Fix Submission Access
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
This commit is contained in:
parent
86de8c0e95
commit
31e2cea76f
|
@ -611,7 +611,17 @@ class ApiController extends Controller {
|
|||
return new Http\JSONResponse(['message' => 'Could not find form'], Http::STATUS_BAD_REQUEST);
|
||||
}
|
||||
|
||||
// Does the user have permissions to display
|
||||
// Does the user have access to the form
|
||||
if (!$this->formsService->hasUserAccess($form->getId())) {
|
||||
return new Http\JSONResponse(['message' => 'Not allowed to access this form'], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
||||
// Not allowed if form expired
|
||||
if ($form->getExpires() > time()) {
|
||||
return new Http\JSONResponse(['message' => 'This form is no longer taking answers'], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
||||
// Does the user have permissions to submit
|
||||
if (!$this->formsService->canSubmit($form->getId())) {
|
||||
return new Http\JSONResponse(['message' => 'Already submitted'], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue