IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2024-11-23 01:16:46 -06:00
Code Issues Packages Projects Releases Wiki Activity

fix: prevent the demo user from changing the slack URL

Browse Source
This commit is contained in:
James Cole 2023-07-18 07:15:41 +02:00
parent 30cca355ba
commit 982134c077
No known key found for this signature in database
GPG Key ID: B49A324B7EAD6D80
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Http/Controllers/PreferencesController.php
View File

@ -133,6 +133,13 @@ class PreferencesController extends Controller
$frontPageAccounts = $accountIds;
}
// for the demo user, the slackUrl is automatically emptied.
// this isn't really secure but it means that the demo site has a semi-secret
// slackUrl.
if (auth()->user()->hasRole('demo')) {
$slackUrl = '';
}
return view(
'preferences.index',
compact(
@ -198,6 +205,7 @@ class PreferencesController extends Controller
// slack URL:
if (!auth()->user()->hasRole('demo')) {
$url = (string)$request->get('slackUrl');
if (str_starts_with($url, 'https://hooks.slack.com/services/')) {
app('preferences')->set('slack_webhook_url', $url);
@ -205,6 +213,7 @@ class PreferencesController extends Controller
if ('' === $url) {
app('preferences')->delete('slack_webhook_url');
}
}
// custom fiscal year
$customFiscalYear = 1 === (int)$request->get('customFiscalYear');