Content Permissions API: Fixed param combination bug

ssddanbrown · ssddanbrown · commit 41c3ed154b79 · 2023-06-20T14:13:26.000+01:00
Fixes issue where providing owner_id alongside certain fallback_permissions would cause the owner change not to take affect, due to bad variable shadowing. For #4323
diff --git a/app/Entities/Tools/PermissionsUpdater.php b/app/Entities/Tools/PermissionsUpdater.php
@@ -55,9 +55,9 @@ public function updateFromApiRequestData(Entity $entity, array $data): void
         }
 
         if (isset($data['fallback_permissions']['inheriting']) && $data['fallback_permissions']['inheriting'] !== true) {
-            $data = $data['fallback_permissions'];
-            $data['role_id'] = 0;
-            $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$data], true);
+            $fallbackData = $data['fallback_permissions'];
+            $fallbackData['role_id'] = 0;
+            $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$fallbackData], true);
             $entity->permissions()->createMany($rolePermissionData);
         }
 
diff --git a/tests/Api/ContentPermissionsApiTest.php b/tests/Api/ContentPermissionsApiTest.php
@@ -259,4 +259,36 @@ public function test_update_can_clear_fallback_permissions()
             ],
         ]);
     }
+
+    public function test_update_can_both_provide_owner_and_fallback_permissions()
+    {
+        $user = $this->users->viewer();
+        $page = $this->entities->page();
+        $page->owned_by = null;
+        $page->save();
+
+        $this->actingAsApiAdmin();
+        $resp = $this->putJson($this->baseEndpoint . "/page/{$page->id}", [
+            "owner_id" => $user->id,
+            'fallback_permissions' => [
+                'inheriting' => false,
+                'view' => false,
+                'create' => false,
+                'update' => false,
+                'delete' => false,
+            ],
+        ]);
+
+        $resp->assertOk();
+        $this->assertDatabaseHas('pages', ['id' => $page->id, 'owned_by' => $user->id]);
+        $this->assertDatabaseHas('entity_permissions', [
+            'entity_id' => $page->id,
+            'entity_type' => 'page',
+            'role_id' => 0,
+            'view' => false,
+            'create' => false,
+            'update' => false,
+            'delete' => false,
+        ]);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -55,9 +55,9 @@ public function updateFromApiRequestData(Entity $entity, array $data): void`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`if (isset($data['fallback_permissions']['inheriting']) && $data['fallback_permissions']['inheriting'] !== true) {`
`58`		`- $data = $data['fallback_permissions'];`
`59`		`- $data['role_id'] = 0;`
`60`		`- $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$data], true);`
	`58`	`+ $fallbackData = $data['fallback_permissions'];`
	`59`	`+ $fallbackData['role_id'] = 0;`
	`60`	`+ $rolePermissionData = $this->formatPermissionsFromApiRequestToEntityPermissions([$fallbackData], true);`
`61`	`61`	`$entity->permissions()->createMany($rolePermissionData);`
`62`	`62`	`}`
`63`	`63`