security fix and fix parent pages
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
API CI/CD / Validate (composer + pint) (push) Successful in 3m7s
API CI/CD / Test (PHPUnit) (push) Failing after 5m46s
API CI/CD / Build frontend assets (push) Successful in 1m2s
API CI/CD / Security audit (push) Failing after 49s
API CI/CD / Deploy to shared hosting (PHP) (push) Has been skipped
This commit is contained in:
@@ -18,6 +18,15 @@ class RequirePermission
|
||||
return response()->json(['status' => false, 'message' => 'Unauthorized.'], 401);
|
||||
}
|
||||
|
||||
$user = $request->user();
|
||||
$status = strtolower(trim((string) ($user->status ?? '')));
|
||||
$isVerified = filter_var($user->is_verified ?? false, FILTER_VALIDATE_BOOLEAN);
|
||||
$isSuspended = filter_var($user->is_suspended ?? false, FILTER_VALIDATE_BOOLEAN);
|
||||
|
||||
if (! $isVerified || $status !== 'active' || $isSuspended) {
|
||||
return response()->json(['message' => 'Account unavailable.'], 403);
|
||||
}
|
||||
|
||||
if (! $this->permissions->hasPermission($userId, $permission)) {
|
||||
if ($request->expectsJson()) {
|
||||
return response()->json(['status' => false, 'message' => 'Access denied.'], 403);
|
||||
|
||||
Reference in New Issue
Block a user