Use 403 forbidden on shifts json, atom export and ical export

author: Igor Scheller <igor.scheller@igorshp.de> 2019-09-18 14:09:30 +0200
committer: msquare <msquare@notrademark.de> 2019-10-13 13:15:08 +0200
commit: fc773b25b3de455f7e74334156926f644f04db98 (patch)
tree: de2f5bd698d666f782eb4d86afdd387959364d7e /includes/pages/user_ical.php
parent: c9ebaa972cb2a16e16ffc78080f03342eae5d874 (diff)
1 files changed, 10 insertions, 7 deletions
diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php
index ee3a8340..2f3a7ccc 100644
--- a/includes/pages/user_ical.php
+++ b/includes/pages/user_ical.php
@@ -1,22 +1,25 @@
 <?php
 
+use Engelsystem\Http\Exceptions\HttpForbidden;
+
 /**
  * Controller for ical output of users own shifts or any user_shifts filter.
  */
 function user_ical()
 {
     $request = request();
+    $user = auth()->apiUser('key');
 
-    if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) {
-        engelsystem_error('Missing key.');
+    if (
+        !$request->has('key')
+        || !preg_match('/^[\da-f]{32}$/', $request->input('key'))
+        || !$user
+    ) {
+        throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']);
     }
 
-    $user = auth()->apiUser('key');
-    if (!$user) {
-        engelsystem_error('Key invalid.');
-    }
     if (!auth()->can('ical')) {
-        engelsystem_error('No privilege for ical.');
+        throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']);
     }
 
     $ical_shifts = load_ical_shifts();
author	Igor Scheller <igor.scheller@igorshp.de>	2019-09-18 14:09:30 +0200
committer	msquare <msquare@notrademark.de>	2019-10-13 13:15:08 +0200
commit	fc773b25b3de455f7e74334156926f644f04db98 (patch)
tree	de2f5bd698d666f782eb4d86afdd387959364d7e /includes/pages/user_ical.php
parent	c9ebaa972cb2a16e16ffc78080f03342eae5d874 (diff)