From 18e63c6cf8015dfa8374cb378635f21df4b3b712 Mon Sep 17 00:00:00 2001
From: Jean-Laurent <jean-laurent.duzant@xelians.fr>
Date: Mon, 27 Jun 2022 10:24:36 +0200
Subject: [PATCH] FIX #17671 TIME 0:05 checking hardDelete privilege before
 search

---
 src/app/search/controllers/SearchController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/search/controllers/SearchController.php b/src/app/search/controllers/SearchController.php
index 9a6d4878e2..b85e65531c 100755
--- a/src/app/search/controllers/SearchController.php
+++ b/src/app/search/controllers/SearchController.php
@@ -36,7 +36,7 @@ class SearchController
         $queryParams['softDeleted'] = empty($queryParams['softDeleted']) ? false : $queryParams['softDeleted'] == 'true';
         $queryParams['hardDeleted'] = empty($queryParams['hardDeleted']) ? false : $queryParams['hardDeleted'] == 'true';
 
-        if ($queryParams['softDeleted'] && !PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'can_purge'])) {
+        if (($queryParams['softDeleted'] || $queryParams['softDeleted']) && !PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'can_purge'])) {
             return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
         }
 
-- 
GitLab