From 963334e5ee07fa758cd762f7f22dda3f52a025f1 Mon Sep 17 00:00:00 2001 From: Pig Fang Date: Thu, 20 Aug 2020 08:53:43 +0800 Subject: [PATCH] refactor access control --- app/Http/Controllers/SkinlibController.php | 31 ++++++++++++++-------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/app/Http/Controllers/SkinlibController.php b/app/Http/Controllers/SkinlibController.php index c5017d9f..eab52d54 100644 --- a/app/Http/Controllers/SkinlibController.php +++ b/app/Http/Controllers/SkinlibController.php @@ -34,6 +34,26 @@ class SkinlibController extends Controller return $next($request); })->only(['rename', 'privacy', 'type', 'delete']); + + $this->middleware(function (Request $request, $next) { + /** @var User */ + $user = $request->user(); + /** @var Texture */ + $texture = $request->route('texture'); + + if (!$texture->public) { + if (!Auth::check() || ($user->uid != $texture->uploader && !$user->isAdmin())) { + $statusCode = (int) option('status_code_for_private'); + if ($statusCode === 404) { + abort($statusCode, trans('skinlib.show.deleted')); + } else { + abort(403, trans('skinlib.show.private')); + } + } + } + + return $next($request); + })->only(['show', 'info']); } public function library(Request $request) @@ -91,17 +111,6 @@ class SkinlibController extends Controller abort(404, trans('skinlib.show.deleted')); } - if (!$texture->public) { - if (!Auth::check() || ($user->uid != $texture->uploader && !$user->isAdmin())) { - $statusCode = (int) option('status_code_for_private'); - if ($statusCode === 404) { - abort($statusCode, trans('skinlib.show.deleted')); - } else { - abort(403, trans('skinlib.show.private')); - } - } - } - $badges = []; $uploader = $texture->owner; if ($uploader) {