diff options
| author | Daniel Friesel <daniel.friesel@uos.de> | 2023-03-02 17:54:09 +0100 |
|---|---|---|
| committer | Daniel Friesel <daniel.friesel@uos.de> | 2023-03-02 17:54:09 +0100 |
| commit | d35c49b55d20afc247360f0829f704325bb1fbec (patch) | |
| tree | e8aaeb1c60fbba82287fb7548abde4b4862f3c91 | |
| parent | 09a4f1ce0b08a7c5f69728fa4911184d4a9b6be2 (diff) | |
user status: only redirect to journey if journey is visible
| -rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index 9f00f9d..f094279 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -519,21 +519,41 @@ sub user_status { or $status->{sched_departure}->epoch != $ts ) ) { - for my $candidate ( + for my $journey ( $self->journeys->get( - uid => $user->{id}, - sched_dep_ts => $ts, - limit => 1, + uid => $user->{id}, + sched_dep_ts => $ts, + limit => 1, + with_visibility => 1, ) ) { my $token = $self->param('token'); if ($token) { - $self->redirect_to( - "/p/${name}/j/$candidate->{id}?token=${token}-${ts}"); + my $visibility = $self->compute_effective_visibility( + $user->{default_visibility_str}, + $journey->{visibility_str} + ); + if ( + $visibility eq 'public' + or ( $visibility eq 'unlisted' + and $self->journey_token_ok( $journey, $ts ) ) + or ( + $visibility eq 'travelynx' + and ( $self->is_user_authenticated + or $self->journey_token_ok( $journey, $ts ) ) + ) + ) + { + $self->redirect_to( + "/p/${name}/j/$journey->{id}?token=${token}-${ts}"); + } + else { + $self->render('not_found'); + } } else { - $self->redirect_to("/p/${name}/j/$candidate->{id}"); + $self->redirect_to("/p/${name}/j/$journey->{id}"); } return; } |