mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-18 12:41:10 +01:00
* Preferences: non-admins were allowed to changed default, forced or group preferences
This commit is contained in:
parent
9adf2b402d
commit
ea23bb151a
@ -68,7 +68,11 @@ class preferences_settings
|
||||
{
|
||||
case 'save':
|
||||
case 'apply':
|
||||
// ToDo: save preferences
|
||||
// check if user has rights to store preferences for $type and $account_id
|
||||
if ($content['old_type'] !== 'user' && !$GLOBALS['egw_info']['user']['apps']['admin'])
|
||||
{
|
||||
throw new egw_exception_no_permission_admin;
|
||||
}
|
||||
list($type,$account_id) = explode(':', $content['old_type']);
|
||||
// merge prefs of all tabs together again
|
||||
$prefs = array();
|
||||
@ -463,7 +467,7 @@ class preferences_settings
|
||||
'default' => 'Default preferences',
|
||||
'forced' => 'Forced preferences',
|
||||
);
|
||||
if ($GLOBALS['egw_info']['apps']['admin'])
|
||||
if ($GLOBALS['egw_info']['user']['apps']['admin'])
|
||||
{
|
||||
$content['type'] = $type;
|
||||
if (($id = $GLOBALS['egw']->preferences->get_account_id()) != $GLOBALS['egw_info']['user']['account_id'])
|
||||
|
Loading…
Reference in New Issue
Block a user