From f297605995a19995dddfa0539a4b2e03119e80dd Mon Sep 17 00:00:00 2001
From: fsociety <fsociety.mp3@pm.me>
Date: Fri, 25 Oct 2024 12:20:08 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A7=20fix(association):=20update=20aut?=
 =?UTF-8?q?horization=20check=20for=20project=20proposal=20based=20on=20cu?=
 =?UTF-8?q?rrentPleb=20membership=20and=20pubkey?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../project-support/form/[ProjectProposal:slug].blade.php    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/resources/views/pages/association/project-support/form/[ProjectProposal:slug].blade.php b/resources/views/pages/association/project-support/form/[ProjectProposal:slug].blade.php
index 4db67ed..11f91fd 100644
--- a/resources/views/pages/association/project-support/form/[ProjectProposal:slug].blade.php
+++ b/resources/views/pages/association/project-support/form/[ProjectProposal:slug].blade.php
@@ -35,7 +35,10 @@ on([
     'nostrLoggedIn' => function ($pubkey) {
         $this->currentPubkey = $pubkey;
         $this->currentPleb = \App\Models\EinundzwanzigPleb::query()->where('pubkey', $pubkey)->first();
-        if ($this->currentPleb->id !== $this->projectProposal->einundzwanzig_pleb_id) {
+        if (
+            $this->currentPleb->id !== $this->projectProposal->einundzwanzig_pleb_id
+            || !in_array($this->currentPleb->npub, config('einundzwanzig.config.current_board'), true)
+        ) {
             return $this->js('alert("Du bist hierzu nicht berechtigt.")');
         }
         $this->isAllowed = true;