cerebrate-project
/
cerebrate
mirror of https://github.com/cerebrate-project/cerebrate
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: [user edit] fixed for non admins

pull/85/head
iglocska 2022-01-18 17:52:59 +01:00
parent 8e51426567
commit f75d0829d1
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Controller/UsersController.php
View File

@ -7,6 +7,7 @@ use Cake\Utility\Text;
use Cake\ORM\TableRegistry;
use \Cake\Database\Expression\QueryExpression;
use Cake\Http\Exception\UnauthorizedException;
use Cake\Http\Exception\MethodNotAllowedException;
use Cake\Core\Configure;
class UsersController extends AppController
@ -100,11 +101,10 @@ class UsersController extends AppController
if (empty($id)) {
$id = $currentUser['id'];
} else {
$id = intval($id);
if ((empty($currentUser['role']['perm_org_admin']) && empty($currentUser['role']['perm_admin']))) {
if ($id !== $currentUser['id']) {
throw new MethodNotAllowedException(__('You are not authorised to edit that user.'));
} else {
$id = $currentUser['id'];
}
}
}