Skip to content

Commit a195b56

Browse files
rmartinoscarrmartinoscar
authored
Fix permission checks on Client side (pelican-dev#1913)
1 parent d78c977 commit a195b56

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

app/Filament/Server/Pages/Settings.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ public function form(Schema $schema): Schema
6464
Textarea::make('description')
6565
->label(trans('server/setting.server_info.description'))
6666
->hidden(!config('panel.editable_server_descriptions'))
67-
->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_SETTINGS_RENAME, $server))
67+
->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_SETTINGS_DESCRIPTION, $server))
6868
->columnSpan([
6969
'default' => 1,
7070
'sm' => 2,
@@ -277,7 +277,7 @@ public function updateName(string $name, Server $server): void
277277

278278
public function updateDescription(string $description, Server $server): void
279279
{
280-
abort_unless(user()?->can(Permission::ACTION_SETTINGS_RENAME, $server) && config('panel.editable_server_descriptions'), 403);
280+
abort_unless(user()?->can(Permission::ACTION_SETTINGS_DESCRIPTION, $server) && config('panel.editable_server_descriptions'), 403);
281281

282282
$original = $server->description;
283283

app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,7 @@ public function delete(ClientApiRequest $request, Server $server, Schedule $sche
170170
throw new NotFoundHttpException();
171171
}
172172

173-
if (!$request->user()->can(Permission::ACTION_SCHEDULE_UPDATE, $server)) {
173+
if (!$request->user()->can(Permission::ACTION_SCHEDULE_DELETE, $server)) {
174174
throw new HttpForbiddenException('You do not have permission to perform this action.');
175175
}
176176

0 commit comments

Comments
 (0)