To reproduce bug:
1) Create service type resource.
2) Thread access only for those who purchase.
3) User buy this resource
4) User now gets access to thread, BUT EVERYONE ELSE (even unpaid users) also gets access to thread now.
1) Create service type resource.
2) Thread access only for those who purchase.
3) User buy this resource
4) User now gets access to thread, BUT EVERYONE ELSE (even unpaid users) also gets access to thread now.
Code:
<?php
/*************************************************************************
* XenForo RM Marketplace - Xen Factory (c) 2015-2018
* All Rights Reserved.
* Created by Clement Letonnelier aka. MtoR
*************************************************************************
* This file is subject to the terms and conditions defined in the Licence
* Agreement available at http://xen-factory.com/pages/license-agreement/.
*************************************************************************/
namespace XFA\RMMarketplace\XF\Entity;
use XF\Mvc\Entity\Entity;
use XF\Mvc\Entity\Structure;
class Thread extends XFCP_Thread
{
var $threadResource = null;
public function canView(&$error = null)
{
$canView = parent::canView($error);
// Already can't view
if (!$canView)
{
return false;
}
// Not a resource thread return
if ($this->discussion_type != 'resource')
{
return $canView;
}
// Resource owner or free resource or support thread not restricted
if ($this->xfa_rmmp_user_id == \XF::visitor()->user_id
|| $this->xfa_rmmp_type == 'none'
|| !$this->xfa_rmmp_restrict_support)
{
return true;
}
// At this stage we really need to get the resource
$resource = \XF::repository('XFRM:ResourceItem')->findResourceForThread($this)->with(['Category','ValidPurchase'])->fetchOne();
// Not linked to a resource anymore
if (!$resource)
{
return true;
}
// Has purchased product or own license
if ($resource->xfa_rmmp_type == 'digital')
{
if ($resource->DigitalProduct
&& $resource->DigitalProduct->hasValidLicense())
{
return true;
}
}
else
{
if ($resource->ValidPurchase)
{
return true;
}
}
return false;
}
public function getResource()
{
if (!$this->threadResource)
{
$with = ['Category', 'ValidPurchase', 'DigitalProduct', 'PhysicalProduct'];
$this->threadResource = \XF::repository('XFRM:ResourceItem')->findResourceForThread($this)->with($with)->fetchOne();
}
return $this->threadResource;
}
public static function getStructure(Structure $structure)
{
$structure = parent::getStructure($structure);
$columns = [
'xfa_rmmp_user_id' => ['type' => Entity::UINT, 'default' => 0],
'xfa_rmmp_type' => ['type' => Entity::STR, 'default' => 'none'],
'xfa_rmmp_restrict_support' => ['type' => Entity::UINT, 'default' => 0]
];
$structure->columns += $columns;
return $structure;
}
}