diff --git a/addons/default/visiosoft/advs-module/src/Http/Controller/advsController.php b/addons/default/visiosoft/advs-module/src/Http/Controller/advsController.php index 76b6d07d8..1854f1bd6 100644 --- a/addons/default/visiosoft/advs-module/src/Http/Controller/advsController.php +++ b/addons/default/visiosoft/advs-module/src/Http/Controller/advsController.php @@ -624,6 +624,10 @@ class AdvsController extends PublicController $adv = $this->adv_repository->getListItemAdv($id); + if (!Auth::check() or ($adv['created_by_id'] != auth()->id() and !Auth::user()->isAdmin())) { + abort(403); + } + for ($i = 1; $i <= 10; $i++) { $cat = "cat" . $i; if ($adv->$cat != null) { diff --git a/resources/streams/config/httpcache.php b/resources/streams/config/httpcache.php new file mode 100644 index 000000000..af2a2917a --- /dev/null +++ b/resources/streams/config/httpcache.php @@ -0,0 +1,57 @@ + env('HTTP_CACHE', false), + + /* + |-------------------------------------------------------------------------- + | DEFAULT TTL + |-------------------------------------------------------------------------- + | + | What is the default TTL value (seconds)? + | + */ + + 'ttl' => env('HTTP_CACHE_TTL', 3600), + + /* + |-------------------------------------------------------------------------- + | EXCLUDED PATHS + |-------------------------------------------------------------------------- + | + | Specify cache-excluded paths. + | Use * for partial matching. + | + */ + + 'excluded' => [ + '/advs/create_adv', + '/advs/edit_advs/*', + '/profile', + '/profile/*', + '/ajax/*', + ], + + /* + |-------------------------------------------------------------------------- + | TIMEOUT RULES + |-------------------------------------------------------------------------- + | + | Specify timeout rules per path. + | Use * for partial matching. + | + */ + + 'rules' => explode(',', env('HTTP_CACHE_RULES', '')), + +];