From: Alexander Ebert Date: Mon, 20 Mar 2017 17:29:01 +0000 (+0100) Subject: Enforce visibility on article page and in listings X-Git-Tag: 3.1.0_Alpha_1~552 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=99bdf4060624fc3a482ae4518363e69e41c6b26f;p=GitHub%2FWoltLab%2FWCF.git Enforce visibility on article page and in listings See #2209 --- diff --git a/wcfsetup/install/files/lib/data/article/AccessibleArticleList.class.php b/wcfsetup/install/files/lib/data/article/AccessibleArticleList.class.php index 7043ee2448..b5664211d5 100644 --- a/wcfsetup/install/files/lib/data/article/AccessibleArticleList.class.php +++ b/wcfsetup/install/files/lib/data/article/AccessibleArticleList.class.php @@ -1,6 +1,7 @@ getConditionBuilder()->add('article.categoryID IN (?)', [$accessibleCategoryIDs]); $this->getConditionBuilder()->add('article.publicationStatus = ?', [Article::PUBLISHED]); + + if (!WCF::getSession()->getPermission('admin.content.article.canManageArticle')) { + $this->getConditionBuilder()->add('article.isDeleted = ?', [0]); + } } } } diff --git a/wcfsetup/install/files/lib/data/article/Article.class.php b/wcfsetup/install/files/lib/data/article/Article.class.php index 2bed2cbbe1..a8f6203ab3 100644 --- a/wcfsetup/install/files/lib/data/article/Article.class.php +++ b/wcfsetup/install/files/lib/data/article/Article.class.php @@ -82,6 +82,10 @@ class Article extends DatabaseObject implements ILinkableObject { * @return boolean */ public function canRead() { + if ($this->isDeleted && !WCF::getSession()->getPermission('admin.content.article.canManageArticle')) { + return false; + } + if ($this->publicationStatus != self::PUBLISHED) { if (!WCF::getSession()->getPermission('admin.content.article.canManageArticle') && (!WCF::getSession()->getPermission('admin.content.article.canContributeArticle') || $this->userID != WCF::getUser()->userID)) { return false;