From 95bc0f7b8fe62348c817beaf2e93ec6781bc5cf9 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Mon, 30 Apr 2018 16:10:57 +0200
Subject: Some security and chat improvements

---
 main/app/sprinkles/core/src/Controller/CoreController.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'main/app/sprinkles/core/src/Controller')

diff --git a/main/app/sprinkles/core/src/Controller/CoreController.php b/main/app/sprinkles/core/src/Controller/CoreController.php
index be88b47..b4d0f83 100644
--- a/main/app/sprinkles/core/src/Controller/CoreController.php
+++ b/main/app/sprinkles/core/src/Controller/CoreController.php
@@ -8,9 +8,8 @@
 
 namespace UserFrosting\Sprinkle\Core\Controller;
 
-use Psr\Http\Message\ServerRequestInterface as Request;
-use Psr\Http\Message\ResponseInterface as Response;
 use Slim\Exception\NotFoundException as NotFoundException;
+use UserFrosting\Support\Exception\ForbiddenException;
 use Illuminate\Database\Capsule\Manager as DB;
 
 /**
@@ -40,6 +39,13 @@ class CoreController extends SimpleController
             ->orderBy('Created')
             ->get();
 
+        // AUTHORIZATION - ONLY FOR ADMINS RIGHT KNOW (BUILD PROCESS)
+        $authorizer = $this->ci->authorizer;
+        $currentUser = $this->ci->currentUser;
+        if (!$authorizer->checkAccess($currentUser, 'update_site_config')) {
+            throw new ForbiddenException();
+        }
+
         return $this->ci->view->render($response, 'pages/index.html.twig', [
             'friends' => $friends,
             'FeedImages' => $FeedImages
-- 
cgit v1.2.3