From d8f08176a29f17f65f03dcdd7095b2ae3a7be8e2 Mon Sep 17 00:00:00 2001
From: Pig Fang <g-plane@hotmail.com>
Date: Tue, 23 Apr 2019 13:09:06 +0800
Subject: [PATCH] Check owner before operating player

---
 app/Http/Controllers/AdminController.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php
index 1ee8d3fc..3e662ee6 100644
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@@ -483,10 +483,12 @@ class AdminController extends Controller
             return json(trans('general.unexistent-player'), 1);
         }
 
-        if ($player->user()->first()->uid !== $currentUser->uid) {
-            if ($player->user->permission >= $currentUser->permission) {
-                return json(trans('admin.players.no-permission'), 1);
-            }
+        $owner = $player->user;
+        if (
+            $owner && $owner->uid !== $currentUser->uid &&
+            $owner->permission >= $currentUser->permission
+        ) {
+            return json(trans('admin.players.no-permission'), 1);
         }
 
         if ($action == 'texture') {
@@ -506,7 +508,7 @@ class AdminController extends Controller
             return json(trans('admin.players.textures.success', ['player' => $player->name]), 0);
         } elseif ($action == 'owner') {
             $this->validate($request, [
-                'uid'   => 'required|integer',
+                'uid' => 'required|integer',
             ]);
 
             $user = User::find($request->uid);
@@ -531,8 +533,7 @@ class AdminController extends Controller
             $player->name = $name;
             $player->save();
 
-            if (option('single_player', false)) {
-                $owner = $player->user;
+            if (option('single_player', false) && $owner) {
                 $owner->nickname = $name;
                 $owner->save();
             }