What's new
Xen Factory

Register today to become a member! Once signed in, you'll be able to start purchasing our products, ask questions, request support and suggest new ideas!

  • We are aware that a no permission error was shown when you tried to purchase in the last 2 days, this is now fixed.

Bug Resolved /XF/Entity/Thread.php bug for "service" type

john917

New Member
To reproduce bug:
1) Create service type resource.
2) Thread access only for those who purchase.
3) User buy this resource
4) User now gets access to thread, BUT EVERYONE ELSE (even unpaid users) also gets access to thread now.


Code:
<?php
/*************************************************************************
 * XenForo RM Marketplace - Xen Factory (c) 2015-2018
 * All Rights Reserved.
 * Created by Clement Letonnelier aka. MtoR
 *************************************************************************
 * This file is subject to the terms and conditions defined in the Licence
 * Agreement available at http://xen-factory.com/pages/license-agreement/.
 *************************************************************************/
namespace XFA\RMMarketplace\XF\Entity;
use XF\Mvc\Entity\Entity;
use XF\Mvc\Entity\Structure;
class Thread extends XFCP_Thread
{
    var $threadResource = null;
    public function canView(&$error = null)
    {
        $canView = parent::canView($error);
        // Already can't view
        if (!$canView)
        {
            return false;
        }
        // Not a resource thread return
        if ($this->discussion_type != 'resource')
        {
            return $canView;
        }
        // Resource owner or free resource or support thread not restricted
        if ($this->xfa_rmmp_user_id == \XF::visitor()->user_id
            || $this->xfa_rmmp_type == 'none'
            || !$this->xfa_rmmp_restrict_support)
        {
            return true;
        }
        // At this stage we really need to get the resource
        $resource = \XF::repository('XFRM:ResourceItem')->findResourceForThread($this)->with(['Category','ValidPurchase'])->fetchOne();
        // Not linked to a resource anymore
        if (!$resource)
        {
            return true;
        }
        // Has purchased product or own license
        if ($resource->xfa_rmmp_type == 'digital')
        {
            if ($resource->DigitalProduct
                && $resource->DigitalProduct->hasValidLicense())
            {
                return true;
            }
        }
        else
        {
            if ($resource->ValidPurchase)
            {
                return true;
            }
        }
        return false;
    }
    
    public function getResource()
    {
        if (!$this->threadResource)
        {
            $with = ['Category', 'ValidPurchase', 'DigitalProduct', 'PhysicalProduct'];
            $this->threadResource = \XF::repository('XFRM:ResourceItem')->findResourceForThread($this)->with($with)->fetchOne();
        }
        return $this->threadResource;
    }
    public static function getStructure(Structure $structure)
    {
        $structure = parent::getStructure($structure);
        $columns = [
            'xfa_rmmp_user_id'          => ['type' => Entity::UINT,  'default' => 0],
            'xfa_rmmp_type'             => ['type' => Entity::STR,   'default' => 'none'],
            'xfa_rmmp_restrict_support' => ['type' => Entity::UINT,  'default' => 0]
        ];
        $structure->columns += $columns;
        return $structure;
    }
}
 

john917

New Member
@clemcan can u take a look at this today? It's the only thing holding me back. I'm pretty sure it's a small conditional logic error on the php backend.
 

Clement

Freaky Coder
Staff member
I checked the code and you are right, ValidPurchase misses a user_id check.

Clément
 
Top