external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Replace permission check code with can_edit_account()

Browse source 
Signed-off-by: canyonknight <canyonknight@gmail.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
canyonknight 2013-01-22 22:24:17 +00:00 committed by Lukas Fleischer
parent 1fd620cc2f
commit aab6eed138
1 changed files with 2 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
web/html/account.php
View file

@ -48,11 +48,8 @@ if (isset($_COOKIE["AURSID"])) {
if (empty($row)) { if (empty($row)) {
print __("Could not retrieve information for the specified user."); print __("Could not retrieve information for the specified user.");
} else { } else {
# double check to make sure logged in user can edit this account /* Verify user has permission to edit the account */
# if (can_edit_account($atype, $row, uid_from_sid($_COOKIE["AURSID"]))) {
if ($atype == "Developer" || ($atype == "Trusted User" &&
$row["AccountType"] != "Developer") ||
($row["ID"] == uid_from_sid($_COOKIE["AURSID"]))) {
display_account_form($atype, "UpdateAccount", $row["Username"], display_account_form($atype, "UpdateAccount", $row["Username"],
$row["AccountType"], $row["Suspended"], $row["Email"], $row["AccountType"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"], "", "", $row["RealName"], $row["LangPreference"],