mirror/blessing-skin-server
2
0
Fork 1
mirror of https://github.com/bs-community/blessing-skin-server.git synced 2024-12-21 06:19:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check owner before operating player

Browse Source
This commit is contained in:
Pig Fang 2019-04-23 13:09:06 +08:00
parent b70004ec0f
commit d8f08176a2
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Http/Controllers/AdminController.php
View File

@ -483,10 +483,12 @@ class AdminController extends Controller
return json(trans('general.unexistent-player'), 1);
}
if ($player->user()->first()->uid !== $currentUser->uid) {
if ($player->user->permission >= $currentUser->permission) {
return json(trans('admin.players.no-permission'), 1);
}
$owner = $player->user;
if (
$owner && $owner->uid !== $currentUser->uid &&
$owner->permission >= $currentUser->permission
) {
return json(trans('admin.players.no-permission'), 1);
}
if ($action == 'texture') {
@ -506,7 +508,7 @@ class AdminController extends Controller
return json(trans('admin.players.textures.success', ['player' => $player->name]), 0);
} elseif ($action == 'owner') {
$this->validate($request, [
'uid' => 'required|integer',
'uid' => 'required|integer',
]);
$user = User::find($request->uid);
@ -531,8 +533,7 @@ class AdminController extends Controller
$player->name = $name;
$player->save();
if (option('single_player', false)) {
$owner = $player->user;
if (option('single_player', false) && $owner) {
$owner->nickname = $name;
$owner->save();
}