From bc5666cd27ee1172f89603982a44c143ceae08fd Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Thu, 14 Sep 2023 20:23:33 +0200 Subject: Fix labels in anonymous mode (#5650) * Fix labels in anonymous mode fix https://github.com/FreshRSS/FreshRSS/issues/4305 * Show all tags * Revert "Show all tags" This reverts commit 24dfba501729cea32943548bc829d3581883de50. * Add message when no labels * fixed no label style * i18n de translation * Fix in non-anomymous mode * No class in anonymous mode --------- Co-authored-by: maTh <1645099+math-GH@users.noreply.github.com> Co-authored-by: math-gh <> --- app/Controllers/tagController.php | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/tagController.php b/app/Controllers/tagController.php index 68ef36111..4536e3f13 100644 --- a/app/Controllers/tagController.php +++ b/app/Controllers/tagController.php @@ -17,9 +17,6 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { * underlying framework. */ public function firstAction(): void { - if (!FreshRSS_Auth::hasAccess()) { - Minz_Error::error(403); - } // If ajax request, we do not print layout $this->ajax = Minz_Request::paramBoolean('ajax'); if ($this->ajax) { @@ -32,6 +29,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { * This action adds (checked=true) or removes (checked=false) a tag to an entry. */ public function tagEntryAction(): void { + if (!FreshRSS_Auth::hasAccess()) { + Minz_Error::error(403); + } if (Minz_Request::isPost()) { $id_tag = Minz_Request::paramInt('id_tag'); $name_tag = Minz_Request::paramString('name_tag'); @@ -64,6 +64,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { } public function deleteAction(): void { + if (!FreshRSS_Auth::hasAccess()) { + Minz_Error::error(403); + } if (Minz_Request::isPost()) { $id_tag = Minz_Request::paramInt('id_tag'); if ($id_tag !== 0) { @@ -82,6 +85,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { } public function getTagsForEntryAction(): void { + if (!FreshRSS_Auth::hasAccess() && !FreshRSS_Context::$system_conf->allow_anonymous) { + Minz_Error::error(403); + } $this->view->_layout(null); header('Content-Type: application/json; charset=UTF-8'); header('Cache-Control: private, no-cache, no-store, must-revalidate'); @@ -91,6 +97,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { } public function addAction(): void { + if (!FreshRSS_Auth::hasAccess()) { + Minz_Error::error(403); + } if (!Minz_Request::isPost()) { Minz_Error::error(405); } @@ -110,6 +119,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { * @throws Minz_PDOConnectionException|JsonException */ public function renameAction(): void { + if (!FreshRSS_Auth::hasAccess()) { + Minz_Error::error(403); + } if (!Minz_Request::isPost()) { Minz_Error::error(405); } @@ -139,6 +151,9 @@ class FreshRSS_tag_Controller extends FreshRSS_ActionController { } public function indexAction(): void { + if (!FreshRSS_Auth::hasAccess()) { + Minz_Error::error(403); + } $tagDAO = FreshRSS_Factory::createTagDao(); $this->view->tags = $tagDAO->listTags() ?: []; } -- cgit v1.2.3