tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #859 from opensupports/forbid-get-supervised-tickets-path-to-staffs 

Forbids call to /get-supervised-tickets from staff
This commit is contained in:
Maximiliano Redigonda 2020-07-31 12:03:14 -03:00 committed by GitHub
parent 38c90e2c07 785e2d8ac5
commit 76b7e2c6e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/controllers/user/get-supervised-tickets.php
View File

@ -52,6 +52,8 @@ class GetSupervisedTicketController extends Controller {
private $supervisedUserList; private $supervisedUserList;
public function handler() { public function handler() {
if(Controller::isStaffLogged()) throw new RequestException(ERRORS::NO_PERMISSION);
$this->page = Controller::request('page') ? Controller::request('page') : 1; $this->page = Controller::request('page') ? Controller::request('page') : 1;
$this->showOwnTickets = (bool)Controller::request('showOwnTickets'); $this->showOwnTickets = (bool)Controller::request('showOwnTickets');
$this->supervisedUserList = Controller::request('supervisedUsers')? json_decode(Controller::request('supervisedUsers')) : []; $this->supervisedUserList = Controller::request('supervisedUsers')? json_decode(Controller::request('supervisedUsers')) : [];