kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-11-19 16:10:00 +00:00
Code Issues Projects Releases Wiki Activity

Disable attachment API for demo users

Browse Source
This commit is contained in:
James Cole
2023-12-30 12:54:21 +01:00
parent d777a1f2b8
commit 2e5bc750d1
8 changed files with 60 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Api/V1/Controllers/Models/Attachment/DestroyController.php
View File

@@ -29,6 +29,8 @@ use FireflyIII\Models\Attachment;
use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface;
use FireflyIII\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Log;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
/**
* Class DestroyController
@@ -64,6 +66,12 @@ class DestroyController extends Controller
*/
public function destroy(Attachment $attachment): JsonResponse
{
if(true === auth()->user()->hasRole('demo')) {
Log::channel('audit')->info(sprintf('Demo user tries to access attachment API in %s', __METHOD__));
throw new NotFoundHttpException();
}
$this->repository->destroy($attachment);
app('preferences')->mark();