diff --git a/src/services/RestrictionService.php b/src/services/RestrictionService.php index 80d6e5c..6182881 100644 --- a/src/services/RestrictionService.php +++ b/src/services/RestrictionService.php @@ -22,6 +22,7 @@ use craft\helpers\StringHelper; use craft\models\GqlToken; use craft\services\Assets; +use craft\services\Entries; use craft\services\Gql; use craft\services\Sections; use craft\services\Volumes; @@ -403,8 +404,9 @@ public function ensureEntryMutationAllowed(ModelEvent $event): bool $entry->authorId = $user->id; } - $authorOnlySections = $this->getAuthorOnlySections($user, 'mutation'); + $authorOnlySections = isset($user) && $user ? $this->getAuthorOnlySections($user, 'mutation') : []; + /** @var Sections */ $sectionsService = Craft::$app->getSections(); $entrySection = $sectionsService->getSectionById($entry->sectionId)->handle; @@ -436,12 +438,11 @@ public function ensureAssetMutationAllowed(ModelEvent $event): bool $asset = $event->sender; $user = GraphqlAuthentication::$tokenService->getUserFromToken(); - if ($event->isNew) { + if ($user && $event->isNew && !$asset->uploaderId) { $asset->uploaderId = $user->id; return true; } - // Robin Beatty: added user check here $authorOnlyVolumes = isset($user) && $user ? $this->getAuthorOnlyVolumes($user, 'mutation') : []; /** @var Volumes */ @@ -452,7 +453,7 @@ public function ensureAssetMutationAllowed(ModelEvent $event): bool return true; } - if ((string) $asset->uploaderId !== (string) $user->id) { + if (!$user || $asset->uploaderId != $user->id) { GraphqlAuthentication::$errorService->throw(GraphqlAuthentication::$settings->forbiddenMutation); } @@ -577,7 +578,9 @@ protected function _ensureValidEntry(int $id, int $siteId): bool $settings = GraphqlAuthentication::$settings; $errorService = GraphqlAuthentication::$errorService; - $entry = Craft::$app->getEntries()->getEntryById($id, $siteId); + /** @var Entries */ + $entriesService = Craft::$app->getEntries(); + $entry = $entriesService->getEntryById($id, $siteId); if (!$entry) { $errorService->throw($settings->entryNotFound); @@ -656,7 +659,6 @@ protected function _ensureValidAsset(int $id): bool $errorService->throw($settings->forbiddenMutation); } - // Robin Beatty: added user check here $authorOnlyVolumes = isset($user) && $user ? $this->getAuthorOnlyVolumes($user, 'mutation') : []; /** @var Volumes */