PrivateCoffee/travelynx
4
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

user_status redirect: check visibility independent of token

Browse source
This commit is contained in:
Daniel Friesel 2023-03-02 21:54:17 +01:00
parent 6a734a094b
commit aa56023788
No known key found for this signature in database
GPG key ID: 100D5BFB5166E005
1 changed files with 19 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

43
lib/Travelynx/Controller/Traveling.pm
View file

@ -528,32 +528,27 @@ sub user_status {
) )
) )
{ {
my $token = $self->param('token'); my $visibility
if ($token) { = $self->compute_effective_visibility(
my $visibility = $self->compute_effective_visibility( $user->{default_visibility_str},
$user->{default_visibility_str}, $journey->{visibility_str} );
$journey->{visibility_str} if (
); $visibility eq 'public'
if ( or ( $visibility eq 'unlisted'
$visibility eq 'public' and $self->journey_token_ok( $journey, $ts ) )
or ( $visibility eq 'unlisted' or (
and $self->journey_token_ok( $journey, $ts ) ) $visibility eq 'travelynx'
or ( and ( $self->is_user_authenticated
$visibility eq 'travelynx' or $self->journey_token_ok( $journey, $ts ) )
and ( $self->is_user_authenticated )
or $self->journey_token_ok( $journey, $ts ) ) )
) {
) my $token = $self->param('token') // q{};
{ $self->redirect_to(
$self->redirect_to( "/p/${name}/j/$journey->{id}?token=${token}-${ts}");
"/p/${name}/j/$journey->{id}?token=${token}-${ts}");
}
else {
$self->render('not_found');
}
} }
else { else {
$self->redirect_to("/p/${name}/j/$journey->{id}"); $self->render('not_found');
} }
return; return;
} }