diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-06-19 11:01:24 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-06-19 11:01:24 +0100 |
| commit | 1a02613125a86ab54899a7ff46388a6c77c46869 (patch) | |
| tree | 340ee02691477eb0266810eb16c95c31a80a1f64 /includes | |
| parent | b326a848e0e82194ad2fbc6c205634a69a50f583 (diff) | |
| download | protector-1a02613125a86ab54899a7ff46388a6c77c46869.tar.gz protector-1a02613125a86ab54899a7ff46388a6c77c46869.tar.bz2 protector-1a02613125a86ab54899a7ff46388a6c77c46869.zip | |
When invoked through invokeServices('content_verify_access'), $pHash is null,
so in_array always fails and protected content blocks everyone. Derive roles
from $gBitUser when $pHash is not supplied, matching protector_content_load.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'includes')
| -rwxr-xr-x | includes/classes/LibertyProtector.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/includes/classes/LibertyProtector.php b/includes/classes/LibertyProtector.php index eb37666..6b10dcb 100755 --- a/includes/classes/LibertyProtector.php +++ b/includes/classes/LibertyProtector.php @@ -181,6 +181,12 @@ function protector_content_display( &$pContent, &$pParamHash ) { function protector_content_verify_access( $pContent, $pHash ) { global $gBitUser, $gBitSystem; + // Called via invokeServices with no argument; derive roles from current user + if( $pHash === null ) { + $userId = $gBitUser->mUserId ?? -1; + $pHash = \array_keys( $gBitUser->getRoles( $userId, true ) ) ?: [-1]; + } + $error = null; if ( $pContent && $pContent->isValid() ) { if( !$pContent->verifyId( $pContent->mContentId ) ) { |