summaryrefslogtreecommitdiff
path: root/includes/controller
diff options
context:
space:
mode:
authorIgor Scheller <igor.scheller@igorshp.de>2019-09-18 14:09:30 +0200
committerIgor Scheller <igor.scheller@igorshp.de>2019-09-18 14:09:30 +0200
commit35b820cd7de904e50bd78cee197ebd379985ec58 (patch)
tree68a1c082839fb626a9cf0594d995348b741f06a1 /includes/controller
parent154625bc8a69265f78293ae47f9c63dd79858701 (diff)
Use 403 forbidden on shifts json, atom export and ical export
Diffstat (limited to 'includes/controller')
-rw-r--r--includes/controller/shifts_controller.php16
1 files changed, 9 insertions, 7 deletions
diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php
index caf124ba..726814cf 100644
--- a/includes/controller/shifts_controller.php
+++ b/includes/controller/shifts_controller.php
@@ -1,5 +1,6 @@
<?php
+use Engelsystem\Http\Exceptions\HttpForbidden;
use Engelsystem\ShiftSignupState;
/**
@@ -348,17 +349,18 @@ function shift_next_controller()
function shifts_json_export_controller()
{
$request = request();
+ $user = auth()->apiUser('key');
- if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) {
- engelsystem_error('Missing key.');
+ if (
+ !$request->has('key')
+ || !preg_match('/^[\da-f]{32}$/', $request->input('key'))
+ || !$user
+ ) {
+ throw new HttpForbidden('{"error":"Missing or invalid key"}', ['content-type' => 'application/json']);
}
- $user = auth()->apiUser('key');
- if (!$user) {
- engelsystem_error('Key invalid.');
- }
if (!auth()->can('shifts_json_export')) {
- engelsystem_error('No privilege for shifts_json_export.');
+ throw new HttpForbidden('{"error":"Not allowed"}', ['content-type' => 'application/json']);
}
$shifts = load_ical_shifts();