public function editPost(string $id) { $id = (int) $id; // Load Data $blogPost = $this->blog->getBlogPostById($id); $blogPost['tags'] = $this->blog->getTagsForPost($id); $latestVersion = $this->blog->getBlogPostLatestVersion($id); if ($this->isSuperUser()) { $authors = $this->author->getAll(); } else { $authors = $this->author->getForUser($this->getActiveUserId()); } $authorsAllowed = []; foreach ($authors as $a) { $authorsAllowed[] = (int) $a['authorid']; } // The 'update' permission here means "update any", not just "update mine": if (!$this->can('update')) { // Does this author belong to you? if (!\in_array((int) $blogPost['author'], $authorsAllowed)) { // No? Then you don't belong here \Airship\redirect($this->airship_cabin_prefix . '/blog/post'); } } $categories = $this->blog->getCategoryTree(); $tags = $this->blog->getTags(); $post = $this->post(new EditPostFilter()); if (!empty($post)) { if ($this->processEditPost($post, $authorsAllowed, $blogPost)) { \Airship\redirect($this->airship_cabin_prefix . '/blog/post'); } } $this->lens('blog/posts_edit', ['active_link' => 'bridge-link-blog-posts', 'blogpost' => $blogPost, 'latest' => $latestVersion, 'authors' => $authors, 'categories' => $categories, 'tags' => $tags, 'title' => \__('Edit Blog Post "%s"', 'default', Util::noHTML($blogPost['title']))]); }