extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-18 12:41:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

* Preferences: non-admins were allowed to changed default, forced or group preferences

Browse Source
This commit is contained in:
Ralf Becker 2014-07-13 10:28:06 +00:00
parent 9adf2b402d
commit ea23bb151a
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
preferences/inc/class.preferences_settings.inc.php
View File

@ -68,7 +68,11 @@ class preferences_settings
{ {
case 'save': case 'save':
case 'apply': case 'apply':
// ToDo: save preferences // check if user has rights to store preferences for $type and $account_id
if ($content['old_type'] !== 'user' && !$GLOBALS['egw_info']['user']['apps']['admin'])
{
throw new egw_exception_no_permission_admin;
}
list($type,$account_id) = explode(':', $content['old_type']); list($type,$account_id) = explode(':', $content['old_type']);
// merge prefs of all tabs together again // merge prefs of all tabs together again
$prefs = array(); $prefs = array();
@ -463,7 +467,7 @@ class preferences_settings
'default' => 'Default preferences', 'default' => 'Default preferences',
'forced' => 'Forced preferences', 'forced' => 'Forced preferences',
); );
if ($GLOBALS['egw_info']['apps']['admin']) if ($GLOBALS['egw_info']['user']['apps']['admin'])
{ {
$content['type'] = $type; $content['type'] = $type;
if (($id = $GLOBALS['egw']->preferences->get_account_id()) != $GLOBALS['egw_info']['user']['account_id']) if (($id = $GLOBALS['egw']->preferences->get_account_id()) != $GLOBALS['egw_info']['user']['account_id'])