Skip to content

Commit 12ed359

Browse files
simonhampclaude
simonhamp
and
claude
committed
Allow admins to bypass all access checks on plugin listing pages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1 parent cbaa55b commit 12ed359

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

app/Http/Controllers/PluginDirectoryController.php

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,12 @@ public function show(string $vendor, string $package): View
5151

5252
$user = Auth::user();
5353

54-
abort_unless($plugin->isApproved() || $user?->isAdmin(), 404);
54+
$isAdmin = $user?->isAdmin() ?? false;
5555

56-
// For paid plugins, check if user has an accessible price
57-
if ($plugin->isPaid() && ! $plugin->hasAccessiblePriceFor($user)) {
56+
abort_unless($plugin->isApproved() || $isAdmin, 404);
57+
58+
// For paid plugins, check if user has an accessible price (admins bypass)
59+
if (! $isAdmin && $plugin->isPaid() && ! $plugin->hasAccessiblePriceFor($user)) {
5860
abort(404);
5961
}
6062

0 commit comments

Comments
 (0)