Check if the edited users permissioms are superuser before edit

This commit is contained in:
snipe 2016-10-31 19:37:24 -07:00
parent 26d14b2338
commit 6400557901

View file

@ -313,6 +313,15 @@ class UsersController extends Controller
// Get the user information // Get the user information
$user = User::find($id); $user = User::find($id);
// Figure out of this user was an admin before this edit
$orig_permissions_array = $user->decodePermissions();
if (array_key_exists('superuser', $orig_permissions_array)) {
$orig_superuser = $orig_permissions_array['superuser'];
} else {
$orig_superuser = '0';
}
if (!Company::isCurrentUserHasAccess($user)) { if (!Company::isCurrentUserHasAccess($user)) {
return redirect()->route('users')->with('error', trans('general.insufficient_permissions')); return redirect()->route('users')->with('error', trans('general.insufficient_permissions'));
} }
@ -363,7 +372,9 @@ class UsersController extends Controller
if (!Auth::user()->isSuperUser()) { if (!Auth::user()->isSuperUser()) {
unset($permissions_array['superuser']); unset($permissions_array['superuser']);
} $permissions_array['superuser'] = $orig_superuser;
}
$user->permissions = json_encode($permissions_array); $user->permissions = json_encode($permissions_array);