GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CONTROLLER][Note] Respect note scope

Browse Source
This commit is contained in:
Diogo Peralta Cordeiro 2021-12-26 20:25:56 +00:00
parent d891089945
commit fec1861b80
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Controller/Note.php
View File

@ -26,6 +26,7 @@ namespace App\Controller;
use App\Core\Controller; use App\Core\Controller;
use App\Core\DB\DB; use App\Core\DB\DB;
use function App\Core\I18n\_m; use function App\Core\I18n\_m;
use App\Util\Common;
use App\Util\Exception\ClientException; use App\Util\Exception\ClientException;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
@ -40,7 +41,11 @@ class Note extends Controller
if (empty($note)) { if (empty($note)) {
throw new ClientException(_m('No such note.'), 404); throw new ClientException(_m('No such note.'), 404);
} else { } else {
if ($note->isVisibleTo(Common::actor())) {
return $handle($note); return $handle($note);
} else {
throw new ClientException(_m('You don\'t have permissions to view this note.'), 401);
}
} }
} }