kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-12 15:35:15 +00:00
Code Issues Projects Releases Wiki Activity

fix: prevent the demo user from changing the slack URL

Browse Source
This commit is contained in:
James Cole
2023-07-18 07:15:41 +02:00
parent 30cca355ba
commit 982134c077
1 changed files with 15 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
app/Http/Controllers/PreferencesController.php
View File

@@ -133,6 +133,13 @@ class PreferencesController extends Controller
$frontPageAccounts = $accountIds; $frontPageAccounts = $accountIds;
} }
// for the demo user, the slackUrl is automatically emptied.
// this isn't really secure but it means that the demo site has a semi-secret
// slackUrl.
if (auth()->user()->hasRole('demo')) {
$slackUrl = '';
}
return view( return view(
'preferences.index', 'preferences.index',
compact( compact(
@@ -198,12 +205,14 @@ class PreferencesController extends Controller
// slack URL: // slack URL:
$url = (string)$request->get('slackUrl'); if (!auth()->user()->hasRole('demo')) {
if (str_starts_with($url, 'https://hooks.slack.com/services/')) { $url = (string)$request->get('slackUrl');
app('preferences')->set('slack_webhook_url', $url); if (str_starts_with($url, 'https://hooks.slack.com/services/')) {
} app('preferences')->set('slack_webhook_url', $url);
if ('' === $url) { }
app('preferences')->delete('slack_webhook_url'); if ('' === $url) {
app('preferences')->delete('slack_webhook_url');
}
} }
// custom fiscal year // custom fiscal year