eliseuamaro
/
gnu-social
forked from GNUsocial/gnu-social
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[CONTROLLER][Note] Respect note scope

This commit is contained in:
Diogo Peralta Cordeiro 2021-12-26 20:25:56 +00:00
parent d891089945
commit fec1861b80
Signed by: diogo
GPG Key ID: 18D2D35001FBFAB0
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Controller/Note.php
View File

@ -26,6 +26,7 @@ namespace App\Controller;
use App\Core\Controller;
use App\Core\DB\DB;
use function App\Core\I18n\_m;
use App\Util\Common;
use App\Util\Exception\ClientException;
use Symfony\Component\HttpFoundation\Request;
@ -40,7 +41,11 @@ class Note extends Controller
if (empty($note)) {
throw new ClientException(_m('No such note.'), 404);
} else {
return $handle($note);
if ($note->isVisibleTo(Common::actor())) {
return $handle($note);
} else {
throw new ClientException(_m('You don\'t have permissions to view this note.'), 401);
}
}
}