Some security and chat improvements

author: Marvin Borner 2018-04-30 16:10:57 +0200
committer: Marvin Borner 2018-04-30 16:10:57 +0200
commit: 95bc0f7b8fe62348c817beaf2e93ec6781bc5cf9 (patch)
tree: 1a1d28aea2456bc31c4e9513811ab33b6d94cc27 /main/app/sprinkles/core/src/Controller
parent: 2ee63a230647060159f2b9cfb4891365c9d36c6b (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/main/app/sprinkles/core/src/Controller/CoreController.php b/main/app/sprinkles/core/src/Controller/CoreController.php
index be88b47..b4d0f83 100644
--- a/main/app/sprinkles/core/src/Controller/CoreController.php
+++ b/main/app/sprinkles/core/src/Controller/CoreController.php
@@ -8,9 +8,8 @@
 
 namespace UserFrosting\Sprinkle\Core\Controller;
 
-use Psr\Http\Message\ServerRequestInterface as Request;
-use Psr\Http\Message\ResponseInterface as Response;
 use Slim\Exception\NotFoundException as NotFoundException;
+use UserFrosting\Support\Exception\ForbiddenException;
 use Illuminate\Database\Capsule\Manager as DB;
 
 /**
@@ -40,6 +39,13 @@ class CoreController extends SimpleController
             ->orderBy('Created')
             ->get();
 
+        // AUTHORIZATION - ONLY FOR ADMINS RIGHT KNOW (BUILD PROCESS)
+        $authorizer = $this->ci->authorizer;
+        $currentUser = $this->ci->currentUser;
+        if (!$authorizer->checkAccess($currentUser, 'update_site_config')) {
+            throw new ForbiddenException();
+        }
+
         return $this->ci->view->render($response, 'pages/index.html.twig', [
             'friends' => $friends,
             'FeedImages' => $FeedImages
author	Marvin Borner	2018-04-30 16:10:57 +0200
committer	Marvin Borner	2018-04-30 16:10:57 +0200
commit	95bc0f7b8fe62348c817beaf2e93ec6781bc5cf9 (patch)
tree	1a1d28aea2456bc31c4e9513811ab33b6d94cc27 /main/app/sprinkles/core/src/Controller
parent	2ee63a230647060159f2b9cfb4891365c9d36c6b (diff)