From 39736a81c4933f697d12fe4c993dc2ad3ae90f90 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Thu, 7 Mar 2024 06:45:35 +0900
Subject: fix issue where any one can see any answers

---
 services/app/src/App.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'services/app/src')

diff --git a/services/app/src/App.php b/services/app/src/App.php
index e7d2816..3eedfe7 100644
--- a/services/app/src/App.php
+++ b/services/app/src/App.php
@@ -388,7 +388,7 @@ final class App
             throw new HttpNotFoundException($request);
         }
         $currentUser = $this->getCurrentUser($request);
-        if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser?->user_id) {
+        if (!$quiz->isFinished() && $answer->author_id !== $currentUser?->user_id) {
             throw new HttpForbiddenException($request);
         }
 
@@ -887,7 +887,7 @@ final class App
         if ($quiz === null) {
             throw new HttpNotFoundException($request);
         }
-        if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser->user_id) {
+        if (!$quiz->isFinished() && $answer->author_id !== $currentUser->user_id) {
             throw new HttpForbiddenException($request);
         }
 
-- 
cgit v1.2.3-70-g09d2