summaryrefslogtreecommitdiff
path: root/lib/Travelynx
diff options
context:
space:
mode:
authorDaniel Friesel <daniel.friesel@uos.de>2023-03-02 17:54:09 +0100
committerDaniel Friesel <daniel.friesel@uos.de>2023-03-02 17:54:09 +0100
commitd35c49b55d20afc247360f0829f704325bb1fbec (patch)
treee8aaeb1c60fbba82287fb7548abde4b4862f3c91 /lib/Travelynx
parent09a4f1ce0b08a7c5f69728fa4911184d4a9b6be2 (diff)
user status: only redirect to journey if journey is visible
Diffstat (limited to 'lib/Travelynx')
-rwxr-xr-xlib/Travelynx/Controller/Traveling.pm34
1 files changed, 27 insertions, 7 deletions
diff --git a/lib/Travelynx/Controller/Traveling.pm b/lib/Travelynx/Controller/Traveling.pm
index 9f00f9d..f094279 100755
--- a/lib/Travelynx/Controller/Traveling.pm
+++ b/lib/Travelynx/Controller/Traveling.pm
@@ -519,21 +519,41 @@ sub user_status {
or $status->{sched_departure}->epoch != $ts )
)
{
- for my $candidate (
+ for my $journey (
$self->journeys->get(
- uid => $user->{id},
- sched_dep_ts => $ts,
- limit => 1,
+ uid => $user->{id},
+ sched_dep_ts => $ts,
+ limit => 1,
+ with_visibility => 1,
)
)
{
my $token = $self->param('token');
if ($token) {
- $self->redirect_to(
- "/p/${name}/j/$candidate->{id}?token=${token}-${ts}");
+ my $visibility = $self->compute_effective_visibility(
+ $user->{default_visibility_str},
+ $journey->{visibility_str}
+ );
+ if (
+ $visibility eq 'public'
+ or ( $visibility eq 'unlisted'
+ and $self->journey_token_ok( $journey, $ts ) )
+ or (
+ $visibility eq 'travelynx'
+ and ( $self->is_user_authenticated
+ or $self->journey_token_ok( $journey, $ts ) )
+ )
+ )
+ {
+ $self->redirect_to(
+ "/p/${name}/j/$journey->{id}?token=${token}-${ts}");
+ }
+ else {
+ $self->render('not_found');
+ }
}
else {
- $self->redirect_to("/p/${name}/j/$candidate->{id}");
+ $self->redirect_to("/p/${name}/j/$journey->{id}");
}
return;
}