From dc117351ceb059fc6f87f9c0fa4ffdeed8ea98f0 Mon Sep 17 00:00:00 2001
From: Kelvin Zhang <me@iamkelv.in>
Date: Sat, 7 Nov 2015 17:54:58 +0000
Subject: [PATCH] Fixes #18: Fix downloading of private playlists for playlist
 owners

---
 app/Http/Controllers/PlaylistsController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/PlaylistsController.php b/app/Http/Controllers/PlaylistsController.php
index 7b9c6f48..609b378a 100644
--- a/app/Http/Controllers/PlaylistsController.php
+++ b/app/Http/Controllers/PlaylistsController.php
@@ -63,8 +63,12 @@ class PlaylistsController extends Controller
     public function getDownload($id, $extension)
     {
         $playlist = Playlist::with('tracks', 'user', 'tracks.album')->find($id);
-        if (!$playlist || !$playlist->is_public) {
+        if (!$playlist || (!$playlist->is_public && !Auth::check())) {
             App::abort(404);
+        } elseif (!$playlist->is_public && Auth::check()) {
+            if ($playlist->user_id !== Auth::user()->id) {
+                App::abort(404);
+            }
         }
 
         $format = null;