From fc773b25b3de455f7e74334156926f644f04db98 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Wed, 18 Sep 2019 14:09:30 +0200
Subject: Use 403 forbidden on shifts json, atom export and ical export

---
 includes/pages/user_atom.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'includes/pages/user_atom.php')

diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php
index 8e5b4858..a491fea7 100644
--- a/includes/pages/user_atom.php
+++ b/includes/pages/user_atom.php
@@ -1,6 +1,7 @@
 <?php
 
 use Engelsystem\Database\DB;
+use Engelsystem\Http\Exceptions\HttpForbidden;
 
 /**
  * Publically available page to feed the news to feed readers
@@ -8,17 +9,18 @@ use Engelsystem\Database\DB;
 function user_atom()
 {
     $request = request();
+    $user = auth()->apiUser('key');
 
-    if (!$request->has('key') || !preg_match('/^[\da-f]{32}$/', $request->input('key'))) {
-        engelsystem_error('Missing key.');
+    if (
+        !$request->has('key')
+        || !preg_match('/^[\da-f]{32}$/', $request->input('key'))
+        || empty($user)
+    ) {
+        throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']);
     }
 
-    $user = auth()->apiUser('key');
-    if (empty($user)) {
-        engelsystem_error('Key invalid.');
-    }
     if (!auth()->can('atom')) {
-        engelsystem_error('No privilege for atom.');
+        throw new HttpForbidden('Not allowed', ['content-type' => 'text/text']);
     }
 
     $news = DB::select('
-- 
cgit v1.2.3-70-g09d2