From 5a353edec6918de1be6177f86b4d17cb7122dda0 Mon Sep 17 00:00:00 2001
From: Camille Simiand <camille.simiand@tetras-libre.fr>
Date: Tue, 1 Feb 2022 15:50:06 +0100
Subject: [PATCH] Fix editors can edit capsule

---
 src/Controller/CapsuleController.php | 10 ++++++++--
 translations/messages.en.yaml        |  3 ++-
 translations/messages.fr.yaml        |  3 ++-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/Controller/CapsuleController.php b/src/Controller/CapsuleController.php
index 2a7357f..039087a 100644
--- a/src/Controller/CapsuleController.php
+++ b/src/Controller/CapsuleController.php
@@ -116,9 +116,15 @@ class CapsuleController extends AbstractController
             return $this->redirectToRoute('app_logout');
         }
 
-        $capsule = $capsuleRepository->findOneBy(['link_path' => $path, 'creation_author' => $current_user]);
+        $capsule = $capsuleRepository->findOneBy(['link_path' => $path]);
+
         if (null === $capsule) {
-            $this->addFlash('warning', $translator->trans('capsule.edition_not_allowed'));
+            $this->addFlash('warning', $translator->trans('capsule.edit.not_found'));
+            return $this->redirectToRoute('capsule_list');
+        }
+
+        if (! $capsule->getEditors()->contains($current_user)) {
+            $this->addFlash('warning', $translator->trans('capsule.edit.not_allowed'));
             return $this->redirectToRoute('capsule_list');
         }
 
diff --git a/translations/messages.en.yaml b/translations/messages.en.yaml
index 328bafb..7e70101 100644
--- a/translations/messages.en.yaml
+++ b/translations/messages.en.yaml
@@ -62,13 +62,14 @@ capsule:
   video_url: Youtube or Vimeo video URL
   created_success: Capsule capsule_name was created successfully
   no_edition_access: No edition access
-  edition_not_allowed: You are not allowed to edit this capsule
   contact_capsule_author_for_access: Please contact the author to gain access the edition mode
   not_found: The project doesn't exist
   edit_permissions:
     link: Edit permissions
   edit:
     link: Edit capsule
+    not_allowed: You are not allowed to edit this capsule
+    not_found: The capsule was not found
   duplicate:
     link: Duplicate capsule
     title: Duplicate capsule
diff --git a/translations/messages.fr.yaml b/translations/messages.fr.yaml
index 9c27b16..3745a30 100644
--- a/translations/messages.fr.yaml
+++ b/translations/messages.fr.yaml
@@ -60,12 +60,13 @@ capsule:
   video_url: URL de la video Youtube ou Vimeo
   created_success: La capsule capsule_name a été créée
   no_edition_access: Pas d'accès au mode édition
-  edition_not_allowed: Vous n'êtes pas autorisé a modifier cette capsule
   contact_capsule_author_for_access: Veuillez contacter l'auteur de la capsule pour lui demander son accès en mode édition
   edit_permissions:
     link: Modifier les permissions
   edit:
     link: Modifier la capsule
+    not_allowed: Vous n'êtes pas autorisé a modifier cette capsule
+    not_found: La capsule n'existe pas
   duplicate:
     link: Dupliquer la capsule
     title: Dupliquer la capsule
-- 
GitLab