From 78e6a1e396bcb495f00292e3cfebb4f06f739c5d Mon Sep 17 00:00:00 2001
From: Leonid Nikitin <i@kor-elf.net>
Date: Sat, 18 May 2024 20:18:41 +0500
Subject: [PATCH] Added a check for accessibility permission to the project.

---
 app/application/app/Http/Middleware/IsProject.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/application/app/Http/Middleware/IsProject.php b/app/application/app/Http/Middleware/IsProject.php
index a4b701f..8b6ca5b 100644
--- a/app/application/app/Http/Middleware/IsProject.php
+++ b/app/application/app/Http/Middleware/IsProject.php
@@ -20,6 +20,13 @@ public function handle(Request $request, \Closure $next): Response
             \abort(Response::HTTP_NOT_FOUND);
         }
 
+        if (
+            $project->is_public === false
+            && ( $request->user() === null || $request->user()->cannot('view', $project) )
+        ) {
+            \abort(Response::HTTP_FORBIDDEN);
+        }
+
         return $next($request);
     }
 }