From b8ac601582d81a3d15735d4bdd59fcb8d1018966 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 31 Aug 2020 15:01:46 +0000
Subject: [PATCH] Avoid a notice - restructured validation check

---
 src/Module/Objects.php | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/src/Module/Objects.php b/src/Module/Objects.php
index e032654869..4262e4e005 100644
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@@ -50,26 +50,29 @@ class Objects extends BaseModule
 		$item = Item::selectFirst(['id', 'uid', 'origin', 'author-link', 'changed', 'private', 'psid'],
 			['guid' => $parameters['guid']], ['order' => ['origin' => true]]);
 
-		$validated = false;
-		$requester = HTTPSignature::getSigner('', $_SERVER);
-		if (!empty($requester) && $item['origin']) {
-			$requester_id = Contact::getIdForURL($requester, $item['uid']);
-			if (!empty($requester_id)) {
-				$permissionSets = DI::permissionSet()->selectByContactId($requester_id, $item['uid']);
-				if (!empty($permissionSets)) {
-					$psid = array_merge($permissionSets->column('id'),
-						[DI::permissionSet()->getIdFromACL($item['uid'], '', '', '', '')]);
-					$validated = in_array($item['psid'], $psid);
-				}
-			}
+		if (!DBA::isResult($item)) {
+			throw new HTTPException\NotFoundException();
 		}
 
-		if (!$validated && !in_array($item['private'], [Item::PUBLIC, Item::UNLISTED])) {
-			unset($item);
+		$validated = in_array($item['private'], [Item::PUBLIC, Item::UNLISTED]);
+
+		if (!$validated) {
+			$requester = HTTPSignature::getSigner('', $_SERVER);
+			if (!empty($requester) && $item['origin']) {
+				$requester_id = Contact::getIdForURL($requester, $item['uid']);
+				if (!empty($requester_id)) {
+					$permissionSets = DI::permissionSet()->selectByContactId($requester_id, $item['uid']);
+					if (!empty($permissionSets)) {
+						$psid = array_merge($permissionSets->column('id'),
+							[DI::permissionSet()->getIdFromACL($item['uid'], '', '', '', '')]);
+						$validated = in_array($item['psid'], $psid);
+					}
+				}
+			}
 		}
 
 		// Valid items are original post or posted from this node (including in the case of a forum)
-		if (!DBA::isResult($item) || !$item['origin'] && (parse_url($item['author-link'], PHP_URL_HOST) != parse_url(DI::baseUrl()->get(), PHP_URL_HOST))) {
+		if (!$validated || !$item['origin'] && (parse_url($item['author-link'], PHP_URL_HOST) != parse_url(DI::baseUrl()->get(), PHP_URL_HOST))) {
 			throw new HTTPException\NotFoundException();
 		}
 
-- 
2.39.5