mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-13 17:14:10 -08:00
Disallow non-super users from editing their own permissions
This commit is contained in:
parent
12c92e30b7
commit
5320f5c67c
|
@ -240,6 +240,12 @@ class UsersController extends Controller
|
||||||
if ($user->id == $request->input('manager_id')) {
|
if ($user->id == $request->input('manager_id')) {
|
||||||
return redirect()->back()->withInput()->with('error', 'You cannot be your own manager.');
|
return redirect()->back()->withInput()->with('error', 'You cannot be your own manager.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the user isn't a superuser, don't let them edit their own permissions
|
||||||
|
if ((!Auth::user()->isSuperUser()) && ($user->id == Auth::user()->id)) {
|
||||||
|
return redirect()->back()->withInput()->with('error', 'You cannot edit your own permissions. Please contact an administrator.');
|
||||||
|
}
|
||||||
|
|
||||||
$this->authorize('update', $user);
|
$this->authorize('update', $user);
|
||||||
// Figure out of this user was an admin before this edit
|
// Figure out of this user was an admin before this edit
|
||||||
$orig_permissions_array = $user->decodePermissions();
|
$orig_permissions_array = $user->decodePermissions();
|
||||||
|
|
Loading…
Reference in a new issue