fix permissions

abourtnik · Mar 29, 2024 · d3a6c9f · d3a6c9f
1 parent c71e9c3
commit d3a6c9f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/app/Policies/CommentPolicy.php b/app/Policies/CommentPolicy.php
@@ -25,6 +25,10 @@ public function viewAny(User $user) : Response|bool
 
     public function list(?User $user, Video $video) : Response|bool
     {
+        if ($user?->is_admin) {
+            return Response::allow();
+        }
+
         return ($video->is_public && $video->allow_comments) || $video->user()->is($user)
             ? Response::allow()
             : Response::denyWithStatus(404, !$video->is_public ? 'This video is private' : 'Comments are turned off');

diff --git a/app/Policies/VideoPolicy.php b/app/Policies/VideoPolicy.php
@@ -47,7 +47,7 @@ public function view(User $user, Video $video): Response|bool
      */
     public function show(?User $user, Video $video): Response|bool
     {
-        if ($user->is_admin) {
+        if ($user?->is_admin) {
             return Response::allow();
         }
 
@@ -79,6 +79,10 @@ public function download(User $user, Video $video): Response|bool
      */
     public function file(?User $user, Video $video): Response|bool
     {
+        if ($user?->is_admin) {
+            return Response::allow();
+        }
+
         return $video->is_public || $video->user()->is($user)
             ? Response::allow()
             : Response::denyWithStatus(403, 'This video is private');