lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-14 20:40:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix user without authority can view approval page

Browse Source
This commit is contained in:
xiaomlove
2022-08-17 17:39:41 +08:00
parent 78a25071d1
commit 0cce250df2
7 changed files with 30 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/Repositories/TorrentRepository.php
View File

@@ -479,6 +479,9 @@ class TorrentRepository extends BaseRepository
public function approval($user, array $params): array
{
$user = $this->getUser($user);
if ($user->class < Setting::get('authority.torrentmanage')) {
throw new InsufficientPermissionException();
}
$torrent = Torrent::query()->findOrFail($params['torrent_id'], ['id', 'banned', 'approval_status', 'visible', 'owner']);
$lastLog = TorrentOperationLog::query()
->where('torrent_id', $params['torrent_id'])