Retrieve local top level parent item separately to check permissions in Model\Item...

diff --git a/src/Model/Item.php b/src/Model/Item.php
index 4645f553adee998ea3264a26c387001b5ddc9e9e..508cb691c854ff8bc1b130c44f67f5e6f96c94fb 100644 (file)
--- a/src/Model/Item.php
+++ b/src/Model/Item.php
@@ -1507,19 +1507,17 @@ class Item
                $condition = ['uri' => $parent['parent-uri'],
                        'parent-uri' => $parent['parent-uri'],
                        'uid' => $parent['uid']];
-               // We select wall = 1 in priority for top level permission checks
-               $params = ['order' => ['wall' => true]];
+               $params = ['order' => ['id' => false]];
                $toplevel_parent = self::selectFirst($fields, $condition, $params);
-
                if (!DBA::isResult($toplevel_parent)) {
                        Logger::notice('item top level parent was not found - ignoring item', ['parent-uri' => $parent['parent-uri'], 'uid' => $parent['uid']]);
                        return [];
                }
 
-               if ($toplevel_parent['wall']
-                       && $toplevel_parent['uid']
-                       && !self::isAllowedByUser($item, $toplevel_parent['uid'])
-               ) {
+               // If the thread originated from this node, we check the permission against the thread starter
+               $condition = ['uri' => $toplevel_parent['uri'], 'wall' => true];
+               $localTopLevelParent = self::selectFirst(['uid'], $condition);
+               if (!empty($localTopLevelParent['uid']) && !self::isAllowedByUser($item, $localTopLevelParent['uid'])) {
                        return [];
                }