Merge pull request #242 from humhub/fix/241-access-pages-only-admin

Fix access to view HTML pages

docs/CHANGELOG.md

@@ -1,6 +1,10 @@
 Changelog
 =========
 
+1.8.4 (September 9, 2022)
+-------------------------
+- Fix #241: Fix access to view HTML pages
+
 1.8.3 (September 7, 2022)
 -------------------------
 - Fix #238: Allow HTML Pages and Snippets only for global admins

models/CustomContentContainer.php

@@ -283,14 +283,18 @@ private function getRulesByTarget()
         return $result;
     }
 
-    public function canEdit(): bool
+    public function canEdit($type = null): bool
     {
         if (!($this->content->container instanceof Space && $this->content->container->isAdmin()) &&
             !Yii::$app->user->can(ManagePages::class)) {
             return false;
         }
 
-        return $this->getTargetModel()->isAllowedContentType($this->type);
+        if (HtmlType::isType($type ?? $this->type) && !Yii::$app->user->isAdmin()) {
+            return false;
+        }
+
+        return true;
     }
 
     public function canView() {

models/Target.php

@@ -7,7 +7,6 @@
 use humhub\modules\content\components\ContentContainerActiveRecord;
 use humhub\modules\custom_pages\helpers\Url;
 use humhub\modules\custom_pages\Module;
-use Yii;
 use yii\base\Model;
 
 /**
@@ -105,10 +104,6 @@ public function isAllowedContentType($type)
             $type = $type->getId();
         }
 
-        if (HtmlType::isType($type) && !Yii::$app->user->isAdmin()) {
-            return false;
-        }
-
         return empty($this->contentTypes) || in_array($type, $this->contentTypes);
     }
 

models/forms/AddPageForm.php

@@ -9,6 +9,7 @@
 
 namespace humhub\modules\custom_pages\models\forms;
 
+use humhub\modules\content\components\ContentContainerActiveRecord;
 use humhub\modules\custom_pages\helpers\Url;
 use humhub\modules\custom_pages\models\ContainerPage;
 use humhub\modules\custom_pages\models\ContainerSnippet;
@@ -25,6 +26,7 @@
 /**
  * AddPageForm selects a page type
  *
+ * @property-read CustomContentContainer $pageInstance
  * @author luke
  */
 class AddPageForm extends Model
@@ -107,7 +109,11 @@ public function isAllowedType($type)
             }
         }
 
-        return in_array($type ,$this->getPageInstance()->getContentTypes()) && $this->target->isAllowedContentType($type);
+        if (!$this->pageInstance->canEdit($type)) {
+            return false;
+        }
+
+        return in_array($type, $this->pageInstance->getContentTypes()) && $this->target->isAllowedContentType($type);
     }
 
     /**
@@ -151,7 +157,11 @@ public function showTemplateType()
     public function getPageInstance()
     {
         if($this->_instance == null) {
-            $this->_instance = Yii::createObject($this->class);
+            $params = [];
+            if ($this->target->container instanceof ContentContainerActiveRecord) {
+                $params[] = $this->target->container;
+            }
+            $this->_instance = Yii::createObject($this->class, $params);
         }
         return $this->_instance;
     }

module.json

@@ -3,7 +3,7 @@
     "name": "Custom Pages",
     "description": "Allows admins to create custom pages (html or markdown) or external links to various navigations (e.g. top navigation, account menu).",
     "keywords": ["pages", "custom", "iframe", "markdown", "link", "navigation", "spaces"],
-    "version": "1.8.3",
+    "version": "1.8.4",
     "homepage": "https://github.com/humhub/custom-pages",
     "humhub": {
         "minVersion": "1.12"