Skip to content

Commit

Permalink
restrict all pool-related functions to logged in users only
Browse files Browse the repository at this point in the history
  • Loading branch information
Giraffaman committed Feb 25, 2024
1 parent 712a653 commit 6a13b6d
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 4 deletions.
2 changes: 2 additions & 0 deletions core/permissions.php
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,8 @@ abstract class Permissions
public const POOLS_ADMIN = "pools_admin";
public const POOLS_CREATE = "pools_create";
public const POOLS_UPDATE = "pools_update";
# 2024-02-25: added pool view permission to restrict to logged in users only
public const POOLS_VIEW = "pools_view";

public const SET_PRIVATE_IMAGE = "set_private_image";
public const SET_OTHERS_PRIVATE_IMAGES = "set_others_private_images";
Expand Down
2 changes: 2 additions & 0 deletions core/userclass.php
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,8 @@ public function can(string $ability): bool
Permissions::NOTES_REQUEST => true,
Permissions::POOLS_CREATE => true,
Permissions::POOLS_UPDATE => true,
# 2024-02-25: added permissions to view pools and tags to restrict this to logged in users only
Permissions::POOLS_VIEW => true,
]);

new UserClass("hellbanned", "user", [
Expand Down
5 changes: 1 addition & 4 deletions ext/pools/main.php
Original file line number Diff line number Diff line change
Expand Up @@ -232,10 +232,7 @@ public function onPageSubNavBuilding(PageSubNavBuildingEvent $event): void
public function onPageRequest(PageRequestEvent $event): void
{
global $config, $database, $page, $user;
if(! $user->is_logged_in()) {
$errMessage = "You must be registered and logged in to use pools.";
$this->theme->display_error(401, "Unauthorized", $errMessage);
} else {
if($event->page_matches("pool", permission: Permissions::POOLS_VIEW)) {
if (
$event->page_matches("pool/list", paged: true)
|| $event->page_matches("pool/list/{search}", paged: true)
Expand Down

0 comments on commit 6a13b6d

Please sign in to comment.