From 1a02613125a86ab54899a7ff46388a6c77c46869 Mon Sep 17 00:00:00 2001
From: Lester Caine <lester@lsces.co.uk>
Date: Fri, 19 Jun 2026 11:01:24 +0100
Subject: Fix protector_content_verify_access ignoring user roles when called
 via service

When invoked through invokeServices('content_verify_access'), $pHash is null,
so in_array always fails and protected content blocks everyone. Derive roles
from $gBitUser when $pHash is not supplied, matching protector_content_load.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 includes/classes/LibertyProtector.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/includes/classes/LibertyProtector.php b/includes/classes/LibertyProtector.php
index eb37666..6b10dcb 100755
--- a/includes/classes/LibertyProtector.php
+++ b/includes/classes/LibertyProtector.php
@@ -181,6 +181,12 @@ function protector_content_display( &$pContent, &$pParamHash ) {
 function protector_content_verify_access( $pContent, $pHash ) {
 	global $gBitUser, $gBitSystem;
 
+	// Called via invokeServices with no argument; derive roles from current user
+	if( $pHash === null ) {
+		$userId = $gBitUser->mUserId ?? -1;
+		$pHash = \array_keys( $gBitUser->getRoles( $userId, true ) ) ?: [-1];
+	}
+
 	$error = null;
 	if ( $pContent && $pContent->isValid() ) {
 		if( !$pContent->verifyId( $pContent->mContentId ) ) {
-- 
cgit v1.3