diff --git a/src/routes/user/+page.server.ts b/src/routes/user/+page.server.ts index d2acb58..fec78ad 100644 --- a/src/routes/user/+page.server.ts +++ b/src/routes/user/+page.server.ts @@ -36,6 +36,10 @@ export const load: PageServerLoad = ({ locals, url }) => { if (user == null) { return fail(404, { message: `User ${user_id} not found` }) } + + if (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT_PASSWORD)) { + user.permissions = 0 + } } return { @@ -84,10 +88,14 @@ export const actions = { return fail(500, { message: "Database failure"}) } } + + let permissions = null + if (ua_permissions.length > 0) { + permissions = ua_permissions.reduce((pv, cv) => pv | cv) - let permissions = ua_permissions.reduce((pv, cv) => pv | cv) - if (locals.user.id == id && locals.user.permissions != permissions) { - return fail(403, { message: "Cannot modify permissions for oneself" }) + if (locals.user.id == id && locals.user.permissions != permissions) { + return fail(403, { message: "Cannot modify permissions for oneself" }) + } } const updated_user = updateUser({id, name, gender, address, username, permissions}) diff --git a/src/routes/user/+page.svelte b/src/routes/user/+page.svelte index 1914544..0bf70ce 100644 --- a/src/routes/user/+page.svelte +++ b/src/routes/user/+page.svelte @@ -71,6 +71,7 @@ {#if data.user?.id == data.loggedInAs.id || Permissions.has(data.loggedInAs.permissions ?? 0, Permissions.USERADMIN.EDIT_PASSWORD)} + {@const disabled = data.user?.id == data.loggedInAs.id} @@ -86,15 +87,15 @@
Benutzerverwaltung
+ {#each Permissions.iterate(Permissions.USERADMIN) as permission}