mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-08 01:16:52 +02:00
Code Issues Releases Wiki Activity

Don't allow guests to alter subscription

Browse Source
This commit is contained in:
Toby Zerner
2015-09-03 15:42:12 +09:30
parent 74fdf7b79c
commit 98369acd70
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
extensions/subscriptions/src/Listeners/PersistSubscriptionData.php
View File

@@ -1,6 +1,7 @@
<?php namespace Flarum\Subscriptions\Listeners; <?php namespace Flarum\Subscriptions\Listeners;
use Flarum\Events\DiscussionWillBeSaved; use Flarum\Events\DiscussionWillBeSaved;
use Flarum\Core\Exceptions\PermissionDeniedException;
class PersistSubscriptionData class PersistSubscriptionData
{ {
@@ -18,6 +19,10 @@ class PersistSubscriptionData
$actor = $event->actor; $actor = $event->actor;
$subscription = $data['attributes']['subscription']; $subscription = $data['attributes']['subscription'];
if (! $actor->exists) {
throw new PermissionDeniedException;
}
$state = $discussion->stateFor($actor); $state = $discussion->stateFor($actor);
if (! in_array($subscription, ['follow', 'ignore'])) { if (! in_array($subscription, ['follow', 'ignore'])) {