HandlerPageEdit: Use clearForPage() before setting Permissions

handlers/handlerpageedit.cpp

@@ -95,6 +95,9 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
 					pagename = rename;
 				}
 
+				std::vector<std::pair<std::string, Permissions>> collectedPermissions;
+
+				auto permissionDao = this->database->createPermissionsDao();
 				for(const std::string &perm : perms)
 				{
 					auto splitted = utils::split(perm, '|');
@@ -102,23 +105,29 @@ Response HandlerPageEdit::handleRequest(PageDao &pageDao, std::string pagename,
 					{
 						return this->errorResponse("Invalid command", "permissions command is misformated");
 					}
-					auto permissionDao = this->database->createPermissionsDao();
 					auto currentPermission = permissionDao->find(pagename, splitted[0]);
 
 					Permissions newPermissions = Permissions{splitted[1]};
 					if(!currentPermission || newPermissions != currentPermission.value())
 					{
-						if(this->userSession->user.permissions.canSetPagePerms())
+						if(!this->userSession->user.permissions.canSetPagePerms())
-						{
-							permissionDao->save(pagename, splitted[0], newPermissions);
-						}
-						else
 						{
 							this->database->rollbackTransaction();
-							return errorResponse("Invalid permissions",
+							return errorResponse("Permission denied",
-												 "You don't have permission to change page permissions");
+												 "You don't have permission to change permissions. Don't touch the "
+												 "permission commands");
 						}
 					}
+					collectedPermissions.emplace_back(splitted[0], newPermissions);
+				}
+
+				if(this->userSession->user.permissions.canSetPagePerms())
+				{
+					permissionDao->clearForPage(pagename);
+					for(auto &perms : collectedPermissions)
+					{
+						permissionDao->save(pagename, perms.first, perms.second);
+					}
 				}
 
 				page.current_revision = current_revision;