From 62b9eef8056f737086352c790fede60cb081c041 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Fri, 9 Feb 2024 20:51:37 -0700 Subject: [PATCH] Fix api endpoints --- app/Http/Controllers/Api/ApiV1Controller.php | 3 +-- app/Http/Controllers/ComposeController.php | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index 8ae65eb44..d1bd9cac2 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -956,8 +956,7 @@ class ApiV1Controller extends Controller */ public function accountRelationshipsById(Request $request) { - abort_if(!$request->user() || !$request->user()->token(), 403); - abort_unless($request->user()->tokenCan('read'), 403); + abort_if(!$request->user(), 403); $this->validate($request, [ 'id' => 'required|array|min:1|max:20', diff --git a/app/Http/Controllers/ComposeController.php b/app/Http/Controllers/ComposeController.php index e17a37fd7..36bd5a66c 100644 --- a/app/Http/Controllers/ComposeController.php +++ b/app/Http/Controllers/ComposeController.php @@ -260,6 +260,8 @@ class ComposeController extends Controller $q = mb_substr($q, 1); } + $user = $request->user(); + abort_if($user->has_roles && !UserRoleService::can('can-post', $user->id), 403, 'Invalid permissions for this action'); $blocked = UserFilter::whereFilterableType('App\Profile')