Skip to content
Permalink
Browse files Browse the repository at this point in the history
Notifications: do additional checks
  • Loading branch information
brusch committed Oct 21, 2019
1 parent 5c748f5 commit 0a5d80b
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions models/Notification/Service/NotificationService.php
Expand Up @@ -20,6 +20,7 @@
use Pimcore\Model\Notification;
use Pimcore\Model\Notification\Listing;
use Pimcore\Model\User;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;

class NotificationService
{
Expand Down Expand Up @@ -146,6 +147,10 @@ public function findAndMarkAsRead(int $id, ?int $recipientId = null): Notificati
$this->beginTransaction();
$notification = $this->find($id);

if($notification->getRecipient()->getId() != $recipientId) {
throw new AccessDeniedHttpException();
}

if ($recipientId && $recipientId == $notification->getRecipient()->getId()) {
$notification->setRead(true);
$notification->save();
Expand Down

0 comments on commit 0a5d80b

Please sign in to comment.