NoLog.cz/gancio-upstream
6
0
Fork 0
mirror of https://framagit.org/les/gancio.git synced 2025-01-31 16:42:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

verify event permission in UI, fix #213

Browse source
This commit is contained in:
lesion 2022-12-02 14:31:41 +01:00
parent d3b6adf4e0
commit 593cf6c6d6
No known key found for this signature in database
GPG key ID: 352918250B012177
1 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
pages/add/_edit.vue
View file

@ -91,17 +91,33 @@ export default {
WhereInput, WhereInput,
DateInput DateInput
}, },
validate({ store }) { validate({ store, params, error }) {
return (store.state.auth.loggedIn || store.state.settings.allow_anon_event) // should we allow anon event?
if(!store.state.settings.allow_anon_event && !store.state.auth.loggedIn) {
return error({ statusCode: 401, message: 'Not allowed'})
}
// do not allow edit to anon users
if (params.edit && !store.state.auth.loggedIn) {
return error({ statusCode: 401, message: 'Not allowed'})
}
return true
}, },
async asyncData({ params, $axios, error }) { async asyncData({ params, $axios, error, $auth, store }) {
if (params.edit) { if (params.edit) {
const data = { event: { place: {}, media: [] } } const data = { event: { place: {}, media: [] } }
data.id = params.edit data.id = params.edit
data.edit = true data.edit = true
let event let event
try { try {
event = await $axios.$get('/event/' + data.id) event = await $axios.$get('/event/' + data.id)
if (!$auth.user.is_admin && $auth.user.id !== event.userId) {
error({ statusCode: 401, message: 'Not allowed' })
return {}
}
} catch (e) { } catch (e) {
error({ statusCode: 404, message: 'Event not found!' }) error({ statusCode: 404, message: 'Event not found!' })
return {} return {}