首頁 探索 說明
註冊 登入
oleg
/
pixelfed
镜像来自 https://github.com/pixelfed/pixelfed.git
1
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

Update ComposeController, add permissions check

Daniel Supernault 1 年之前
父節點
d39946b045
當前提交
75b0f2dda0
共有 1 個文件被更改,包括 3 次插入0 次删除
統一視圖 顯示文件統計
  1. 3 0
      app/Http/Controllers/ComposeController.php

+ 3 - 0
app/Http/Controllers/ComposeController.php
查看文件 

@@ -54,6 +54,7 @@ use App\Util\Lexer\Autolink;
 
 use App\Util\Lexer\Extractor;
 
 use App\Util\Lexer\Extractor;
 
 use App\Util\Media\License;
 
 use App\Util\Media\License;
 
 use Image;
 
 use Image;
 
+use App\Services\UserRoleService;
 
 
 
 class ComposeController extends Controller
 
 class ComposeController extends Controller
 
 {
 
 {
 
@@ -92,6 +93,7 @@ class ComposeController extends Controller
 
 
 
 		$user = Auth::user();
 
 		$user = Auth::user();
 
 		$profile = $user->profile;
 
 		$profile = $user->profile;
 
+		abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
 
 
 
 		$limitKey = 'compose:rate-limit:media-upload:' . $user->id;
 
 		$limitKey = 'compose:rate-limit:media-upload:' . $user->id;
 
 		$limitTtl = now()->addMinutes(15);
 
 		$limitTtl = now()->addMinutes(15);
 
@@ -184,6 +186,7 @@ class ComposeController extends Controller
 
 		]);
 
 		]);
 
 
 
 		$user = Auth::user();
 
 		$user = Auth::user();
 
+		abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
 
 
 
 		$limitKey = 'compose:rate-limit:media-updates:' . $user->id;
 
 		$limitKey = 'compose:rate-limit:media-updates:' . $user->id;
 
 		$limitTtl = now()->addMinutes(15);
 
 		$limitTtl = now()->addMinutes(15);