diff options
| author | nsfisis <nsfisis@gmail.com> | 2024-03-07 06:45:35 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2024-03-07 06:45:35 +0900 |
| commit | 39736a81c4933f697d12fe4c993dc2ad3ae90f90 (patch) | |
| tree | 5e2efd56a428e4ca48ed241f1c5ef87916dfa023 /services/app/src | |
| parent | c19c84cd11380901c3f8ea60fa0319cca8d7b7d3 (diff) | |
| download | phperkaigi-2024-albatross-39736a81c4933f697d12fe4c993dc2ad3ae90f90.tar.gz phperkaigi-2024-albatross-39736a81c4933f697d12fe4c993dc2ad3ae90f90.tar.zst phperkaigi-2024-albatross-39736a81c4933f697d12fe4c993dc2ad3ae90f90.zip | |
fix issue where any one can see any answers
Diffstat (limited to 'services/app/src')
| -rw-r--r-- | services/app/src/App.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/services/app/src/App.php b/services/app/src/App.php index e7d2816..3eedfe7 100644 --- a/services/app/src/App.php +++ b/services/app/src/App.php @@ -388,7 +388,7 @@ final class App throw new HttpNotFoundException($request); } $currentUser = $this->getCurrentUser($request); - if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser?->user_id) { + if (!$quiz->isFinished() && $answer->author_id !== $currentUser?->user_id) { throw new HttpForbiddenException($request); } @@ -887,7 +887,7 @@ final class App if ($quiz === null) { throw new HttpNotFoundException($request); } - if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser->user_id) { + if (!$quiz->isFinished() && $answer->author_id !== $currentUser->user_id) { throw new HttpForbiddenException($request); } |