Extend acl no access to deleted polls via public link #773

lib/Model/Acl.php

@@ -177,10 +177,11 @@ public function getIsAdmin(): bool {
 	public function getAllowView(): bool {
 		return (
 			   $this->getIsOwner()
-			|| $this->getIsAdmin()
+			|| ($this->getIsAdmin() && $this->poll->getAdminAccess())
 			|| ($this->getGroupShare() && !$this->poll->getDeleted())
 			|| ($this->getPersonalShare() && !$this->poll->getDeleted())
-			|| $this->poll->getAccess() !== 'hidden'
+			|| ($this->getPublicShare() && !$this->poll->getDeleted())
+			|| ($this->poll->getAccess() !== 'hidden' && !$this->getPublicShare())
 			);
 	}
 
@@ -213,6 +214,21 @@ public function getPersonalShare(): bool {
 		);
 	}
 
+	/**
+	 * @NoAdminRequired
+	 * @return bool
+	 */
+	public function getPublicShare(): bool {
+
+		return count(
+			array_filter($this->shareMapper->findByPoll($this->getPollId()), function($item) {
+				if ($item->getType() === 'public' && $item->getToken() === $this->getToken()) {
+					return true;
+				}
+			})
+		);
+	}
+
 	/**
 	 * @NoAdminRequired
 	 * @return bool
@@ -233,6 +249,7 @@ public function getAllowVote(): bool {
 			   ($this->getAllowView() || $this->getFoundByToken())
 			&& !$this->getExpired()
 			&& !$this->poll->getDeleted()
+			&& $this->userId
 
 		) {
 			return true;
@@ -368,6 +385,7 @@ public function jsonSerialize(): array {
 			'allowSeeAllVotes'  => $this->getAllowSeeAllVotes(),
 			'groupShare'        => $this->getGroupShare(),
 			'personalShare'     => $this->getPersonalShare(),
+			'publicShare'     	=> $this->getPublicShare(),
 			'foundByToken'      => $this->getFoundByToken(),
 			'accessLevel'       => $this->getAccessLevel()
 		];