From 8dc947504165a3b217b2b5af6046c3f75505d985 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Fri, 11 Dec 2015 14:57:47 +0200 Subject: [PATCH] closes #3941 --- src/controllers/accounts/edit.js | 1 + src/socket.io/user/profile.js | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/src/controllers/accounts/edit.js b/src/controllers/accounts/edit.js index a6b2f7ad55..497564d88a 100644 --- a/src/controllers/accounts/edit.js +++ b/src/controllers/accounts/edit.js @@ -19,6 +19,7 @@ editController.get = function(req, res, callback) { return callback(err); } + userData['username:disableEdit'] = !userData.isAdmin && parseInt(meta.config['username:disableEdit'], 10) === 1; userData.title = '[[pages:account/edit, ' + userData.username + ']]'; userData.breadcrumbs = helpers.buildBreadcrumbs([{text: userData.username, url: '/user/' + userData.userslug}, {text: '[[user:edit]]'}]); diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js index a245c6e29d..5a365d6ff2 100644 --- a/src/socket.io/user/profile.js +++ b/src/socket.io/user/profile.js @@ -117,12 +117,17 @@ module.exports = function(SocketUser) { return next(new Error('[[error:invalid-data]]')); } - if (parseInt(meta.config['username:disableEdit'], 10) === 1) { + user.isAdministrator(socket.uid, next); + }, + function(isAdmin, next) { + if (!isAdmin && socket.uid !== parseInt(data.uid, 10)) { + return next(new Error('[[error:no-privileges]]')); + } + + if (!isAdmin && parseInt(meta.config['username:disableEdit'], 10) === 1) { data.username = oldUserData.username; } - user.isAdminOrSelf(socket.uid, data.uid, next); - }, - function (next) { + user.updateProfile(data.uid, data, next); }, function (userData, next) {