIDs = array();
+               foreach ($events as $event) {
+                       $commentIDs[] = $event->objectID;
+               }
                
-               if (WCF::getSession()->getPermission('user.profile.canViewUserProfile')) {
-                       foreach ($events as $event) {
-                               $commentIDs[] = $event->objectID;
-                       }
-                       
-                       // fetch comments
-                       $commentList = new CommentList();
-                       $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($commentIDs));
-                       $commentList->readObjects();
-                       $comments = $commentList->getObjects();
-                       
-                       // fetch users
-                       $userIDs = $users = array();
-                       foreach ($comments as $comment) {
-                               $userIDs[] = $comment->objectID;
-                       }
-                       if (!empty($userIDs)) {
-                               $userList = new UserProfileList();
-                               $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs));
-                               $userList->readObjects();
-                               $users = $userList->getObjects();
-                       }
+               // fetch comments
+               $commentList = new CommentList();
+               $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($commentIDs));
+               $commentList->readObjects();
+               $comments = $commentList->getObjects();
+               
+               // fetch users
+               $userIDs = $users = array();
+               foreach ($comments as $comment) {
+                       $userIDs[] = $comment->objectID;
+               }
+               if (!empty($userIDs)) {
+                       $userList = new UserProfileList();
+                       $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs));
+                       $userList->readObjects();
+                       $users = $userList->getObjects();
                }
                
                // set message
@@ -52,15 +53,17 @@ class ProfileCommentUserActivityEvent extends SingletonFactory implements IUserA
                        if (isset($comments[$event->objectID])) {
                                // short output
                                $comment = $comments[$event->objectID];
-                               if (isset($users[$comment->objectID]) && !$users[$comment->objectID]->isProtected()) {
-                                       $event->setIsAccessible();
-                                       
-                                       $user = $users[$comment->objectID];
-                                       $text = WCF::getLanguage()->getDynamicVariable('wcf.user.profile.recentActivity.profileComment', array('user' => $user));
-                                       $event->setTitle($text);
-                                       
-                                       // output
-                                       $event->setDescription($comment->getExcerpt());
+                               if (isset($users[$comment->objectID])) {
+                                       if (!$users[$comment->objectID]->isProtected()) {
+                                               $event->setIsAccessible();
+                                               
+                                               $user = $users[$comment->objectID];
+                                               $text = WCF::getLanguage()->getDynamicVariable('wcf.user.profile.recentActivity.profileComment', array('user' => $user));
+                                               $event->setTitle($text);
+                                               
+                                               // output
+                                               $event->setDescription($comment->getExcerpt());
+                                       }
                                        continue;
                                }
                        }