Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-10-29 17:26:40 +01:00
Code Issues Packages Projects Releases Activity

Fix #943 allow non admin.super users to change their account information. Allow admin.super and admin.users to change other users information.

Browse Source
This commit is contained in:
Flavio Copes
2017-01-28 16:48:11 +01:00
parent 2c58db3418
commit 4faf0c0b95
3 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -6,6 +6,7 @@
* Allow to see plugins and themes list without internet connection. Also add a more helpful message in the "add" view [grav#1008](https://github.com/getgrav/grav/issues/1008) * Allow to see plugins and themes list without internet connection. Also add a more helpful message in the "add" view [grav#1008](https://github.com/getgrav/grav/issues/1008)
1. [](#bugfix) 1. [](#bugfix)
* Fixed issue with downloaded package when installing a testing release * Fixed issue with downloaded package when installing a testing release
* Fix #943 allow non admin.super users to change their account information. Allow `admin.super` and `admin.users` to change other users information.
# v1.2.9 # v1.2.9
## 01/18/2017 ## 01/18/2017

4
classes/adminbasecontroller.php
View File

@@ -437,6 +437,10 @@ class AdminBaseController
case 'users': case 'users':
$permissions[] = 'admin.users'; $permissions[] = 'admin.users';
break; break;
case 'user':
$permissions[] = 'admin.login';
$permissions[] = 'admin.users';
break;
case 'pages': case 'pages':
$permissions[] = 'admin.pages'; $permissions[] = 'admin.pages';
break; break;

13
classes/admincontroller.php
View File

@@ -438,6 +438,18 @@ class AdminController extends AdminBaseController
$config = $this->grav['config']; $config = $this->grav['config'];
// Special handler for user data.
if ($this->view == 'user') {
if (!$this->admin->authorize(['admin.super', 'admin.users'])) {
//not admin.super or admin.users
if ($this->prepareData($data)->username !== $this->grav['user']->username) {
$this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' save.',
'error');
return false;
}
}
}
// Special handler for pages data. // Special handler for pages data.
if ($this->view == 'pages') { if ($this->view == 'pages') {
/** @var Pages $pages */ /** @var Pages $pages */
@@ -512,7 +524,6 @@ class AdminController extends AdminBaseController
} }
} }
} else { } else {
// Handle standard data types. // Handle standard data types.
$obj = $this->prepareData($data); $obj = $this->prepareData($data);