Explorar o código

refactor(EditUser): Prevent moderators from changing user emails

Owen Diffey %!s(int64=3) %!d(string=hai) anos
pai
achega
f0ce8f2f32

+ 1 - 1
backend/logic/actions/users.js

@@ -2083,7 +2083,7 @@ export default {
 			[
 				next => {
 					if (updatingUserId === session.userId) return next();
-					return hasPermission("users.update", session)
+					return hasPermission("users.update.restricted", session)
 						.then(() => next())
 						.catch(() => next("Invalid permissions."));
 				},

+ 4 - 1
frontend/src/components/modals/EditUser.vue

@@ -210,10 +210,13 @@ onBeforeUnmount(() => {
 								type="text"
 								placeholder="Email Address"
 								autofocus
+								:disabled="
+									!hasPermission('users.update.restricted')
+								"
 							/>
 						</span>
 						<span
-							v-if="hasPermission('users.update')"
+							v-if="hasPermission('users.update.restricted')"
 							class="control"
 						>
 							<a class="button is-info" @click="updateEmail()"