fix: [internal] Really disable password change

2021-02-22 20:30:36 +01:00 · 2021-02-22 20:30:36 +01:00 · 0ba05044bf
parent 1830d5dc7b
commit 0ba05044bf
1 changed files with 13 additions and 14 deletions
--- a/app/Controller/UsersController.php
+++ b/app/Controller/UsersController.php
@ -922,23 +922,13 @@ class UsersController extends AppController
                        continue;
                    }
                    if ($field != 'password') {
-                        array_push($fields, $field);
-                    }
-                }
-                $fieldsOldValues = array();
-                foreach ($fields as $field) {
-                    if ($field == 'enable_password') {
-                        continue;
-                    }
-                    if ($field != 'confirm_password') {
-                        $fieldsOldValues[$field] = $this->User->field($field);
-                    } else {
-                        $fieldsOldValues[$field] = $this->User->field('password');
+                        $fields[] = $field;
                    }
                }
                if (
                    (!empty($this->request->data['User']['enable_password']) || $this->_isRest()) &&
-                    !empty($this->request->data['User']['password'])
+                    !empty($this->request->data['User']['password']) &&
+                    $this->__canChangePassword()
                ) {
                    $fields[] = 'password';
                    if ($this->_isRest() && !isset($this->request->data['User']['confirm_password'])) {
@ -958,6 +948,12 @@ class UsersController extends AppController
                    }
                }
                $fields[] = 'date_modified'; // time will be inserted in `beforeSave` action
+
+                $fieldsOldValues = $this->User->find('first', [
+                    'recursive' => -1,
+                    'conditions' => ['id' => $id],
+                ])['User'];
+
                if ($this->User->save($this->request->data, true, $fields)) {
                    // newValues to array
                    $fieldsNewValues = array();
@ -967,7 +963,7 @@ class UsersController extends AppController
                        }
                        if ($field !== 'confirm_password') {
                            $newValue = $this->data['User'][$field];
-                            if (gettype($newValue) == 'array') {
+                            if (is_array($newValue)) {
                                $newValueStr = '';
                                $cP = 0;
                                foreach ($newValue as $newValuePart) {
@ -989,6 +985,9 @@ class UsersController extends AppController
                    // compare
                    $fieldsResult = array();
                    foreach ($fields as $field) {
+                        if ($field === 'date_modified') {
+                            continue;
+                        }
                        if (isset($fieldsOldValues[$field]) && $fieldsOldValues[$field] != $fieldsNewValues[$field]) {
                            if ($field != 'confirm_password' && $field != 'enable_password') {
                                $fieldsResult[$field] = array($fieldsOldValues[$field], $fieldsNewValues[$field]);