mirror of
https://github.com/snipe/snipe-it.git
synced 2024-12-24 05:04:07 -08:00
Check if the edited users permissioms are superuser before edit
This commit is contained in:
parent
26d14b2338
commit
6400557901
|
@ -313,6 +313,15 @@ class UsersController extends Controller
|
|||
// Get the user information
|
||||
$user = User::find($id);
|
||||
|
||||
// Figure out of this user was an admin before this edit
|
||||
$orig_permissions_array = $user->decodePermissions();
|
||||
if (array_key_exists('superuser', $orig_permissions_array)) {
|
||||
$orig_superuser = $orig_permissions_array['superuser'];
|
||||
} else {
|
||||
$orig_superuser = '0';
|
||||
}
|
||||
|
||||
|
||||
if (!Company::isCurrentUserHasAccess($user)) {
|
||||
return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
|
||||
}
|
||||
|
@ -363,7 +372,9 @@ class UsersController extends Controller
|
|||
|
||||
if (!Auth::user()->isSuperUser()) {
|
||||
unset($permissions_array['superuser']);
|
||||
}
|
||||
$permissions_array['superuser'] = $orig_superuser;
|
||||
}
|
||||
|
||||
|
||||
$user->permissions = json_encode($permissions_array);
|
||||
|
||||
|
|
Loading…
Reference in a new issue