• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed User's resources page doesn't show warning when there are no resources to display


Well-known member
I was working on adding a new view permission and found this issue.

I'll explain that by code example:
class XenResource_ControllerPublic_Author extends XenForo_ControllerPublic_Abstract
    public function actionView()
        foreach ($resources AS $key => $resource)
            if (!$resourceModel->canViewResourceAndContainer($resource, $resource))
The loop here filters the resources that the user don't have permission to see.
The issue is that there is no check to ensure that there is something left in this array, and it's getting passed to the template as is.

So, for example, User A has few resources.
User B go to the resources page of User A, but he has no permission to view resources (permissions[resource][view]).
The result is that User B can access to this page, but all the resources are filtered.

Last edited:


XenForo developer
Staff member
The bug here is actually that what happened when you could view resources (generally) but not any categories. This lead to a case where no permission check was run on the query so it relied on that filtering. This could create a page nav unexpectedly as well in a few other places.

I've changed the condition handler to handle being given an empty array of allowed category IDs (by implementing an always false condition) and this sorts it here and on the main resource page.

Of course, giving no access to any category means that you really should just block the resources themselves at a general level otherwise you have a link that leads effectively to nothing.