diff --git a/app/Attendize/Utils.php b/app/Attendize/Utils.php
index 6a4ac5e5..74173884 100644
--- a/app/Attendize/Utils.php
+++ b/app/Attendize/Utils.php
@@ -2,6 +2,9 @@
namespace App\Attendize;
+use Auth;
+use PhpSpec\Exception\Exception;
+
class Utils
{
@@ -61,6 +64,32 @@ class Utils
return file_exists(storage_path().'/framework/down');
}
+ /**
+ * Check if a user has admin access to events etc.
+ *
+ * @todo - This is a temp fix until user roles etc. are implemented
+ * @param $object
+ * @return bool
+ */
+ public static function userOwns($object)
+ {
+ if(!Auth::check()) {
+ return false;
+ }
+
+ try {
+
+ if(Auth::user()->account_id === $object->account_id) {
+ return true;
+ }
+
+ } catch(Exception $e) {
+ return false;
+ }
+
+ return false;
+ }
+
public static function file_upload_max_size()
{
static $max_size = -1;
diff --git a/app/Http/Controllers/EventViewController.php b/app/Http/Controllers/EventViewController.php
index d70fa77f..f63ba777 100644
--- a/app/Http/Controllers/EventViewController.php
+++ b/app/Http/Controllers/EventViewController.php
@@ -2,6 +2,7 @@
namespace App\Http\Controllers;
+use App\Attendize\Utils;
use App\Models\Affiliate;
use App\Models\Event;
use App\Models\EventStats;
@@ -26,7 +27,7 @@ class EventViewController extends Controller
{
$event = Event::findOrFail($event_id);
- if (Auth::user()->account_id !== $event->account_id && !$event->is_live) {
+ if (!Utils::userOwns($event) && !$event->is_live) {
return view('Public.ViewEvent.EventNotLivePage');
}
diff --git a/app/Http/Controllers/OrganiserViewController.php b/app/Http/Controllers/OrganiserViewController.php
index a526ec15..8f6a7267 100644
--- a/app/Http/Controllers/OrganiserViewController.php
+++ b/app/Http/Controllers/OrganiserViewController.php
@@ -2,6 +2,7 @@
namespace App\Http\Controllers;
+use App\Attendize\Utils;
use App\Models\Organiser;
use Carbon\Carbon;
use Auth;
@@ -21,7 +22,7 @@ class OrganiserViewController extends Controller
{
$organiser = Organiser::findOrFail($organiser_id);
- if(!$organiser->enable_organiser_page && Auth::user()->account_id !== $organiser->account_id) {
+ if(!$organiser->enable_organiser_page && !Utils::userOwns($organiser)) {
abort(404);
}
diff --git a/app/Models/Event.php b/app/Models/Event.php
index 45cea4c6..5be3f8ed 100644
--- a/app/Models/Event.php
+++ b/app/Models/Event.php
@@ -279,7 +279,7 @@ class Event extends MyBaseModel
{
return $this->sales_volume + $this->organiser_fees_volume;
}
-
+
/**
* The attributes that should be mutated to dates.
*
diff --git a/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php b/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php
index 4086d37c..05389bcb 100644
--- a/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php
+++ b/resources/views/Public/ViewEvent/Partials/EventFooterSection.blade.php
@@ -7,7 +7,7 @@
{{--See https://www.attendize.com/licence.php for more information.--}}
@include('Shared.Partials.PoweredBy')
- @if(Auth::user()->account_id === $event->account_id)
+ @if(Utils::userOwns($event))
•
Event
Dashboard
diff --git a/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php b/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php
index abda45dd..5b50de7a 100644
--- a/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php
+++ b/resources/views/Public/ViewOrganiser/Partials/OrganiserFooterSection.blade.php
@@ -7,7 +7,7 @@
{{--See https://github.com/Attendize/Attendize/blob/master/LICENSE for more information.--}}
@include('Shared.Partials.PoweredBy')
- @if(Auth::user()->account_id === $organiser->account_id)
+ @if(Utils::userOwns($organiser))
•
Organiser