fix(Permissions): check against user provided in args

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
nextcloud · Feb 29, 2024 · 7660bc1 · 7660bc1
1 parent a11cfa0
commit 7660bc1
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/lib/Service/PermissionsService.php b/lib/Service/PermissionsService.php
@@ -98,21 +98,21 @@ public function canUpdateTable(Table $table, ?string $userId = null): bool {
 
 	public function canAccessNodeById(int $nodeType, int $nodeId, ?string $userId = null): bool {
 		if ($nodeType === Application::NODE_TYPE_TABLE) {
-			return $this->canReadColumnsByTableId($nodeId, $this->userId);
+			return $this->canReadColumnsByTableId($nodeId, $userId);
 		}
 		if ($nodeType === Application::NODE_TYPE_VIEW) {
-			return $this->canReadColumnsByViewId($nodeId, $this->userId);
+			return $this->canReadColumnsByViewId($nodeId, $userId);
 		}
 
 		return false;
 	}
 
 	public function canManageNodeById(int $nodeType, int $nodeId, ?string $userId = null): bool {
 		if ($nodeType === Application::NODE_TYPE_TABLE) {
-			return $this->canManageTableById($nodeId, $this->userId);
+			return $this->canManageTableById($nodeId, $userId);
 		}
 		if ($nodeType === Application::NODE_TYPE_VIEW) {
-			return $this->canManageViewById($nodeId, $this->userId);
+			return $this->canManageViewById($nodeId, $userId);
 		}
 
 		return false;