Fix visibility of the creating form for administrator

humhub · Sep 13, 2024 · 190bcf2 · 190bcf2
1 parent afcd74c
commit 190bcf2
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 15 deletions.
diff --git a/controllers/PollController.php b/controllers/PollController.php
@@ -2,18 +2,17 @@
 
 namespace humhub\modules\polls\controllers;
 
-use humhub\modules\polls\permissions\CreatePoll;
+use humhub\modules\content\components\ContentContainerController;
+use humhub\modules\polls\models\Poll;
+use humhub\modules\polls\models\PollAnswer;
 use humhub\modules\polls\widgets\WallCreateForm;
 use humhub\modules\stream\actions\Stream;
+use humhub\modules\user\models\User;
+use humhub\modules\user\widgets\UserListBox;
 use Yii;
 use yii\web\ForbiddenHttpException;
 use yii\web\HttpException;
 use yii\helpers\Html;
-use humhub\modules\user\models\User;
-use humhub\modules\user\widgets\UserListBox;
-use humhub\modules\content\components\ContentContainerController;
-use humhub\modules\polls\models\Poll;
-use humhub\modules\polls\models\PollAnswer;
 
 /**
  * PollController handles all poll related actions.
@@ -43,11 +42,12 @@ public function actionCreateForm()
      */
     public function actionCreate()
     {
-        if (!$this->contentContainer->permissionManager->can(new CreatePoll())) {
+        $poll = new Poll($this->contentContainer, ['scenario' => Poll::SCENARIO_CREATE]);
+
+        if (!$poll->content->canEdit()) {
             throw new HttpException(400, 'Access denied!');
         }
 
-        $poll = new Poll(['scenario' => Poll::SCENARIO_CREATE]);
         $poll->load(Yii::$app->request->post());
         return WallCreateForm::create($poll, $this->contentContainer);
     }

diff --git a/controllers/rest/PollsController.php b/controllers/rest/PollsController.php
@@ -13,7 +13,6 @@
 use humhub\modules\polls\helpers\RestDefinitions;
 use humhub\modules\polls\models\Poll;
 use humhub\modules\polls\models\PollAnswerUser;
-use humhub\modules\polls\permissions\CreatePoll;
 use humhub\modules\rest\components\BaseContentController;
 use Yii;
 
@@ -57,13 +56,13 @@ public function actionCreate($containerId)
         /* @var ContentContainerActiveRecord $container */
         $container = $containerRecord->getPolymorphicRelation();
 
-        if (! in_array(get_class($container), Yii::$app->getModule('polls')->getContentContainerTypes()) ||
-            ! $container->permissionManager->can([CreatePoll::class])) {
+        $poll = new Poll($container, ['scenario' => Poll::SCENARIO_CREATE]);
+
+        if (!in_array(get_class($container), Yii::$app->getModule('polls')->getContentContainerTypes()) ||
+            !$poll->content->canEdit()) {
             return $this->returnError(403, 'You are not allowed to create a poll!');
         }
 
-        $poll = new Poll($container, ['scenario' => Poll::SCENARIO_CREATE]);
-
         if ($this->savePoll($poll)) {
             return $this->returnContentDefinition(Poll::findOne(['id' => $poll->id]));
         }

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -4,6 +4,7 @@ Changelog
 1.3.6 (Unreleased)
 ----------------------
 - Enh #137: Use PHP CS Fixer
+- Fix #141: Fix visibility of the creating form for administrator
 
 1.3.5 (June 18, 2024)
 ----------------------

diff --git a/widgets/WallCreateForm.php b/widgets/WallCreateForm.php
@@ -4,7 +4,6 @@
 
 use humhub\modules\content\widgets\WallCreateContentForm;
 use humhub\modules\polls\models\Poll;
-use humhub\modules\polls\permissions\CreatePoll;
 use humhub\modules\space\models\Space;
 use humhub\modules\ui\form\widgets\ActiveForm;
 
@@ -41,7 +40,7 @@ public function renderActiveForm(ActiveForm $form): string
     public function run()
     {
         if ($this->contentContainer instanceof Space) {
-            if (!$this->contentContainer->permissionManager->can(new CreatePoll())) {
+            if (!(new Poll($this->contentContainer))->content->canEdit()) {
                 return '';
             }
         }