stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-28 08:29:24 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix rules for editing users.

Browse Source
This commit is contained in:
Bharat Mediratta
2008-12-25 02:42:48 +00:00
parent f6ebb436e4
commit 216ecf3079
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/user/controllers/users.php
View File

@@ -38,7 +38,7 @@ class Users_Controller extends REST_Controller {
$form = user::get_add_form();
if ($form->validate()) {
$user = user::create($form->add_user->uname->value,
$user = user::create($form->add_user->uname->value,
$form->add_user->full_name->value, $form->add_user->password->value);
$user->email = $form->add_user->email->value;
$user->save();
@@ -60,7 +60,7 @@ class Users_Controller extends REST_Controller {
* @see REST_Controller::_update($resource)
*/
public function _update($user) {
if ($user->guest || (!user::active()->admin && $user->id != user::active()->id)) {
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
access::forbidden();
}
@@ -82,7 +82,7 @@ class Users_Controller extends REST_Controller {
* @see REST_Controller::_delete($resource)
*/
public function _delete($user) {
if (!(user::active()->admin) || $user->id == user::active()->id) {
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
access::forbidden();
}
// Prevent CSRF
@@ -101,7 +101,7 @@ class Users_Controller extends REST_Controller {
* @see REST_Controller::form($resource)
*/
public function _form_edit($user) {
if ($user->guest || user::active()->id != $user->id) {
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
access::forbidden();
}