From 1d8c997fb07f3f62316baf548326e871655c7b58 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 18 May 2020 18:39:59 +0200
Subject: [inc/Permission] add mergeWithDisallowed

---
 inc/permission.inc.php | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/inc/permission.inc.php b/inc/permission.inc.php
index 7dd011bb..cd9cc43c 100644
--- a/inc/permission.inc.php
+++ b/inc/permission.inc.php
@@ -54,5 +54,29 @@ class Permission
 		return file_exists('modules/' . $moduleId . '/permissions/permissions.json');
 	}
 
+	/**
+	 * Takes a list of locations, removes any locations from it where the user doesn't have permission,
+	 * and then re-adds locations resulting from the given query. The given query should return only
+	 * one column per row, which is a location id.
+	 * @param $passedLocations
+	 * @param $permission
+	 * @param $query
+	 * @param $params
+	 * @return array
+	 */
+	public static function mergeWithDisallowed($passedLocations, $permission, $query, $params)
+	{
+		$allowed = User::getAllowedLocations($permission);
+		if (in_array(0, $allowed))
+			return $passedLocations;
+		$passedLocations = array_intersect($passedLocations, $allowed);
+		$oldSet = Database::queryColumnArray($query, $params);
+		$oldSet = array_diff($oldSet, $allowed);
+		if (!empty($oldSet)) {
+			$passedLocations = array_unique(array_merge($passedLocations, $oldSet));
+		}
+		return $passedLocations;
+	}
+
 }
 
-- 
cgit v1.2.3-55-g7522