mirror/blessing-skin-server
2
0
Fork 1
mirror of https://github.com/bs-community/blessing-skin-server.git synced 2024-12-21 06:19:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Check owner before operating player

Browse Source
This commit is contained in:
Pig Fang 2019-04-23 13:09:06 +08:00
parent b70004ec0f
commit d8f08176a2
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/Http/Controllers/AdminController.php
View File

@ -483,10 +483,12 @@ class AdminController extends Controller
return json(trans('general.unexistent-player'), 1); return json(trans('general.unexistent-player'), 1);
} }
if ($player->user()->first()->uid !== $currentUser->uid) { $owner = $player->user;
if ($player->user->permission >= $currentUser->permission) { if (
return json(trans('admin.players.no-permission'), 1); $owner && $owner->uid !== $currentUser->uid &&
} $owner->permission >= $currentUser->permission
) {
return json(trans('admin.players.no-permission'), 1);
} }
if ($action == 'texture') { if ($action == 'texture') {
@ -506,7 +508,7 @@ class AdminController extends Controller
return json(trans('admin.players.textures.success', ['player' => $player->name]), 0); return json(trans('admin.players.textures.success', ['player' => $player->name]), 0);
} elseif ($action == 'owner') { } elseif ($action == 'owner') {
$this->validate($request, [ $this->validate($request, [
'uid' => 'required|integer', 'uid' => 'required|integer',
]); ]);
$user = User::find($request->uid); $user = User::find($request->uid);
@ -531,8 +533,7 @@ class AdminController extends Controller
$player->name = $name; $player->name = $name;
$player->save(); $player->save();
if (option('single_player', false)) { if (option('single_player', false) && $owner) {
$owner = $player->user;
$owner->nickname = $name; $owner->nickname = $name;
$owner->save(); $owner->save();
} }