diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2019-01-08 02:50:43 +0100 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2019-01-08 02:50:43 +0100 |
| commit | efab4af451c4759d4ea860741c6a27a997137fb6 (patch) | |
| tree | 0fbc9b9a065cec3e678b379b9105e631fa96d649 /app/class/controlleruser.php | |
| parent | e7747bf975a8523be7756a71d1b5166f5229363b (diff) | |
| download | wcms-efab4af451c4759d4ea860741c6a27a997137fb6.tar.gz wcms-efab4af451c4759d4ea860741c6a27a997137fb6.zip | |
fix user update admin
Diffstat (limited to 'app/class/controlleruser.php')
| -rw-r--r-- | app/class/controlleruser.php | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index 7863956..495fab5 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -58,15 +58,18 @@ class Controlleruser extends Controller case 'update': $user = $this->usermanager->get($_POST['id']); - $user->hydrate($_POST); - if(empty($user->id())) { + $userupdate = clone $user; + $userupdate->hydrate($_POST); + if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($user->password()) || $this->usermanager->passwordexist($user->password()))) { + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()))) { $this->routedirectget('user', ['error' => 'change_password']); - } elseif (empty($user->level())) { + } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); + } elseif ($user->level() === 10 && $userupdate->level() !== 10) { + $this->routedirectget('user', ['error' => 'cant_edit_yourself']); } else { - $this->usermanager->add($user); + $this->usermanager->add($userupdate); $this->routedirect('user'); } } |