diff --git a/app/Http/Controllers/PlaylistsController.php b/app/Http/Controllers/PlaylistsController.php index 776a0d5e..cd83b145 100644 --- a/app/Http/Controllers/PlaylistsController.php +++ b/app/Http/Controllers/PlaylistsController.php @@ -63,7 +63,7 @@ class PlaylistsController extends Controller public function getDownload($id, $extension) { $playlist = Playlist::with('tracks', 'tracks.trackFiles', 'user', 'tracks.album')->find($id); - if (!$playlist || (!$playlist->is_public && !Auth::check()) || (!$playlist->is_public && ($playlist->user_id !== Auth::user()->id))) { + if (!$playlist || (!$playlist->is_public && !Auth::check()) || !$playlist->canView(Auth::user()) || (!$playlist->is_public && ($playlist->user_id !== Auth::user()->id))) { App::abort(404); } @@ -88,6 +88,6 @@ class PlaylistsController extends Controller ResourceLogItem::logItem('playlist', $id, ResourceLogItem::DOWNLOAD, $format['index']); $downloader = new PlaylistDownloader($playlist, $formatName); - $downloader->download(); + $downloader->download(Auth::user()); } } diff --git a/app/PlaylistDownloader.php b/app/PlaylistDownloader.php index e93d28ed..b348c68e 100644 --- a/app/PlaylistDownloader.php +++ b/app/PlaylistDownloader.php @@ -22,6 +22,7 @@ namespace Poniverse\Ponyfm; use Poniverse\Ponyfm\Models\Playlist; use Poniverse\Ponyfm\Models\Track; +use Poniverse\Ponyfm\Models\User; use ZipStream; class PlaylistDownloader @@ -42,7 +43,7 @@ class PlaylistDownloader $this->_format = $format; } - public function download() + public function download(User $user) { // Check whether the format is lossless yet not all master files are lossless $isLosslessFormatWithLossyTracks = in_array($this->_format, Track::$LosslessFormats) @@ -71,7 +72,7 @@ class PlaylistDownloader $m3u = ''; $index = 1; foreach ($this->_playlist->tracks as $track) { - if (!$track->is_downloadable) { + if (!$track->is_downloadable && !$user->hasRole('admin')) { continue; }