From 2dfa4cd53ead23af4964368d661f5c52918f09eb Mon Sep 17 00:00:00 2001 From: Alex Thomassen Date: Tue, 19 Dec 2023 20:57:23 +0000 Subject: [PATCH] Only users with any form of channel access can use /viewer --- app/Http/Controllers/ViewerController.php | 3 +- app/Http/Requests/ViewerRequest.php | 38 +++++++++++++++++++++++ app/Models/User.php | 1 + 3 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 app/Http/Requests/ViewerRequest.php diff --git a/app/Http/Controllers/ViewerController.php b/app/Http/Controllers/ViewerController.php index 4a07fab..1c28e89 100644 --- a/app/Http/Controllers/ViewerController.php +++ b/app/Http/Controllers/ViewerController.php @@ -3,12 +3,13 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; +use App\Http\Requests\ViewerRequest; use App\Models\Trace\Message; class ViewerController extends Controller { - public function index(Request $request, string $viewerId) + public function index(ViewerRequest $request, string $viewerId) { // Check if viewerId is numeric if (!is_numeric($viewerId)) { diff --git a/app/Http/Requests/ViewerRequest.php b/app/Http/Requests/ViewerRequest.php new file mode 100644 index 0000000..77676e9 --- /dev/null +++ b/app/Http/Requests/ViewerRequest.php @@ -0,0 +1,38 @@ +is_admin) { + return true; + } + + $channels = $user->getTraceChannels(); + return $channels->isNotEmpty(); + } + + /** + * Get the validation rules that apply to the request. + * + * @return array|string> + */ + public function rules(): array + { + return []; + } +} diff --git a/app/Models/User.php b/app/Models/User.php index f33f448..6b5f7d9 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -35,6 +35,7 @@ class User extends Authenticatable * @var array */ protected $hidden = [ + 'email', 'remember_token', ];