Use RedirectIfAuthorized middleware on password reset & activate pages

ryanmitchell · Nov 23, 2023 · fb80ec2 · fb80ec2
1 parent fbd53fb
commit fb80ec2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/src/Http/Controllers/ActivateAccountController.php b/src/Http/Controllers/ActivateAccountController.php
@@ -4,9 +4,15 @@
 
 use Illuminate\Support\Facades\Password;
 use Statamic\Auth\Passwords\PasswordReset;
+use Statamic\Http\Middleware\CP\RedirectIfAuthorized;
 
 class ActivateAccountController extends ResetPasswordController
 {
+    public function __construct()
+    {
+        $this->middleware(RedirectIfAuthorized::class);
+    }
+
     protected function resetFormAction()
     {
         return route('statamic.account.activate.action');

diff --git a/src/Http/Middleware/CP/RedirectIfAuthorized.php b/src/Http/Middleware/CP/RedirectIfAuthorized.php
@@ -16,8 +16,8 @@ class RedirectIfAuthorized
      */
     public function handle($request, Closure $next, $guard = null)
     {
-        if (User::current()) {
-            return redirect(cp_route('index'));
+        if ($user = User::current()) {
+            return redirect($user->can('access cp') ? cp_route('index') : '/');
         }
 
         return $next($request);