diff --git a/extensions/tags/src/Access/DiscussionPolicy.php b/extensions/tags/src/Access/DiscussionPolicy.php index 742632cae0..995e6f58bc 100755 --- a/extensions/tags/src/Access/DiscussionPolicy.php +++ b/extensions/tags/src/Access/DiscussionPolicy.php @@ -35,6 +35,29 @@ public function can(User $actor, string $ability, Discussion $discussion): ?stri foreach ($tags as $tag) { if ($tag->is_restricted) { if (! $actor->hasPermission('tag'.$tag->id.'.discussion.'.$ability)) { + // This is where the original problem happens, since the renaming + // ability is not tag related. If there are any other permissions + // alike, their original check method should also be added here. + if ($ability == 'rename') { + if ($discussion->user_id == $actor->id && $actor->can('reply', $discussion)) { + $allowRenaming = $this->settings->get('allow_renaming'); + + if ($allowRenaming === '-1' + || ($allowRenaming === 'reply' && $discussion->participant_count <= 1) + || (is_numeric($allowRenaming) && $discussion->created_at->diffInMinutes(null, true) < $allowRenaming)) { + return $this->allow(); + } + } + } elseif ($ability === 'hide') { + if ($discussion->user_id == $actor->id + && $discussion->participant_count <= 1 + && (! $discussion->hidden_at || $discussion->hidden_user_id == $actor->id) + && $actor->can('reply', $discussion) + ) { + return $this->allow(); + } + } + return $this->deny(); }