From c6c44be93b45a1fac5e491b4add389836365eb1f Mon Sep 17 00:00:00 2001
From: anoy <anoymouserver+github@mailbox.org>
Date: Wed, 11 Nov 2020 19:09:15 +0100
Subject: fix second where overrides previous condition

Signed-off-by: anoy <anoymouserver+github@mailbox.org>
---
 CHANGELOG.md              | 2 ++
 lib/Db/FeedMapperV2.php   | 2 +-
 lib/Db/FolderMapperV2.php | 6 +++---
 lib/Db/NewsMapper.php     | 1 -
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 137271adb..20d0d2047 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,8 @@ All notable changes to this project will be documented in this file.
 
 ## Unreleased
 
+- Fix API allows access to folders of other users
+
 ## 15.1.0-rc2
 
 ### Changed
diff --git a/lib/Db/FeedMapperV2.php b/lib/Db/FeedMapperV2.php
index 366ece141..0ecb5ba4f 100644
--- a/lib/Db/FeedMapperV2.php
+++ b/lib/Db/FeedMapperV2.php
@@ -85,7 +85,7 @@ class FeedMapperV2 extends NewsMapperV2
         $builder->addSelect('*')
                 ->from($this->tableName)
                 ->where('user_id = :user_id')
-                ->where('id = :id')
+                ->andWhere('id = :id')
                 ->setParameter(':user_id', $userId)
                 ->setParameter(':id', $id);
 
diff --git a/lib/Db/FolderMapperV2.php b/lib/Db/FolderMapperV2.php
index 913bd9d70..c2b172870 100644
--- a/lib/Db/FolderMapperV2.php
+++ b/lib/Db/FolderMapperV2.php
@@ -51,7 +51,7 @@ class FolderMapperV2 extends NewsMapperV2
         $builder->select('*')
                 ->from($this->tableName)
                 ->where('user_id = :user_id')
-                ->where('deleted_at = 0')
+                ->andWhere('deleted_at = 0')
                 ->setParameter(':user_id', $userId);
 
         return $this->findEntities($builder);
@@ -78,8 +78,8 @@ class FolderMapperV2 extends NewsMapperV2
         $builder->select('*')
             ->from($this->tableName)
             ->where('user_id = :user_id')
-            ->where('id = :id')
-            ->where('deleted_at = 0')
+            ->andWhere('id = :id')
+            ->andWhere('deleted_at = 0')
             ->setParameter(':user_id', $userId)
             ->setParameter(':id', $id);
 
diff --git a/lib/Db/NewsMapper.php b/lib/Db/NewsMapper.php
index 14913c1be..b03c42c91 100644
--- a/lib/Db/NewsMapper.php
+++ b/lib/Db/NewsMapper.php
@@ -73,7 +73,6 @@ abstract class NewsMapper extends Mapper
         $builder = $this->db->getQueryBuilder();
         $builder->delete($this->tableName)
             ->where('deleted_at != 0')
-            ->execute()
             ->execute();
     }
 
-- 
cgit v1.2.3