From 4179f2e2d218d1213fe1862d71682f542898831e Mon Sep 17 00:00:00 2001
From: Christian Fasching <christian.fasching@pimcore.com>
Date: Tue, 17 Dec 2024 12:39:10 +0100
Subject: [PATCH 1/3] fixed permission checks in certain constellations

---
 src/Helper/GridHelperService.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php
index 51ad8d82e..808284cc0 100644
--- a/src/Helper/GridHelperService.php
+++ b/src/Helper/GridHelperService.php
@@ -989,7 +989,7 @@ protected function getPermittedPathsByUser(string $type, User $user): string
                     //if any allowed child is found, the current folder can be listed but its content is still blocked
                     $onlyChildren = true;
                 }
-                $forbiddenPathSql[] = $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions;
+                $forbiddenPathSql[] = '(' . $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions . ')';
             }
             foreach ($elementPaths['allowed'] as $allowedPaths) {
                 $allowedPathSql[] = $this->optimizedConcatLike($allowedPaths);

From 99a010d3e4fc6398172a73c1598eb5a242ae66a7 Mon Sep 17 00:00:00 2001
From: Christian Fasching <christian.fasching@pimcore.com>
Date: Tue, 17 Dec 2024 12:49:58 +0100
Subject: [PATCH 2/3] fixed style

---
 src/Helper/GridHelperService.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php
index 808284cc0..b6dbb63ed 100644
--- a/src/Helper/GridHelperService.php
+++ b/src/Helper/GridHelperService.php
@@ -989,7 +989,9 @@ protected function getPermittedPathsByUser(string $type, User $user): string
                     //if any allowed child is found, the current folder can be listed but its content is still blocked
                     $onlyChildren = true;
                 }
-                $forbiddenPathSql[] = '(' . $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions . ')';
+                $forbiddenPathSql[] =
+                    '(' . $this->optimizedConcatNotLike($forbiddenPath, $onlyChildren) . $exceptions . ')'
+                ;
             }
             foreach ($elementPaths['allowed'] as $allowedPaths) {
                 $allowedPathSql[] = $this->optimizedConcatLike($allowedPaths);

From 2c71200bebdf898b79f0e4a0556639fd31c09e4e Mon Sep 17 00:00:00 2001
From: Christian Fasching <christian.fasching@pimcore.com>
Date: Tue, 17 Dec 2024 14:20:11 +0100
Subject: [PATCH 3/3] fixed permission checks in certain constellations

---
 src/Helper/GridHelperService.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Helper/GridHelperService.php b/src/Helper/GridHelperService.php
index b6dbb63ed..ddc46c7e4 100644
--- a/src/Helper/GridHelperService.php
+++ b/src/Helper/GridHelperService.php
@@ -954,7 +954,7 @@ private function optimizedConcatNotLike(string $fullpath, bool $onlyChildren = f
         }
 
         return '(
-            (`path` != "' . $path . '/" AND `key` != "' . $leaf . '")
+            NOT (`path` = "' . $path . '/" AND `key` = "' . $leaf . '")
             AND
             `path` NOT LIKE "' . $fullpath . '/%"
         )';