einundzwanzig/einundzwanzig-verein
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-nostr.git synced 2025-12-13 05:26:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

🚫 fix(permissions): update unauthorized access alerts for member and election management pages

Browse Source
This commit is contained in:
fsociety
2024-10-07 14:26:49 +02:00
parent ef109b87a3
commit 5b0f55ba95
4 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
resources/views/pages/association/election/[Election:year].blade.php
View File

@@ -59,7 +59,7 @@ on([
$this->currentPubkey = $pubkey; $this->currentPubkey = $pubkey;
$this->currentPleb = \App\Models\EinundzwanzigPleb::query()->where('pubkey', $pubkey)->first(); $this->currentPleb = \App\Models\EinundzwanzigPleb::query()->where('pubkey', $pubkey)->first();
if ($this->currentPleb->association_status->value < 3) { if ($this->currentPleb->association_status->value < 3) {
return redirect()->route('association.profile'); return $this->js('alert("Du bist nicht berechtigt, an der Wahl teilzunehmen.")');
} }
$logPubkeys = [ $logPubkeys = [
'0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033', '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033',

5
resources/views/pages/association/election/admin/[Election:year].blade.php
View File

@@ -74,9 +74,8 @@ on([
'0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033', '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033',
'430169631f2f0682c60cebb4f902d68f0c71c498fd1711fd982f052cf1fd4279', '430169631f2f0682c60cebb4f902d68f0c71c498fd1711fd982f052cf1fd4279',
], ],
!in_array($this->currentPubkey, $allowedPubkeys, true) ? redirect()->route( !in_array($this->currentPubkey, $allowedPubkeys, true) ?
'association.profile', $this->js('alert("Du bist hierzu nicht berechtigt.")') : $this->isAllowed = true,
) : $this->isAllowed = true,
], ],
'echo:votes,.newVote' => fn() 'echo:votes,.newVote' => fn()
=> [ => [

2
resources/views/pages/association/election/index.blade.php
View File

@@ -37,7 +37,7 @@ on([
$this->currentPleb = \App\Models\EinundzwanzigPleb::query() $this->currentPleb = \App\Models\EinundzwanzigPleb::query()
->where('pubkey', $pubkey)->first(); ->where('pubkey', $pubkey)->first();
if ($this->currentPubkey !== '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033') { if ($this->currentPubkey !== '0adf67475ccc5ca456fd3022e46f5d526eb0af6284bf85494c0dd7847f3e5033') {
return redirect()->route('association.profile'); return $this->js('alert("Du bist nicht berechtigt, Wahlen zu bearbeiten.")');
} }
$this->isAllowed = true; $this->isAllowed = true;
}, },

2
resources/views/pages/association/members/admin.blade.php
View File

@@ -34,7 +34,7 @@ on([
'430169631f2f0682c60cebb4f902d68f0c71c498fd1711fd982f052cf1fd4279', '430169631f2f0682c60cebb4f902d68f0c71c498fd1711fd982f052cf1fd4279',
]; ];
if (!in_array($this->currentPubkey, $allowedPubkeys, true)) { if (!in_array($this->currentPubkey, $allowedPubkeys, true)) {
return redirect()->route('association.profile'); return $this->js('alert("Du bist nicht berechtigt, Mitglieder zu bearbeiten.")');
} }
$this->isAllowed = true; $this->isAllowed = true;
}, },