Content Permissions API: Fixed param combination bug

Fixes issue where providing owner_id alongside certain fallback_permissions would cause the owner change not to take affect, due to bad variable shadowing. For #4323
2023-06-20 14:13:26 +01:00 · 2023-06-20 14:13:26 +01:00 · 41c3ed154b
parent f5396ecaf0
commit 41c3ed154b
2 changed files with 35 additions and 3 deletions
--- a/app/Entities/Tools/PermissionsUpdater.php
+++ b/app/Entities/Tools/PermissionsUpdater.php
@ -55,9 +55,9 @@ class PermissionsUpdater
        }

        if (isset($data['fallback_permissions']['inheriting']) && $data['fallback_permissions']['inheriting'] !== true) {
-            $data = $data['fallback_permissions'];
-            $data['role_id'] = 0;
-            $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$data], true);
+            $fallbackData = $data['fallback_permissions'];
+            $fallbackData['role_id'] = 0;
+            $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$fallbackData], true);
            $entity->permissions()->createMany($rolePermissionData);
        }

--- a/tests/Api/ContentPermissionsApiTest.php
+++ b/tests/Api/ContentPermissionsApiTest.php
@ -259,4 +259,36 @@ class ContentPermissionsApiTest extends TestCase
            ],
        ]);
    }
+
+    public function test_update_can_both_provide_owner_and_fallback_permissions()
+    {
+        $user = $this->users->viewer();
+        $page = $this->entities->page();
+        $page->owned_by = null;
+        $page->save();
+
+        $this->actingAsApiAdmin();
+        $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+            "owner_id" => $user->id,
+            'fallback_permissions' => [
+                'inheriting' => false,
+                'view' => false,
+                'create' => false,
+                'update' => false,
+                'delete' => false,
+            ],
+        ]);
+
+        $resp->assertOk();
+        $this->assertDatabaseHas('pages', ['id' => $page->id, 'owned_by' => $user->id]);
+        $this->assertDatabaseHas('entity_permissions', [
+            'entity_id' => $page->id,
+            'entity_type' => 'page',
+            'role_id' => 0,
+            'view' => false,
+            'create' => false,
+            'update' => false,
+            'delete' => false,
+        ]);
+    }
 }