diff --git a/src/Controller/UserSettingsController.php b/src/Controller/UserSettingsController.php index 29185a6..2a06985 100644 --- a/src/Controller/UserSettingsController.php +++ b/src/Controller/UserSettingsController.php @@ -118,13 +118,19 @@ class UserSettingsController extends AppController } else { $validUsers = $this->Users->find('list')->select(['id', 'username'])->order(['username' => 'asc'])->all()->toArray(); } + $dropdownData = [ + 'user' => [$entity->user_id => $validUsers[$entity->user_id]], + ]; $entity = $this->CRUD->edit($id, [ 'redirect' => ['action' => 'index', $entity->user_id], - 'beforeSave' => function ($data) use ($validUsers) { + 'beforeSave' => function ($data) use ($validUsers, $entity) { if (!in_array($data['user_id'], array_keys($validUsers))) { throw new MethodNotAllowedException(__('You cannot edit the given user.')); } + if ($data['user_id'] != $entity->user_id) { + throw new MethodNotAllowedException(__('You cannot assign the setting to a different user.')); + } return $data; } ]); @@ -132,11 +138,9 @@ class UserSettingsController extends AppController if (!empty($responsePayload)) { return $responsePayload; } - $dropdownData = [ - 'user' => $validUsers, - ]; $this->set(compact('dropdownData')); $this->set('user_id', $this->entity->user_id); + $this->set('is_edit', true); $this->render('add'); } diff --git a/templates/UserSettings/add.php b/templates/UserSettings/add.php index a691afc..99e29ec 100644 --- a/templates/UserSettings/add.php +++ b/templates/UserSettings/add.php @@ -10,6 +10,7 @@ 'label' => __('User'), 'options' => $dropdownData['user'], 'value' => !is_null($user_id) ? $user_id : '', + 'disabled' => !empty($is_edit), ], [ 'field' => 'name',