Move top-level permission check outside of Model\Item::getTopLevelParentData

- It wasn't checked when the direct parent was also the top-level parent

diff --git a/src/Model/Item.php b/src/Model/Item.php
index 508cb691c854ff8bc1b130c44f67f5e6f96c94fb..fc4d81e4328a4558da87e1933bea6718d13df2fa 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1514,13 +1514,6 @@ class Item
                        return [];
                }
 
-               // If the thread originated from this node, we check the permission against the thread starter
-               $condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
-               $localTopLevelParent = self::selectFirst(['uid'], $condition);
-               if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
-                       return [];
-               }
-
                return $toplevel_parent;
        }
 
@@ -1689,6 +1682,13 @@ class Item
                                return 0;
                        }
 
+                       // If the thread originated from this node, we check the permission against the thread starter
+                       $condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
+                       $localTopLevelParent = self::selectFirst(['uid'], $condition);
+                       if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
+                               return 0;
+                       }
+
                        $parent_id          = $toplevel_parent['id'];
                        $item['parent-uri'] = $toplevel_parent['uri'];
                        $item['deleted']    = $toplevel_parent['deleted'];