Only project owners can invite members

canvasowl · Aug 20, 2016 · 665a6f9 · 665a6f9
1 parent a42ef93
commit 665a6f9
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/app/Http/Controllers/ProjectsController.php b/app/Http/Controllers/ProjectsController.php
@@ -141,8 +141,9 @@ public function invite($project_id, $email){
         }
 
         $project_name	= Project::find($project_id)->pluck('name');
+        $owner_id	    = Project::find($project_id)->pluck('user_id');
         $project_url 	= url() . '/projects/'.$project_id;
-        $invited_user = User::whereEmail($email)->get();
+        $invited_user   = User::whereEmail($email)->get();
 
         if( count($invited_user) == 0 ){
             return $this->setStatusCode(406)->makeResponse('That user does not have an account.');
@@ -153,6 +154,9 @@ public function invite($project_id, $email){
 			return $this->setStatusCode(406)->makeResponse('A user with that email has already been invited.');
 		}
 
+        if(Auth::id() != $owner_id){
+            return $this->setStatusCode(406)->makeResponse('Only the project owner can invite a user.');
+        }
 		// Save the relationship between user and project.
 		$pu				= 	new Projectuser();
 		$pu->project_id	=	$project_id;