From e25b617327d921b21f850ccf5d3020e6c348eb18 Mon Sep 17 00:00:00 2001 From: Paul Couture Date: Sun, 14 Jan 2024 11:22:16 -0600 Subject: [PATCH] fix: prevents self approval (#8) Reviewed-on: https://git.noagenda.dev/no-agenda-producers/podcastartgenerator/pulls/8 Co-authored-by: Paul Couture Co-committed-by: Paul Couture --- site/app/Http/Controllers/ArtworkController.php | 3 +++ site/resources/views/artworks/approvals.blade.php | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/site/app/Http/Controllers/ArtworkController.php b/site/app/Http/Controllers/ArtworkController.php index 9069c2e..b5723a9 100644 --- a/site/app/Http/Controllers/ArtworkController.php +++ b/site/app/Http/Controllers/ArtworkController.php @@ -90,6 +90,9 @@ public function approve(Request $request) 'artwork_id' => 'required|exists:artworks,id' ]); $artwork = Artwork::find($request->artwork_id); + if ($artwork->artist_id == $user->artists->first()->id) { + return redirect('/approve-artwork'); + } if (is_null($artwork->approved_by)) { $artwork->approved_by = $user->artists->first()->id; $artwork->save(); diff --git a/site/resources/views/artworks/approvals.blade.php b/site/resources/views/artworks/approvals.blade.php index a32cd79..47f6cbe 100644 --- a/site/resources/views/artworks/approvals.blade.php +++ b/site/resources/views/artworks/approvals.blade.php @@ -68,11 +68,15 @@ class="avatar" data-bs-toggle="tooltip" {{-- End .product-owner --}}
+ @if (auth()->user()->artists->first()->id != $thisArtwork->artist_id)
@csrf
+ @else +

You cannot approve your own

+ @endif