diff options
| author | nsfisis <nsfisis@gmail.com> | 2024-03-07 06:45:35 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2024-03-07 06:45:35 +0900 |
| commit | 39736a81c4933f697d12fe4c993dc2ad3ae90f90 (patch) | |
| tree | 5e2efd56a428e4ca48ed241f1c5ef87916dfa023 | |
| parent | c19c84cd11380901c3f8ea60fa0319cca8d7b7d3 (diff) | |
| download | phperkaigi-2024-albatross-39736a81c4933f697d12fe4c993dc2ad3ae90f90.tar.gz phperkaigi-2024-albatross-39736a81c4933f697d12fe4c993dc2ad3ae90f90.tar.zst phperkaigi-2024-albatross-39736a81c4933f697d12fe4c993dc2ad3ae90f90.zip | |
fix issue where any one can see any answers
| -rw-r--r-- | services/app/src/App.php | 4 | ||||
| -rw-r--r-- | services/app/templates/answer_list.html.twig | 2 | ||||
| -rw-r--r-- | services/app/templates/quiz_view.html.twig | 2 |
3 files changed, 4 insertions, 4 deletions
diff --git a/services/app/src/App.php b/services/app/src/App.php index e7d2816..3eedfe7 100644 --- a/services/app/src/App.php +++ b/services/app/src/App.php @@ -388,7 +388,7 @@ final class App throw new HttpNotFoundException($request); } $currentUser = $this->getCurrentUser($request); - if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser?->user_id) { + if (!$quiz->isFinished() && $answer->author_id !== $currentUser?->user_id) { throw new HttpForbiddenException($request); } @@ -887,7 +887,7 @@ final class App if ($quiz === null) { throw new HttpNotFoundException($request); } - if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser->user_id) { + if (!$quiz->isFinished() && $answer->author_id !== $currentUser->user_id) { throw new HttpForbiddenException($request); } diff --git a/services/app/templates/answer_list.html.twig b/services/app/templates/answer_list.html.twig index 818a755..0ca3318 100644 --- a/services/app/templates/answer_list.html.twig +++ b/services/app/templates/answer_list.html.twig @@ -46,7 +46,7 @@ {% endif %} </td> <td> - {% if quiz.isOpenToAnswer() and answer.author_id != current_user_id %} + {% if not quiz.isFinished() and answer.author_id != current_user_id %} #{{ answer.answer_number }} {% else %} <a href="{{ url_for('answer_view', { qslug: quiz.slug, anum: answer.answer_number }) }}">#{{ answer.answer_number }}</a> diff --git a/services/app/templates/quiz_view.html.twig b/services/app/templates/quiz_view.html.twig index 44676e2..a42520c 100644 --- a/services/app/templates/quiz_view.html.twig +++ b/services/app/templates/quiz_view.html.twig @@ -42,7 +42,7 @@ <tr> <td>{{ loop.index }}</td> <td> - {% if quiz.isOpenToAnswer() and answer.author_id != current_user_id %} + {% if not quiz.isFinished() and answer.author_id != current_user_id %} #{{ answer.answer_number }} {% else %} <a href="{{ url_for('answer_view', { qslug: quiz.slug, anum: answer.answer_number }) }}">#{{ answer.answer_number }}</a> |