diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2023-03-02 21:54:17 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2023-03-02 21:54:17 +0100 |
| commit | aa56023788812ca8071bee8c3fd8064d0fa6c628 (patch) | |
| tree | 72974e733292294c677da3b6db52677753211b08 | |
| parent | 6a734a094be259faca8f34a3a4653ba0c8535b27 (diff) | |
user_status redirect: check visibility independent of token
| -rwxr-xr-x | lib/Travelynx/Controller/Traveling.pm | 43 |
1 files changed, 19 insertions, 24 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm index 6a8e1f9..e627ae5 100755 --- a/lib/Travelynx/Controller/Traveling.pm +++ b/lib/Travelynx/Controller/Traveling.pm @@ -528,32 +528,27 @@ sub user_status { ) ) { - my $token = $self->param('token'); - if ($token) { - my $visibility = $self->compute_effective_visibility( - $user->{default_visibility_str}, - $journey->{visibility_str} - ); - if ( - $visibility eq 'public' - or ( $visibility eq 'unlisted' - and $self->journey_token_ok( $journey, $ts ) ) - or ( - $visibility eq 'travelynx' - and ( $self->is_user_authenticated - or $self->journey_token_ok( $journey, $ts ) ) - ) - ) - { - $self->redirect_to( - "/p/${name}/j/$journey->{id}?token=${token}-${ts}"); - } - else { - $self->render('not_found'); - } + my $visibility + = $self->compute_effective_visibility( + $user->{default_visibility_str}, + $journey->{visibility_str} ); + if ( + $visibility eq 'public' + or ( $visibility eq 'unlisted' + and $self->journey_token_ok( $journey, $ts ) ) + or ( + $visibility eq 'travelynx' + and ( $self->is_user_authenticated + or $self->journey_token_ok( $journey, $ts ) ) + ) + ) + { + my $token = $self->param('token') // q{}; + $self->redirect_to( + "/p/${name}/j/$journey->{id}?token=${token}-${ts}"); } else { - $self->redirect_to("/p/${name}/j/$journey->{id}"); + $self->render('not_found'); } return; } |