From ccc1e65505b5d2fdb52d552ac8ea617ca5584b7d Mon Sep 17 00:00:00 2001
From: koogua <xiaochong0302@gmail.com>
Date: Sat, 9 Oct 2021 09:47:40 +0800
Subject: [PATCH] =?UTF-8?q?=EF=BC=91=EF=BC=8E=E4=BF=AE=E6=AD=A3=E8=8E=B7?=
 =?UTF-8?q?=E5=8F=96answer=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98=20=EF=BC=92=EF=BC=8Eorder=E6=8E=A5=E5=8F=A3=E8=A1=A5?=
 =?UTF-8?q?=E5=85=85=E7=BC=BA=E5=A4=B1=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Api/Controllers/AnswerController.php  | 2 +-
 app/Http/Api/Controllers/OrderController.php   | 4 ++++
 app/Http/Home/Controllers/AnswerController.php | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/Http/Api/Controllers/AnswerController.php b/app/Http/Api/Controllers/AnswerController.php
index d49ed3ae..2a52ac9c 100644
--- a/app/Http/Api/Controllers/AnswerController.php
+++ b/app/Http/Api/Controllers/AnswerController.php
@@ -35,7 +35,7 @@ class AnswerController extends Controller
             $this->notFound();
         }
 
-        $approved = $answer['published'] != AnswerModel::PUBLISH_APPROVED;
+        $approved = $answer['published'] == AnswerModel::PUBLISH_APPROVED;
         $owned = $answer['me']['owned'] == 1;
 
         if (!$approved && !$owned) {
diff --git a/app/Http/Api/Controllers/OrderController.php b/app/Http/Api/Controllers/OrderController.php
index cd5fb1f3..866dff0f 100644
--- a/app/Http/Api/Controllers/OrderController.php
+++ b/app/Http/Api/Controllers/OrderController.php
@@ -33,6 +33,10 @@ class OrderController extends Controller
             $this->notFound();
         }
 
+        if ($order['me']['owned'] == 0) {
+            $this->forbidden();
+        }
+
         return $this->jsonSuccess(['order' => $order]);
     }
 
diff --git a/app/Http/Home/Controllers/AnswerController.php b/app/Http/Home/Controllers/AnswerController.php
index a833382b..663ff936 100644
--- a/app/Http/Home/Controllers/AnswerController.php
+++ b/app/Http/Home/Controllers/AnswerController.php
@@ -61,7 +61,7 @@ class AnswerController extends Controller
             $this->notFound();
         }
 
-        $approved = $answer['published'] != AnswerModel::PUBLISH_APPROVED;
+        $approved = $answer['published'] == AnswerModel::PUBLISH_APPROVED;
         $owned = $answer['me']['owned'] == 1;
 
         if (!$approved && !$owned) {