lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-23 19:37:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix user without authority can view approval page

Browse Source
This commit is contained in:
xiaomlove
2022-08-17 17:39:41 +08:00
parent 78a25071d1
commit 0cce250df2
7 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/TorrentController.php
+4
View File
@@ -107,6 +107,7 @@ class TorrentController extends Controller
public function approvalPage(Request $request)
{
$request->validate(['torrent_id' => 'required']);
$this->checkPermission('authority.torrentmanage');
$torrentId = $request->torrent_id;
$torrent = Torrent::query()->findOrFail($torrentId, Torrent::$commentFields);
$denyReasons = TorrentDenyReason::query()->orderBy('priority', 'desc')->get();
@@ -116,6 +117,7 @@ class TorrentController extends Controller
public function approvalLogs(Request $request)
{
$request->validate(['torrent_id' => 'required']);
$this->checkPermission('authority.torrentmanage');
$torrentId = $request->torrent_id;
$actionTypes = [
TorrentOperationLog::ACTION_TYPE_APPROVAL_NONE,
@@ -140,8 +142,10 @@ class TorrentController extends Controller
'torrent_id' => 'required',
'approval_status' => 'required',
]);
$this->checkPermission('authority.torrentmanage');
$params = $request->all();
$this->repository->approval(Auth::user(), $params);
return $this->success($params);
}
}