kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 23:45:10 +00:00
Code Issues Projects Releases Wiki Activity

fix: prevent the demo user from changing the slack URL

Browse Source
This commit is contained in:
James Cole
2023-07-18 07:15:41 +02:00
parent 30cca355ba
commit 982134c077
1 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Controllers/PreferencesController.php
View File

@@ -133,6 +133,13 @@ class PreferencesController extends Controller
$frontPageAccounts = $accountIds; $frontPageAccounts = $accountIds;
} }
// for the demo user, the slackUrl is automatically emptied.
// this isn't really secure but it means that the demo site has a semi-secret
// slackUrl.
if (auth()->user()->hasRole('demo')) {
$slackUrl = '';
}
return view( return view(
'preferences.index', 'preferences.index',
compact( compact(
@@ -198,6 +205,7 @@ class PreferencesController extends Controller
// slack URL: // slack URL:
if (!auth()->user()->hasRole('demo')) {
$url = (string)$request->get('slackUrl'); $url = (string)$request->get('slackUrl');
if (str_starts_with($url, 'https://hooks.slack.com/services/')) { if (str_starts_with($url, 'https://hooks.slack.com/services/')) {
app('preferences')->set('slack_webhook_url', $url); app('preferences')->set('slack_webhook_url', $url);
@@ -205,6 +213,7 @@ class PreferencesController extends Controller
if ('' === $url) { if ('' === $url) {
app('preferences')->delete('slack_webhook_url'); app('preferences')->delete('slack_webhook_url');
} }
}
// custom fiscal year // custom fiscal year
$customFiscalYear = 1 === (int)$request->get('customFiscalYear'); $customFiscalYear = 1 === (int)$request->get('customFiscalYear');