RPJosh
/
memories
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add permission check

pull/62/head
Varun Patil 2022-09-25 08:09:04 -07:00
parent 5296448311
commit 507a1c19a1
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/Controller/ApiController.php
View File

@ -260,7 +260,6 @@ class ApiController extends Controller {
/** /**
* @NoAdminRequired * @NoAdminRequired
* @NoCSRFRequired
* *
* Change exif data for one file * Change exif data for one file
* @param string fileid * @param string fileid
@ -279,7 +278,10 @@ class ApiController extends Controller {
} }
$file = $file[0]; $file = $file[0];
// TODO: check permissions // Check if user has permissions
if (!$file->isUpdateable()) {
return new JSONResponse([], Http::STATUS_FORBIDDEN);
}
// Get new date from body // Get new date from body
$body = $this->request->getParams(); $body = $this->request->getParams();