mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-10-12 23:44:27 +02:00
Code Issues Releases Wiki Activity
Files
919c543cbc670b6fac3d54f9fb4fbfe0bb60b818
php-flarum/src/User/Access/UserPolicy.php
Matt Kilgore 9627eb73f1 User edit permission tightening (#2620) 
- Split user edit permision into edit attributes, edit credentials, and edit groups
- Only Admins can edit Admin Credentials
- Only Admins can Promote/Demote to/from Admin
2021-03-01 15:52:29 -05:00

43 lines
878 B
PHP
Raw Blame History

<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\User\Access;
use Flarum\User\User;
class UserPolicy extends AbstractPolicy
{
/**
* @param User $actor
* @param string $ability
* @return bool|null
*/
public function can(User $actor, $ability)
{
if ($actor->hasPermission('user.'.$ability)) {
return $this->allow();
}
}
/**
* @param User $actor
* @param User $user
*/
public function editCredentials(User $actor, User $user)
{
if ($user->isAdmin() && ! $actor->isAdmin()) {
return $this->deny();
}
if ($actor->hasPermission('user.editCredentials')) {
return $this->allow();
}
}
}
Reference in New Issue View Git Blame Copy Permalink