prevent logged out users from access settings

This commit is contained in:
Pachira 2016-12-09 19:11:31 +01:00
parent 19c4740ada
commit 5f9e78cf4a
2 changed files with 5 additions and 1 deletions

View file

@ -245,7 +245,6 @@ class AccountController extends Controller
];
if (session_check() && $rank && $mode) {
// Check if user has this rank
if (!CurrentSession::$user->hasRanks([$rank])) {
return $this->json(['error' => "You aren't a part of this rank!"]);
}

View file

@ -6,6 +6,7 @@
namespace Sakura\Controllers\Settings;
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
use Sakura\Controllers\Controller as BaseController;
use Sakura\CurrentSession;
use Sakura\Template;
@ -22,6 +23,10 @@ class Controller extends BaseController
*/
public function __construct()
{
if (!CurrentSession::$user->activated) {
throw new HttpMethodNotAllowedException;
}
Template::vars(['navigation' => $this->navigation()]);
}