Permission policy updated
This commit is contained in:
parent
36078c850e
commit
7bf8692753
@ -75,6 +75,10 @@ if ($_SERVER["REQUEST_METHOD"] == "PATCH" || $_SERVER["REQUEST_METHOD"] == "POST
|
||||
} else if ($level < 0) {
|
||||
$level = 0;
|
||||
}
|
||||
// you cannot promote user to level higher than youself
|
||||
if ($level > $user->level) {
|
||||
send_error(403, "lowlevel");
|
||||
}
|
||||
|
||||
$SQL->query("UPDATE `user` SET `muted`='%d', `level`='%d' WHERE `username`='%s'", array($muted, $level, $username));
|
||||
|
||||
|
@ -192,6 +192,9 @@
|
||||
case "emailused":
|
||||
pageManager.snackbar("信箱已被其他使用者使用");
|
||||
break;
|
||||
case "lowlevel":
|
||||
pageManager.snackbar("權限不足");
|
||||
break;
|
||||
default:
|
||||
pageManager.snackbar("發生錯誤");
|
||||
break;
|
||||
|
Loading…
x
Reference in New Issue
Block a user