From b8ab509262536869685492e24205be23d7d63420 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miha=20Frange=C5=BE?= <miha.frangez@gmail.com>
Date: Mon, 10 Mar 2025 17:14:23 +0100
Subject: [PATCH 1/2] Add test to make sure permission calculation isn't
 order-dependent

---
 .../apps/forum_permission/test_checker.py     | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/tests/unit/apps/forum_permission/test_checker.py b/tests/unit/apps/forum_permission/test_checker.py
index 61ecd387..b7ac0bda 100644
--- a/tests/unit/apps/forum_permission/test_checker.py
+++ b/tests/unit/apps/forum_permission/test_checker.py
@@ -216,3 +216,31 @@ def test_knows_that_granted_permissions_should_take_precedence_over_the_same_non
         checker = ForumPermissionChecker(user)
         # Run & check
         assert checker.has_perm('can_read_forum', self.forum)
+
+    def test_readable_forums_order_independent(self):
+        PERM = 'can_read_forum'
+        # Setup
+        user = UserFactory.create()
+        group = GroupFactory.create()
+        user.groups.add(group)
+
+        # All forums are visible to everyone, except one is hidden from this group
+        public1 = create_forum(name="Public 1")
+        public2 = create_forum(name="Public 2")
+        private = create_forum(name="Private")
+        assign_perm(PERM, ALL_AUTHENTICATED_USERS, None, has_perm=True)
+        assign_perm(PERM, group, private, has_perm=False)
+
+        checker = ForumPermissionChecker(user)
+
+        # Test with public forum in the end
+        perms = checker.get_perms_for_forumlist([public1, public2, private], [PERM, ])
+        assert PERM in perms[public1]
+        assert PERM in perms[public2]
+        assert PERM not in perms[private]
+
+        # Test with private forum in the middle
+        perms = checker.get_perms_for_forumlist([public1, private, public2], [PERM, ])
+        assert PERM in perms[public1]
+        assert PERM in perms[public2]
+        assert PERM not in perms[private]

From 3de4f0d654b0b65cfbd9c06df012d69c87ce84f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miha=20Frange=C5=BE?= <miha.frangez@gmail.com>
Date: Mon, 10 Mar 2025 17:15:57 +0100
Subject: [PATCH 2/2] Fix permission calculation being order-dependent

---
 machina/apps/forum_permission/checker.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/machina/apps/forum_permission/checker.py b/machina/apps/forum_permission/checker.py
index 406b3e8c..cb58c47e 100644
--- a/machina/apps/forum_permission/checker.py
+++ b/machina/apps/forum_permission/checker.py
@@ -184,7 +184,7 @@ def get_perms_for_forumlist(self, forums, perm_codenames=None):
                     # - not set to non-granted on global-user level
                     # - and not set to non-granted on forum-group level
                     # - and not set to non-granted on forum-user level
-                    globally_granted_group_perms = list(
+                    forum_globally_granted_group_perms = list(
                         filter(lambda p: p.has_perm and p.forum_id is None and
                                p.permission_id not in
                                [q.permission_id for q in globally_nongranted_user_perms] and
@@ -195,14 +195,14 @@ def get_perms_for_forumlist(self, forums, perm_codenames=None):
                                globally_granted_group_perms)
                     )
                     globally_granted_group_permcodes = [
-                        p.permission.codename for p in globally_granted_group_perms
+                        p.permission.codename for p in forum_globally_granted_group_perms
                     ]
 
                     # Filter the globally non granted group perms to those that were:
                     # - not set to granted on global- user level
                     # - and not set to granted on forum-group level
                     # - and not set to granted on forum-user level
-                    globally_nongranted_group_perms = list(
+                    forum_globally_nongranted_group_perms = list(
                         filter(lambda p: not p.has_perm and p.forum_id is None and
                                p.permission_id not in
                                [q.permission_id for q in globally_granted_user_perms] and
@@ -251,14 +251,14 @@ def get_perms_for_forumlist(self, forums, perm_codenames=None):
                 # - and not set to non-granted on global-group level
                 # - and not set to non-granted on forum-group level
                 # - and not set to non-granted on forum-user level
-                globally_granted_all_users_perms = list(
+                forum_globally_granted_all_users_perms = list(
                     filter(lambda p: p.has_perm and p.forum_id is None and
                            p.permission_id not in
                            [y.permission_id for y in per_forum_nongranted_all_users_perms] and
                            p.permission_id not in
                            [q.permission_id for q in globally_nongranted_user_perms] and
                            p.permission_id not in
-                           [a.permission_id for a in globally_nongranted_group_perms] and
+                           [a.permission_id for a in forum_globally_nongranted_group_perms] and
                            p.permission_id not in
                            [x.permission_id for x in per_forum_nongranted_group_perms] and
                            p.permission_id not in
@@ -266,7 +266,7 @@ def get_perms_for_forumlist(self, forums, perm_codenames=None):
                            globally_granted_all_users_perms)
                 )
                 globally_granted_all_users_permcodes = [
-                    p.permission.codename for p in globally_granted_all_users_perms
+                    p.permission.codename for p in forum_globally_granted_all_users_perms
                 ]
                 granted_all_users_permcodes = set(globally_granted_all_users_permcodes +
                                                   per_forum_granted_all_users_permcodes)