Commit 7b8fc701 authored by Evan Prodromou's avatar Evan Prodromou

don't show notices to out-of-scope viewers

parent e862dcdb
......@@ -79,7 +79,7 @@ class ShownoticeAction extends OwnerDesignAction
$id = $this->arg('notice');
$this->notice = Notice::staticGet($id);
$this->notice = Notice::staticGet('id', $id);
if (empty($this->notice)) {
// Did we used to have it, and it got deleted?
......@@ -94,6 +94,18 @@ class ShownoticeAction extends OwnerDesignAction
return false;
}
$cur = common_current_user();
if (!empty($cur)) {
$curProfile = $cur->getProfile();
} else {
$curProfile = null;
}
if (!$this->notice->inScope($curProfile)) {
throw new ClientException(_('Not available.'), 403);
}
$this->profile = $this->notice->getProfile();
if (empty($this->profile)) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment