mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-01-17 22:28:51 +01:00
Code Issues Projects Releases Wiki Activity

Show "Become this user" only for system admins.

Browse Source
This commit is contained in:
buddha87 2016-10-18 12:17:07 +02:00
parent 5be81a8c23
commit 925165c29d
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
protected/humhub/compat/HForm.php
View File

@ -167,7 +167,8 @@ class HForm extends \yii\base\Component
{
$output = "";
foreach ($buttons as $buttonName => $definition) {
if ($definition['type'] == 'submit') {
$definition['isVisible'] = isset($definition['isVisible']) ? $definition['isVisible'] : true;
if ($definition['type'] == 'submit' && $definition['isVisible']) {
$output .= \yii\helpers\Html::submitButton($definition['label'], ['name' => $buttonName, 'class' => $definition['class'], 'data-ui-loader' => '']);
$output .= " ";
}

9
protected/humhub/modules/admin/controllers/UserController.php
View File

@ -138,6 +138,7 @@ class UserController extends Controller
'type' => 'submit',
'label' => Yii::t('AdminModule.controllers_UserController', 'Become this user'),
'class' => 'btn btn-danger',
'isVisible' => $this->canBecomeUser($user)
),
'delete' => array(
'type' => 'submit',
@ -158,7 +159,7 @@ class UserController extends Controller
}
// This feature is used primary for testing, maybe remove this in future
if ($form->submitted('become')) {
if ($form->submitted('become') && $this->canBecomeUser($user)) {
Yii::$app->user->switchIdentity($form->models['User']);
return $this->redirect(Url::toRoute("/"));
@ -170,6 +171,12 @@ class UserController extends Controller
return $this->render('edit', array('hForm' => $form, 'user' => $user));
}
public function canBecomeUser($user) {
return Yii::$app->user->isAdmin()
&& $user->id != Yii::$app->user->getIdentity()->id
&& !$user->isSystemAdmin();
}
public function actionAdd()
{