Fixed Resource edit permission check is incorrect in some cases


Well-known member
The canEditResource method will not work correctly if user has no permission to edit own resources, but has permission to edit resources by anyone.

I suggest to change this method (and possibly others) in this way

public function canEditResource(array $resource, array $category, &$errorPhraseKey = '', array $viewingUser = null)
        if (!$viewingUser['user_id'])
            return false;
        $updateSelf = false;
        if ($resource['user_id'] == $viewingUser['user_id'])
            $updateSelf = XenForo_Permission::hasPermission($viewingUser['permissions'], 'resource', 'updateSelf');
        return $updateSelf || XenForo_Permission::hasPermission($viewingUser['permissions'], 'resource', 'editAny');