mirror
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Update ComposeController, add permissions check

This commit is contained in:
Daniel Supernault 2024-01-02 22:06:18 -07:00
parent d39946b045
commit 75b0f2dda0
No known key found for this signature in database
GPG Key ID: 23740873EE6F76A1
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Controllers/ComposeController.php
View File

@ -54,6 +54,7 @@ use App\Util\Lexer\Autolink;
use App\Util\Lexer\Extractor; use App\Util\Lexer\Extractor;
use App\Util\Media\License; use App\Util\Media\License;
use Image; use Image;
use App\Services\UserRoleService;
class ComposeController extends Controller class ComposeController extends Controller
{ {
@ -92,6 +93,7 @@ class ComposeController extends Controller
$user = Auth::user(); $user = Auth::user();
$profile = $user->profile; $profile = $user->profile;
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$limitKey = 'compose:rate-limit:media-upload:' . $user->id; $limitKey = 'compose:rate-limit:media-upload:' . $user->id;
$limitTtl = now()->addMinutes(15); $limitTtl = now()->addMinutes(15);
@ -184,6 +186,7 @@ class ComposeController extends Controller
]); ]);
$user = Auth::user(); $user = Auth::user();
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$limitKey = 'compose:rate-limit:media-updates:' . $user->id; $limitKey = 'compose:rate-limit:media-updates:' . $user->id;
$limitTtl = now()->addMinutes(15); $limitTtl = now()->addMinutes(15);