Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-11-01 10:56:08 +01:00
Code Issues Packages Projects Releases Activity

Fixed lost user access when saving user profile without super user permissions [#1639]

Browse Source
This commit is contained in:
Matias Griese
2019-03-28 11:14:55 +02:00
parent f4c26b6715
commit 5c832dd376
4 changed files with 177 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
classes/admin.php
View File

@@ -650,19 +650,11 @@ class Admin
$obj->file($file);
$data[$type] = $obj;
} elseif (preg_match('|users/|', $type)) {
} elseif (preg_match('|users?/|', $type)) {
/** @var UserCollectionInterface $users */
$users = $this->grav['accounts'];
$obj = $users->load(preg_replace('|users/|', '', $type));
$obj->update($this->cleanUserPost($post));
$data[$type] = $obj;
} elseif (preg_match('|user/|', $type)) {
/** @var UserCollectionInterface $users */
$users = $this->grav['accounts'];
$obj = $users->load(preg_replace('|user/|', '', $type));
$obj = $users->load(preg_replace('|users?/|', '', $type));
$obj->update($this->cleanUserPost($post));
$data[$type] = $obj;
@@ -714,15 +706,14 @@ class Admin
* @param array $post
* @return array
*/
protected function cleanUserPost($post)
public function cleanUserPost($post)
{
// Clean fields for all users
unset($post['hashed_password']);
// Clean field for users who shouldn't be able to modify these fields
if (!$this->authorize(['admin.user', 'admin.super'])) {
unset($post['access']);
unset($post['state']);
unset($post['access'], $post['state']);
}
return $post;