Do not allow viewing unapproved activities by the world

If an activity is not `APPROVED` it is only accessible to the board and the organiser.
GEWIS · Sep 11, 2023 · d76b488 · d76b488
1 parent 9bb5387
commit d76b488
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/module/Activity/src/Controller/ActivityController.php b/module/Activity/src/Controller/ActivityController.php
@@ -72,6 +72,12 @@ public function viewAction(): mixed
             return $this->notFoundAction();
         }
 
+        if (ActivityModel::STATUS_APPROVED !== $activity->getStatus()) {
+            if (!$this->aclService->isAllowed('update', $activity)) {
+                return $this->notFoundAction();
+            }
+        }
+
         // If the Activity has a sign-up list always display it by redirecting the request.
         if (0 !== $activity->getSignupLists()->count()) {
             return $this->forward()->dispatch(