Correctly add new resources to the user/group permissions (see #8583).

contao · Jan 16, 2017 · 1eb8aa3 · 1eb8aa3
1 parent 7a2960d
commit 1eb8aa3
Showing 1 changed file with 20 additions and 17 deletions.
diff --git a/src/Resources/contao/dca/tl_newsletter_channel.php b/src/Resources/contao/dca/tl_newsletter_channel.php
@@ -264,45 +264,48 @@ public function checkPermission()
 
 					if (is_array($arrNew['tl_newsletter_channel']) && in_array(Input::get('id'), $arrNew['tl_newsletter_channel']))
 					{
-						// Add permissions on user level
-						if ($this->User->inherit == 'custom' || !$this->User->groups[0])
+						$blnDone = false;
+
+						// Try to add the permissions on group level
+						if ($this->User->inherit != 'custom' && !empty($this->User->groups[0]))
 						{
-							$objUser = $this->Database->prepare("SELECT newsletters, newsletterp FROM tl_user WHERE id=?")
+							$objGroup = $this->Database->prepare("SELECT newsletters, newsletterp FROM tl_user_group WHERE id=?")
 													   ->limit(1)
-													   ->execute($this->User->id);
+													   ->execute($this->User->groups[0]);
 
-							$arrNewsletterp = deserialize($objUser->newsletterp);
+							$arrNewsletterp = deserialize($objGroup->newsletterp);
 
 							if (is_array($arrNewsletterp) && in_array('create', $arrNewsletterp))
 							{
-								$arrNewsletters = deserialize($objUser->newsletters);
+								$blnDone = true;
+								$arrNewsletters = deserialize($objGroup->newsletters, true);
 								$arrNewsletters[] = Input::get('id');
 
-								$this->Database->prepare("UPDATE tl_user SET newsletters=? WHERE id=?")
-											   ->execute(serialize($arrNewsletters), $this->User->id);
+								$this->Database->prepare("UPDATE tl_user_group SET newsletters=? WHERE id=?")
+											   ->execute(serialize($arrNewsletters), $this->User->groups[0]);
 							}
 						}
 
-						// Add permissions on group level
-						elseif ($this->User->groups[0] > 0)
+						// Add permissions on user level
+						if (!$blnDone)
 						{
-							$objGroup = $this->Database->prepare("SELECT newsletters, newsletterp FROM tl_user_group WHERE id=?")
+							$objUser = $this->Database->prepare("SELECT newsletters, newsletterp FROM tl_user WHERE id=?")
 													   ->limit(1)
-													   ->execute($this->User->groups[0]);
+													   ->execute($this->User->id);
 
-							$arrNewsletterp = deserialize($objGroup->newsletterp);
+							$arrNewsletterp = deserialize($objUser->newsletterp);
 
 							if (is_array($arrNewsletterp) && in_array('create', $arrNewsletterp))
 							{
-								$arrNewsletters = deserialize($objGroup->newsletters);
+								$arrNewsletters = deserialize($objUser->newsletters, true);
 								$arrNewsletters[] = Input::get('id');
 
-								$this->Database->prepare("UPDATE tl_user_group SET newsletters=? WHERE id=?")
-											   ->execute(serialize($arrNewsletters), $this->User->groups[0]);
+								$this->Database->prepare("UPDATE tl_user SET newsletters=? WHERE id=?")
+											   ->execute(serialize($arrNewsletters), $this->User->id);
 							}
 						}
 
-						// Add new element to the user object
+						// Add the new element to the user object
 						$root[] = Input::get('id');
 						$this->User->newsletter = $root;
 					}