reintroduced permission check
This commit is contained in:
parent
1049b04968
commit
0cd32a0276
|
|
@ -72,7 +72,7 @@ export const actions = {
|
||||||
if (locals.user.id != id
|
if (locals.user.id != id
|
||||||
&& (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT)
|
&& (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT)
|
||||||
|| ((password1 != null || password2 != null) && !Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT_PASSWORD)))) {
|
|| ((password1 != null || password2 != null) && !Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT_PASSWORD)))) {
|
||||||
//return fail(403, { message: "Unauthorized action" })
|
return fail(403, { message: "Unauthorized action" })
|
||||||
}
|
}
|
||||||
|
|
||||||
if (password1 != null && password2 != null && password1.length > 0 && password2.length > 0) {
|
if (password1 != null && password2 != null && password1.length > 0 && password2.length > 0) {
|
||||||
|
|
@ -84,9 +84,11 @@ export const actions = {
|
||||||
return fail(500, { message: "Database failure"})
|
return fail(500, { message: "Database failure"})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
let permissions = null
|
let permissions = ua_permissions.reduce((pv, cv) => pv | cv)
|
||||||
permissions = ua_permissions.reduce((pv, cv) => pv | cv)
|
if (locals.user.id == id && locals.user.permissions != permissions) {
|
||||||
|
return fail(403, { message: "Cannot modify permissions for oneself" })
|
||||||
|
}
|
||||||
|
|
||||||
const updated_user = updateUser({id, name, gender, address, username, permissions})
|
const updated_user = updateUser({id, name, gender, address, username, permissions})
|
||||||
SessionStore.reload_user_data(updated_user ?? locals.user)
|
SessionStore.reload_user_data(updated_user ?? locals.user)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue