t510599/cavern
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update admin permission

Browse Source
This commit is contained in:
Tony Yang 2019-09-25 16:47:05 +08:00
parent 69089cc2eb
commit 1e14100610
Signed by: t510599
GPG Key ID: D88388851C28715D
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/ajax/user.php
View File

@ -33,6 +33,10 @@ if ($_SERVER["REQUEST_METHOD"] == "PATCH" || $_SERVER["REQUEST_METHOD"] == "POST
// create new user, but user exists // create new user, but user exists
send_error(409, "userexists"); send_error(409, "userexists");
} }
// you cannot modify data of those with higher permission than you
if ($target_user->level > $user->level) {
send_error(403, "nopermission");
}
} catch (NoUserException $e) { } catch (NoUserException $e) {
if ($_SERVER["REQUEST_METHOD"] == "PATCH") { if ($_SERVER["REQUEST_METHOD"] == "PATCH") {
// modify one that not exist -> error // modify one that not exist -> error