diff options
| author | Joas Schilling <coding@schilljs.com> | 2024-07-10 12:29:02 +0200 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2024-07-10 13:00:53 +0200 |
| commit | a24bb4c1884163eeba7a834698dcfce9e45db108 (patch) | |
| tree | 7891cd7e6dc2a20e2ac3aac8191cfe62a02f9feb | |
| parent | ec399445f216c96dad87c690d7f7c89410131358 (diff) | |
fix(ban): Ensure the ban is from the current room
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | lib/Controller/BanController.php | 2 | ||||
| -rw-r--r-- | lib/Model/BanMapper.php | 5 | ||||
| -rw-r--r-- | lib/Service/BanService.php | 6 |
3 files changed, 7 insertions, 6 deletions
diff --git a/lib/Controller/BanController.php b/lib/Controller/BanController.php index ae6a6f309..bc709824a 100644 --- a/lib/Controller/BanController.php +++ b/lib/Controller/BanController.php @@ -104,7 +104,7 @@ class BanController extends AEnvironmentAwareController { #[PublicPage] #[RequireModeratorParticipant] public function unbanActor(int $banId): DataResponse { - $this->banService->findAndDeleteBanById($banId); + $this->banService->findAndDeleteBanByIdForRoom($banId, $this->room->getId()); return new DataResponse([], Http::STATUS_OK); } diff --git a/lib/Model/BanMapper.php b/lib/Model/BanMapper.php index c3ba2b0df..1b08f7064 100644 --- a/lib/Model/BanMapper.php +++ b/lib/Model/BanMapper.php @@ -52,11 +52,12 @@ class BanMapper extends QBMapper { /** * @throws DoesNotExistException */ - public function findByBanId(int $banId): Ban { + public function findByBanIdAndRoom(int $banId, int $roomId): Ban { $query = $this->db->getQueryBuilder(); $query->select('*') ->from($this->getTableName()) - ->where($query->expr()->eq('id', $query->createNamedParameter($banId, IQueryBuilder::PARAM_INT))); + ->where($query->expr()->eq('id', $query->createNamedParameter($banId, IQueryBuilder::PARAM_INT))) + ->andWhere($query->expr()->eq('room_id', $query->createNamedParameter($roomId, IQueryBuilder::PARAM_INT))); return $this->findEntity($query); } diff --git a/lib/Service/BanService.php b/lib/Service/BanService.php index 3b8210228..96f67b97c 100644 --- a/lib/Service/BanService.php +++ b/lib/Service/BanService.php @@ -37,7 +37,7 @@ class BanService { if (empty($internalNote)) { throw new \InvalidArgumentException("invalid_internalNote."); } - + if ($bannedTime !== null && !$bannedTime instanceof DateTime) { throw new \InvalidArgumentException("invalid_bannedTime."); } @@ -97,9 +97,9 @@ class BanService { /** * Retrieve a ban by its ID and delete it. */ - public function findAndDeleteBanById(int $banId): void { + public function findAndDeleteBanByIdForRoom(int $banId, int $roomId): void { try { - $ban = $this->banMapper->findByBanId($banId); + $ban = $this->banMapper->findByBanIdAndRoom($banId, $roomId); $this->banMapper->delete($ban); } catch (DoesNotExistException $e) { // Ban does not exist |