prevent logged out users from access settings

This commit is contained in:
flash 2016-12-09 19:11:31 +01:00
parent 19c4740ada
commit 5f9e78cf4a
2 changed files with 5 additions and 1 deletions

View file

@ -245,7 +245,6 @@ class AccountController extends Controller
]; ];
if (session_check() && $rank && $mode) { if (session_check() && $rank && $mode) {
// Check if user has this rank
if (!CurrentSession::$user->hasRanks([$rank])) { if (!CurrentSession::$user->hasRanks([$rank])) {
return $this->json(['error' => "You aren't a part of this rank!"]); return $this->json(['error' => "You aren't a part of this rank!"]);
} }

View file

@ -6,6 +6,7 @@
namespace Sakura\Controllers\Settings; namespace Sakura\Controllers\Settings;
use Phroute\Phroute\Exception\HttpMethodNotAllowedException;
use Sakura\Controllers\Controller as BaseController; use Sakura\Controllers\Controller as BaseController;
use Sakura\CurrentSession; use Sakura\CurrentSession;
use Sakura\Template; use Sakura\Template;
@ -22,6 +23,10 @@ class Controller extends BaseController
*/ */
public function __construct() public function __construct()
{ {
if (!CurrentSession::$user->activated) {
throw new HttpMethodNotAllowedException;
}
Template::vars(['navigation' => $this->navigation()]); Template::vars(['navigation' => $this->navigation()]);
} }