summaryrefslogtreecommitdiff
path: root/app/Http/RequestHandlers/AddNewFact.php
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2021-10-20 10:58:10 +0100
committerGreg Roach <greg@subaqua.co.uk>2021-10-20 11:01:02 +0100
commit0ea4a3f27557abd0fc7491da72d684de4d58648b (patch)
tree0803b92c718b97c16dab78284b181e088e49dd8c /app/Http/RequestHandlers/AddNewFact.php
parent52ed2878d1c7187d71305bbff65f608ca6820a24 (diff)
downloadwebtrees-0ea4a3f27557abd0fc7491da72d684de4d58648b.tar.gz
webtrees-0ea4a3f27557abd0fc7491da72d684de4d58648b.tar.bz2
webtrees-0ea4a3f27557abd0fc7491da72d684de4d58648b.zip
Fix: #4081 - UPLOAD_MEDIA setting is ignored
Diffstat (limited to 'app/Http/RequestHandlers/AddNewFact.php')
-rw-r--r--app/Http/RequestHandlers/AddNewFact.php20
1 files changed, 14 insertions, 6 deletions
diff --git a/app/Http/RequestHandlers/AddNewFact.php b/app/Http/RequestHandlers/AddNewFact.php
index 09e0bdef54..f2b248e91c 100644
--- a/app/Http/RequestHandlers/AddNewFact.php
+++ b/app/Http/RequestHandlers/AddNewFact.php
@@ -21,8 +21,10 @@ namespace Fisharebest\Webtrees\Http\RequestHandlers;
use Fisharebest\Webtrees\Auth;
use Fisharebest\Webtrees\Fact;
+use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\Registry;
+use Fisharebest\Webtrees\Services\AuthorizationService;
use Fisharebest\Webtrees\Services\GedcomEditService;
use Fisharebest\Webtrees\Tree;
use Psr\Http\Message\ResponseInterface;
@@ -41,16 +43,20 @@ class AddNewFact implements RequestHandlerInterface
{
use ViewResponseTrait;
+ private AuthorizationService $authorization_service;
+
private GedcomEditService $gedcom_edit_service;
/**
* AddNewFact constructor.
*
- * @param GedcomEditService $gedcom_edit_service
+ * @param AuthorizationService $authorization_service
+ * @param GedcomEditService $gedcom_edit_service
*/
- public function __construct(GedcomEditService $gedcom_edit_service)
+ public function __construct(AuthorizationService $authorization_service, GedcomEditService $gedcom_edit_service)
{
- $this->gedcom_edit_service = $gedcom_edit_service;
+ $this->authorization_service = $authorization_service;
+ $this->gedcom_edit_service = $gedcom_edit_service;
}
/**
@@ -63,10 +69,12 @@ class AddNewFact implements RequestHandlerInterface
$tree = $request->getAttribute('tree');
assert($tree instanceof Tree);
- $xref = $request->getAttribute('xref');
- assert(is_string($xref));
+ $xref = (string) $request->getAttribute('xref');
+ $subtag = (string) $request->getAttribute('fact');
- $subtag = $request->getAttribute('fact');
+ if ($subtag === 'OBJE' && !$this->authorization_service->canUploadMedia($tree, Auth::user())) {
+ throw new HttpAccessDeniedException();
+ }
$include_hidden = (bool) ($request->getQueryParams()['include_hidden'] ?? false);