mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-23 12:44:12 -08:00
Disallow non-super users from editing their own permissions
This commit is contained in:
parent
12c92e30b7
commit
5320f5c67c
|
@ -240,6 +240,12 @@ class UsersController extends Controller
|
|||
if ($user->id == $request->input('manager_id')) {
|
||||
return redirect()->back()->withInput()->with('error', 'You cannot be your own manager.');
|
||||
}
|
||||
|
||||
// If the user isn't a superuser, don't let them edit their own permissions
|
||||
if ((!Auth::user()->isSuperUser()) && ($user->id == Auth::user()->id)) {
|
||||
return redirect()->back()->withInput()->with('error', 'You cannot edit your own permissions. Please contact an administrator.');
|
||||
}
|
||||
|
||||
$this->authorize('update', $user);
|
||||
// Figure out of this user was an admin before this edit
|
||||
$orig_permissions_array = $user->decodePermissions();
|
||||
|
|
Loading…
Reference in a new issue