diff options
| author | Greg Roach <greg@subaqua.co.uk> | 2021-10-20 10:58:10 +0100 |
|---|---|---|
| committer | Greg Roach <greg@subaqua.co.uk> | 2021-10-20 11:01:02 +0100 |
| commit | 0ea4a3f27557abd0fc7491da72d684de4d58648b (patch) | |
| tree | 0803b92c718b97c16dab78284b181e088e49dd8c /app/Http/RequestHandlers/AddNewFact.php | |
| parent | 52ed2878d1c7187d71305bbff65f608ca6820a24 (diff) | |
| download | webtrees-0ea4a3f27557abd0fc7491da72d684de4d58648b.tar.gz webtrees-0ea4a3f27557abd0fc7491da72d684de4d58648b.tar.bz2 webtrees-0ea4a3f27557abd0fc7491da72d684de4d58648b.zip | |
Fix: #4081 - UPLOAD_MEDIA setting is ignored
Diffstat (limited to 'app/Http/RequestHandlers/AddNewFact.php')
| -rw-r--r-- | app/Http/RequestHandlers/AddNewFact.php | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/app/Http/RequestHandlers/AddNewFact.php b/app/Http/RequestHandlers/AddNewFact.php index 09e0bdef54..f2b248e91c 100644 --- a/app/Http/RequestHandlers/AddNewFact.php +++ b/app/Http/RequestHandlers/AddNewFact.php @@ -21,8 +21,10 @@ namespace Fisharebest\Webtrees\Http\RequestHandlers; use Fisharebest\Webtrees\Auth; use Fisharebest\Webtrees\Fact; +use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; use Fisharebest\Webtrees\Http\ViewResponseTrait; use Fisharebest\Webtrees\Registry; +use Fisharebest\Webtrees\Services\AuthorizationService; use Fisharebest\Webtrees\Services\GedcomEditService; use Fisharebest\Webtrees\Tree; use Psr\Http\Message\ResponseInterface; @@ -41,16 +43,20 @@ class AddNewFact implements RequestHandlerInterface { use ViewResponseTrait; + private AuthorizationService $authorization_service; + private GedcomEditService $gedcom_edit_service; /** * AddNewFact constructor. * - * @param GedcomEditService $gedcom_edit_service + * @param AuthorizationService $authorization_service + * @param GedcomEditService $gedcom_edit_service */ - public function __construct(GedcomEditService $gedcom_edit_service) + public function __construct(AuthorizationService $authorization_service, GedcomEditService $gedcom_edit_service) { - $this->gedcom_edit_service = $gedcom_edit_service; + $this->authorization_service = $authorization_service; + $this->gedcom_edit_service = $gedcom_edit_service; } /** @@ -63,10 +69,12 @@ class AddNewFact implements RequestHandlerInterface $tree = $request->getAttribute('tree'); assert($tree instanceof Tree); - $xref = $request->getAttribute('xref'); - assert(is_string($xref)); + $xref = (string) $request->getAttribute('xref'); + $subtag = (string) $request->getAttribute('fact'); - $subtag = $request->getAttribute('fact'); + if ($subtag === 'OBJE' && !$this->authorization_service->canUploadMedia($tree, Auth::user())) { + throw new HttpAccessDeniedException(); + } $include_hidden = (bool) ($request->getQueryParams()['include_hidden'] ?? false); |
