1
0
Fork 1
mirror of https://github.com/pixelfed/pixelfed.git synced 2024-12-28 02:36:50 +00:00

Update ComposeController, add permissions check

This commit is contained in:
Daniel Supernault 2024-01-02 22:06:18 -07:00
parent d39946b045
commit 75b0f2dda0
No known key found for this signature in database
GPG key ID: 23740873EE6F76A1

View file

@ -54,6 +54,7 @@ use App\Util\Lexer\Autolink;
use App\Util\Lexer\Extractor; use App\Util\Lexer\Extractor;
use App\Util\Media\License; use App\Util\Media\License;
use Image; use Image;
use App\Services\UserRoleService;
class ComposeController extends Controller class ComposeController extends Controller
{ {
@ -92,6 +93,7 @@ class ComposeController extends Controller
$user = Auth::user(); $user = Auth::user();
$profile = $user->profile; $profile = $user->profile;
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$limitKey = 'compose:rate-limit:media-upload:' . $user->id; $limitKey = 'compose:rate-limit:media-upload:' . $user->id;
$limitTtl = now()->addMinutes(15); $limitTtl = now()->addMinutes(15);
@ -184,6 +186,7 @@ class ComposeController extends Controller
]); ]);
$user = Auth::user(); $user = Auth::user();
abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action');
$limitKey = 'compose:rate-limit:media-updates:' . $user->id; $limitKey = 'compose:rate-limit:media-updates:' . $user->id;
$limitTtl = now()->addMinutes(15); $limitTtl = now()->addMinutes(15);