From efab4af451c4759d4ea860741c6a27a997137fb6 Mon Sep 17 00:00:00 2001 From: vincent-peugnet Date: Tue, 8 Jan 2019 02:50:43 +0100 Subject: fix user update admin --- app/class/controlleruser.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'app/class/controlleruser.php') diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index 7863956..495fab5 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -58,15 +58,18 @@ class Controlleruser extends Controller case 'update': $user = $this->usermanager->get($_POST['id']); - $user->hydrate($_POST); - if(empty($user->id())) { + $userupdate = clone $user; + $userupdate->hydrate($_POST); + if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($user->password()) || $this->usermanager->passwordexist($user->password()))) { + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()))) { $this->routedirectget('user', ['error' => 'change_password']); - } elseif (empty($user->level())) { + } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); + } elseif ($user->level() === 10 && $userupdate->level() !== 10) { + $this->routedirectget('user', ['error' => 'cant_edit_yourself']); } else { - $this->usermanager->add($user); + $this->usermanager->add($userupdate); $this->routedirect('user'); } } -- cgit v1.2.3