Skip to content
Snippets Groups Projects
Commit 59d831f0 authored by Prasad's avatar Prasad
Browse files

Allow only admin to change other user preferences.

parent 88716121
No related branches found
No related tags found
No related merge requests found
...@@ -21,7 +21,7 @@ class Users_Save_Action extends Vtiger_Save_Action { ...@@ -21,7 +21,7 @@ class Users_Save_Action extends Vtiger_Save_Action {
if ($allowed) { if ($allowed) {
// Deny access if not administrator or account-owner or self // Deny access if not administrator or account-owner or self
if(!$currentUserModel->isAdminUser() && !$recordModel->isAccountOwner()) { if(!$currentUserModel->isAdminUser()) {
if (empty($record)) { if (empty($record)) {
$allowed = false; $allowed = false;
} else if ($currentUserModel->get('id') != $recordModel->getId()) { } else if ($currentUserModel->get('id') != $recordModel->getId()) {
......
  • Prasad @prasad

    mentioned in commit 7cdf9941

    ·

    mentioned in commit 7cdf9941

    Toggle commit list
  • Edonit Rexhepi @edonit.rexhepi

    mentioned in issue #234 (closed)

    ·

    mentioned in issue #234 (closed)

    Toggle commit list
  • Alan Lord @lord_alan ·
    Contributor

    @prasad, be aware that this is not fixing the problem according to my customers. I will investigate further but if I run out of time you might want to test this carefully before releasing 6.5.0 ;-)

  • Author Maintainer

    @lord_alan - The trouble was with the check made on recordModel instead of currentUserModel. Account owner will be an admin too so a check is redundant.

0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment