external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 09:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'maint'

Browse source
This commit is contained in:
Lukas Fleischer 2012-12-07 23:24:22 +01:00
commit fce4f36e4f
3 changed files with 52 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

11
web/html/account.php
View file

@ -73,9 +73,14 @@ if (isset($_COOKIE["AURSID"])) {
}
} elseif ($action == "UpdateAccount") {
# user is submitting their modifications to an existing account
#
if (check_token()) {
$uid = uid_from_sid($_COOKIE['AURSID']);
/* Details for account being updated */
$acctinfo = account_details(in_request('ID'), in_request('U'));
/* Verify user permissions and that the request is a valid POST */
if (can_edit_account($atype, $acctinfo, $uid) && check_token()) {
/* Update the details for the existing account */
process_account_form($atype, "edit", "UpdateAccount",
in_request("U"), in_request("T"), in_request("S"),
in_request("E"), in_request("P"), in_request("C"),

33
web/lib/acctfuncs.inc.php
View file

@ -145,8 +145,8 @@ function process_account_form($UTYPE,$TYPE,$A,$U="",$T="",$S="",$E="",
$error = __("The PGP key fingerprint is invalid.");
}
if ($UTYPE == "Trusted User" && $T == 3) {
$error = __("A Trusted User cannot assign Developer status.");
if (($UTYPE == "User" && $T > 1) || ($UTYPE == "Trusted User" && $T > 2)) {
$error = __("Cannot increase account permissions.");
}
if (!$error && !array_key_exists($L, $SUPPORTED_LANGS)) {
$error = __("Language is not currently supported.");
@ -1015,3 +1015,32 @@ function cast_proposal_vote($voteid, $uid, $vote, $newtotal, $dbh=NULL) {
$q = "INSERT INTO TU_Votes (VoteID, UserID) VALUES (" . intval($voteid) . ", " . intval($uid) . ")";
$result = $dbh->exec($q);
}
/**
* Verify a user has the proper permissions to edit an account
*
* @param string $atype Account type of the editing user
* @param array $acctinfo User account information for edited account
* @param int $uid User ID of the editing user
*
* @return bool True if permission to edit the account, otherwise false
*/
function can_edit_account($atype, $acctinfo, $uid) {
/* Developers can edit any account */
if ($atype == 'Developer') {
return true;
}
/* Trusted Users can edit all accounts except Developer accounts */
if ($atype == 'Trusted User' &&
$acctinfo['AccountType'] != 'Developer') {
return true;
}
/* Users can edit only their own account */
if ($acctinfo['ID'] == $uid) {
return true;
}
return false;
}