X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/f8ae4c335e91d4af86e64f7ff601c7a4384b1191..refs/pull/494/head:/app/Services/PermissionService.php

diff --git a/app/Services/PermissionService.php b/app/Services/PermissionService.php
index a1b661533..93787a3e5 100644
--- a/app/Services/PermissionService.php
+++ b/app/Services/PermissionService.php
@@ -259,7 +259,7 @@ class PermissionService
         $roleIds = array_map(function($role) {
             return $role->id;
         }, $roles);
-        $this->jointPermission->newQuery()->whereIn('id', $roleIds)->delete();
+        $this->jointPermission->newQuery()->whereIn('role_id', $roleIds)->delete();
     }
 
     /**
@@ -399,7 +399,7 @@ class PermissionService
         $hasPermissiveAccessToParents = !$book->restricted;
 
         // For pages with a chapter, Check if explicit permissions are set on the Chapter
-        if ($entity->isA('page') && $entity->chapter_id !== 0) {
+        if ($entity->isA('page') && $entity->chapter_id !== 0 && $entity->chapter_id !== '0') {
             $chapter = $this->getChapter($entity->chapter_id);
             $hasPermissiveAccessToParents = $hasPermissiveAccessToParents && !$chapter->restricted;
             if ($chapter->restricted) {
@@ -468,7 +468,7 @@ class PermissionService
         $action = end($explodedPermission);
         $this->currentAction = $action;
 
-        $nonJointPermissions = ['restrictions', 'image', 'attachment'];
+        $nonJointPermissions = ['restrictions', 'image', 'attachment', 'comment'];
 
         // Handle non entity specific jointPermissions
         if (in_array($explodedPermission[0], $nonJointPermissions)) {