From 87febd7c84cd90fe77a1c3cadc4a3f4abff414a4 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Wed, 16 May 2018 16:33:20 -0600
Subject: [PATCH] Don't allow saving of a user with no local account file

---
 CHANGELOG.md                |  1 +
 classes/admincontroller.php | 10 ++++++----
 languages/en.yaml           |  1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de7545b9..a3bc3437 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@
 
 1. [](#bugfix)
     * Added custom object support for filepicker field
+    * Don't allow saving of a user with no local account file
 
 # v1.8.1
 ## 05/15/2018
diff --git a/classes/admincontroller.php b/classes/admincontroller.php
index e3b1be85..41c10121 100644
--- a/classes/admincontroller.php
+++ b/classes/admincontroller.php
@@ -613,12 +613,14 @@ class AdminController extends AdminBaseController
 
         // Special handler for user data.
         if ($this->view === 'user') {
+            if (!$this->grav['user']->exists()) {
+                $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.NO_USER_EXISTS'),'error');
+                return false;
+            }
             if (!$this->admin->authorize(['admin.super', 'admin.users'])) {
-                //not admin.super or admin.users
+                // no user file or not admin.super or admin.users
                 if ($this->prepareData($data)->username !== $this->grav['user']->username) {
-                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' save.',
-                        'error');
-
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' save.','error');
                     return false;
                 }
             }
diff --git a/languages/en.yaml b/languages/en.yaml
index 9071a170..9904efa0 100644
--- a/languages/en.yaml
+++ b/languages/en.yaml
@@ -441,6 +441,7 @@ PLUGIN_ADMIN:
   PAGE_FILE: "Page Template"
   PAGE_FILE_HELP: "Page template file name, and by default the display template for this page"
   NO_USER_ACCOUNTS: "No user accounts found, please create one first..."
+  NO_USER_EXISTS: "No local user exists for this account, cannot save..."
   REDIRECT_TRAILING_SLASH: "Redirect trailing slash"
   REDIRECT_TRAILING_SLASH_HELP: "Perform a 301 redirect rather than transparently handling trailing slash URIs."
   DEFAULT_DATE_FORMAT: "Page date format"